VNC is a protocol that is used to share the desktop with other users/computers over the network/Internet.In order to share a desktop, VNC server must be install and configure on the computer and VNC client must be run on the computer that will access the shared desktop.
When we install the fresh copy of Ubuntu Server, it only gives us the “Command Line” interface.
But some people prefer GUI instead and for this they install Full version of Gnome on Ubuntu Server. Actually there is a better way and that is to install VNC. VNC provides a lightweight virtual desktop than full blown version of Gnome.
To install the core components of gnome, use this command:
sudo apt-get install gnome-core
To install a virtual desktop, use this command:
sudo apt-get install vnc4server
In order to use VNC, we need to setup a password using the following command:
vncserver
To make a tweak in startup script, we need to kill the session that we just created:
vncserver -kill :1
Now open up the file that we need to edit:
cd ~
nano .vnc/xstartup
And Modify the file so it looks like this:
#!/bin/sh
# Uncomment the following two lines for normal desktop:
unset SESSION_MANAGER
#exec /etc/X11/xinit/xinitrc
gnome-session --session=gnome-classic &
[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey
vncconfig -iconic &
#x-terminal-emulator -geometry 1280x1024+10+10 -ls -title "$VNCDESKTOP Desktop" &
#x-window-manager &
Next, create the VNC Session once more:
vncserver -geometry 1024x600
Now, download VNCViewer onto our desktop computer from which we want to access the shared desktop. Connect using ServerIP/Name:1 (:1 is for the VNC server window), In my case it is tendo:1.
Enter the password that we created using the vncserver command:
We now have GUI access to our server.
After reboot the server, we will not be able to connect to the server with VNC, this is because the “vncserver -geometry 1024×600” command that we typed above is not persistent. To solve this problem, we will use an excellent script of Justin Buser.
As sudo user create the file (and directory if it doesn’t exist):
sudo mkdir -p /etc/vncserver
sudo touch /etc/vncserver/vncservers.conf
sudo nano /etc/vncserver/vncservers.conf
Add servers as needed for each user by adding something like the following to the vncservers.conf file we just created:
VNCSERVERS="1:arbab"
VNCSERVERARGS[1]="-geometry 1024x600 -depth 24"
Next, create an empty init script and make it executable:
sudo touch /etc/init.d/vncserver
sudo chmod +x /etc/init.d/vncserver
sudo nano /etc/init.d/vncserver
Add the following to /etc/init.d/vncserver:
#!/bin/bash
unset VNCSERVERARGS
VNCSERVERS=""
[ -f /etc/vncserver/vncservers.conf ] && . /etc/vncserver/vncservers.conf
prog=$"VNC server"
start() {
. /lib/lsb/init-functions
REQ_USER=$2
echo -n $"Starting $prog: "
ulimit -S -c 0 >/dev/null 2>&1
RETVAL=0
for display in ${VNCSERVERS}
do
export USER="${display##*:}"
if test -z "${REQ_USER}" -o "${REQ_USER}" == ${USER} ; then
echo -n "${display} "
unset BASH_ENV ENV
DISP="${display%%:*}"
export VNCUSERARGS="${VNCSERVERARGS[${DISP}]}"
su ${USER} -c "cd ~${USER} && [ -f .vnc/passwd ] && vncserver :${DISP} ${VNCUSERARGS}"
fi
done
}
stop() {
. /lib/lsb/init-functions
REQ_USER=$2
echo -n $"Shutting down VNCServer: "
for display in ${VNCSERVERS}
do
export USER="${display##*:}"
if test -z "${REQ_USER}" -o "${REQ_USER}" == ${USER} ; then
echo -n "${display} "
unset BASH_ENV ENV
export USER="${display##*:}"
su ${USER} -c "vncserver -kill :${display%%:*}" >/dev/null 2>&1
fi
done
echo -e "\n"
echo "VNCServer Stopped"
}
case "$1" in
start)
start $@
;;
stop)
stop $@
;;
restart|reload)
stop $@
sleep 3
start $@
;;
condrestart)
if [ -f /var/lock/subsys/vncserver ]; then
stop $@
sleep 3
start $@
fi
;;
status)
status Xvnc
;;
*)
echo $"Usage: $0 {start|stop|restart|condrestart|status}"
exit 1
esac
We’ll need to run vncserver command AT LEAST ONCE AS EACH USER that want to login as. I put that in caps because if you skip that step none of it will work.
Finally, do the following:
sudo update-rc.d vncserver defaults 99
Now, restart the service by typing:
sudo service vncserver restart
Ability to connect for multiple users:
Create a local user, using the following command:
sudo adduser hussain
Switch to the newly created user and run vncserver command for it:
su hussain
vncserver
Move to the home directory and edit the xstartup file:
cd ~
nano .vnc/xstartup
Modify the file so it looks like this:
#!/bin/sh
# Uncomment the following two lines for normal desktop:
unset SESSION_MANAGER
#exec /etc/X11/xinit/xinitrc
gnome-session --session=gnome-classic &
[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey
vncconfig -iconic &
#x-terminal-emulator -geometry 1280x1024+10+10 -ls -title "$VNCDESKTOP Desktop" &
#x-window-manager &
Now open up the /etc/vncserver/vncservers.conf file as sudo user:
sudo nano /etc/vncserver/vncservers.conf
Add servers for newly created user by adding something like this:
VNCSERVERS="1:arbab 2:hussain"
VNCSERVERARGS[1]="-geometry 1024x600 -depth 24"
VNCSERVERARGS[2]="-geometry 1024x600 -depth 24"
Restart the service:
sudo service vncserver restart
Connect with newly created user using tendo:2, Where tendo is my server name:
Enter the password that we created using the vncserver command:
We now have GUI access to our server for newly created user.
Preventing Gnome to start on boot on the server:
Gnome is automatically started on boot in Ubuntu 12.04 LTS, if we connect a monitor to our server we will see that GUI sitting there waiting for us to log in.
To prevent it, edit the gdm.conf file:
sudo nano /etc/init/gdm.conf
Comment these six lines:
#start on ((filesystem
# and runlevel [!06]
# and started dbus
# and (drm-device-added card0 PRIMARY_DEVICE_FOR_DISPLAY=1
# or stopped udev-fallback-graphics))
# or runlevel PREVLEVEL=S)
Reboot the server and that GUI log-in screen will no longer appear:
VNC encrypted through the ssh tunnel:
By default, VNC is not secure protocol.VNC uses encryption during initial connection and login (passwords are not sent in plain-text). Once, we connected then all the VNC data is unencrypted and hacker could sniff our VNC session. It is better (safer) to start VNC server only on 127.0.0.1(localhost) and tunnel it over secure SSH tunnel (For this,there are options in Putty).
On Ubuntu, edit /etc/vncserver/vncservers.conf:
sudo nano /etc/vncserver/vncservers.conf
Add the option “-localhost“:
VNCSERVERS="1:arbab 2:hussain"
VNCSERVERARGS[1]="-geometry 1024x600 -depth 24 -localhost"
VNCSERVERARGS[2]="-geometry 1024x600 -depth 24 -localhost"
Restart the service:
sudo service vncserver restart
Here is visual, how to connect to VNC Server through PuTTY(SSH) from Windows Machine.
Run PuTTY,enter the IP address or hostname of the VNC Server:
On the left-hand panel, Go to Connection -> SSH -> Tunnels:
Source Port:590x(Where x is a value that we set in vncservers.conf,like 1 for arbab)
Destination:localhost:590x(Same x value that we used above in source port)
Click Open button in order to connect to the Server via SSH:
Login to the Ubuntu (VNC Server) with username and password:
Upon successful connection to VNC Server, we’ll find port 5901 is in listening mode on localhost:
netstat -a
Run VNC Viewer and enter the localhost:1(:1 is for arbab user, that we defined in vncservers file):
Enter the password, in order to connect to the VNC Server:
Now, we are connected to remote VNC Server through ssh tunnel:
Hope this will help you!
Please Remember me in your prayers!
Enjoy 🙂
Lazy Geek -:) 