This guide covers the steps required to install and configure a VNC server on a CentOS 7 system. We will also show you how to securely connect to a VNC server via an SSH tunnel.
Virtual Network Computing (VNC) is a graphical desktop sharing system that allows you to use a keyboard and mouse to remotely control another computer. It is an open source alternative to Microsoft’s Remote Desktop Protocol (RDP).
precondition
Before proceeding with this tutorial, make sure that you are logged in as a user with sudo privileges.
Install a desktop environment
Most servers don’t have desktop environments installed, so we’ll start by installing a lightweight desktop environment.
Xfce packages are available in the EPEL repository. If you have not enabled the EPEL repository on your server, you can do so by typing:
sudo yum install epel-release
Once the repository is added, install Xfce on CentOS with:
sudo yum groupinstall xfce
Depending on your system, it may take some time to download and install the Xfce package.
Install VNC Server
We will use TigerVNC as the preferred VNC server. TigerVNC is an actively maintained, high-performance open source VNC server.
Type the following command to install TigerVNC on your CentOS server:
yum install tigervnc-server
Now that you have installed the VNC server the next step is to run the command vncserver Which will create the initial configuration and set the password. Don’t use sudo When you run the following command:
vncserver
You will be prompted to enter and confirm a password and whether to set it as a display-only password? If you choose to set a display-only password, users will not be able to interact with instances of VNC with the mouse and keyboard.
You will require a password to access your desktops. Password: Verify: Would you like to enter a view-only password (y/n)? n /usr/bin/xauth: file /homeWAYSQUARE/.Xauthority does not exist New 'server2.linuxid.net:1 (linuxid)' desktop at :1 on machine server2.linuxid.net Starting applications specified in /etc/X11/Xvnc-session Log file is /homeWAYSQUARE/.vnc/server2.linuxid.net:1.log.
First time requests vncserver run, vncserver will create and save password file in directory ~/.vnc That will be created if it is not there.
Before proceeding with the next steps, first stop the VNC instance with the command vncserver With options -kill And the server number as arguments. In our case, the server is running on port 5901 (:1Therefore, we will stop that with:
vncserver -kill :1
Killing Xvnc process ID 2432
VNC Server Configuration
Now that Xfce and TigerVNC are installed on our server, we need to configure TigerVNC to use Xfce. To do this, create the following files:
nano ~/.vnc/xstartup
#!/bin/sh unset SESSION_MANAGER unset DBUS_SESSION_BUS_ADDRESS exec startxfce4
Save and close the file. The above command will be executed automatically every time you start or restart the TigerVNC server.
Files ~/.vnc/xstartup You also need to obtain permission to execute. Run the following command to make sure the permissions are correct:
chmod u+x ~/.vnc/xstartup
If you have to pass additional options to the VNC server, you can create a file named config And add options for each line. Here is an example:
geometry=1920x1084 dpi=96
Create a Systemd console file
We will create a systemd module file which will allow us to easily start, stop and restart the VNC service, just like any other systemd service.
Open your text editor, and copy and paste the following configuration into it. Make sure to change the username in line 7 to match your username.
sudo nano /etc/systemd/system/[email protected]
[Unit] Description=Remote desktop service (VNC) After=syslog.target network.target [Service] Type=simple User=linuxid PAMName=login PIDFile=/home/%u/.vnc/%H%i.pid ExecStartPre=/bin/sh -c '/usr/bin/vncserver -kill :%i > /dev/null 2>&1 || :' ExecStart=/usr/bin/vncserver :%i -geometry 1440x900 -alwaysshared -fg ExecStop=/usr/bin/vncserver -kill :%i [Install] WantedBy=multi-user.target
Save and close the file.
Tell systemd that we have created a new module file with the following command:
sudo systemctl daemon-reload
The next step is to activate the unit file with the following command:
sudo systemctl enable [email protected]
Prepare 1 After the mark @ Determines the port that the VNC service will run on. This means that the VNC server will listen on the port 5901As we discussed in the previous section.
Start the VNC service by running:
sudo systemctl start [email protected]
Check that the service starts successfully with:
sudo systemctl status [email protected]
● [email protected]:1.service - Remote desktop service (VNC)
Loaded: loaded (/etc/systemd/system/[email protected]:1.service; enabled; vendor preset: disabled)
Active: active (running) since Sun 2018-09-16 09:59:53 UTC; 4s ago
Process: 6391 ExecStart=/usr/sbin/runuser -l linuxid -c /usr/bin/vncserver %i (code=exited, status=0/SUCCESS)
Process: 6389 ExecStartPre=/bin/sh -c /usr/bin/vncserver -kill %i > /dev/null 2>&1 || : (code=exited, status=0/SUCCESS)
Main PID: 6413 (Xvnc)
CGroup: /system.slice/system-vncserver.slice/[email protected]:1.service
‣ 6413 /usr/bin/Xvnc :1 -auth /homeWAYSQUARE/.Xauthority -desktop server2.linuxid.net:1 (linuxid) -fp catalogue:/etc/X11/fontpath.d -geometry 1024x768 -pn -rfbauth /homeWAYSQUARE/.vnc/passwd -rfbport ...
How to connect to the VNC server
VNC is not a coded protocol and is susceptible to packet sniffing. The recommended approach is to create an SSH tunnel that safely redirects traffic from your local machine on port 5901 to the server on the same port.
How to set up an SSH tunnel on Linux and macOS
If you are running Linux, macOS, or any other Unix-based OS, you can easily create an SSH tunnel with the following command:
ssh -L 5901:127.0.0.1:5901 -N -f -l username server_ip_address
You will be asked to enter the user’s password.
Do not forget to replace username And the server_ip_address Using the username and IP address of the server.
How to set up an SSH tunnel in Windows
If you are running Windows, you can set up an SSH tunnel using the PuTTY SSH client.
Open PuTTY and enter your server’s IP address in the field Host name or IP address.
Under the menu Connection Click the icon + in a SSH And chose Tunnels. Insert the VNC Server port (5901) In the field Source Port And enter server_ip_address:5901 In the field Destination And clicking on the add button, as shown in the image below:
Back to the page Session To save the settings so that you don’t have to enter them every time. Now all you have to do is select a saved session and log into the remote server with the click of a button Open.
Connect to Linux server with Vncviewer
After setting up the SSH tunnel it is time to open Vncviewer and connect to the VNC server localhost:5901.
You can use any VNC viewer like TigerVNC, TightVNC, RealVNC, UltraVNC Vinagre, and VNC Viewer for Google Chrome.
For this example we will be using TigerVNC. Open your VNC viewer, enter localhost:5901 And click the button Connect.
Enter the user’s password when prompted and you will see the Xfce virtual desktop. It should look like this:
You can start interacting with the XFCE desktop remotely from your local machine using your keyboard and mouse.
Conclusion
Now you have a VNC server up and running and you can easily manage CentOS 7 server from your local desktop machine using an easy-to-use graphical interface.
To configure a VNC server to initiate viewing for more than one user, perform the initial configuration and set a password using the command vncserver. You will also need to create a new service file using a different port.
.