How to Setup VNC Server on Ubuntu 16.10 with ssh Tunneling

November 7, 2016 | By in UBUNTU HOWTO
| Reply More

Traditional way to administer server is over ssh and command line. But sometimes you need to run some application with a GUI on a server, and since you typically don't sit next to server and even if you do, server might not have monitor and keyboard, you need some sort of remote desktop. VNC is good solution for this which is widely used and it is pretty easy to setup. Ubuntu has TightVNC in repositories and in this article we will setup multi user TightVNC server on Ubuntu Server 16.10. For GUI we will use XFCE which is more lightweight alternative to GNOME and Unity.

Setting up Tight VNC and XFCE

We assume that you have a non-root user with sudo rights configured. In my case that is user miki, and in later part of this guide I will be adding one more user for multiple user access. First we start of by installing TightVNC server and XFCE desktop environment.

sudo apt install gnome-core xfce4 firefox xfce4-goodies tightvncserver

Then we need to configure VNC server with password for login on as user miki

vncserver

It will also prompt you for view only password, you need that one if you want to have someone connect to your VNC session without control of the cursor and keyboard, only as spectator. This password must be different than your main password. If you don't plan to have spectators you can chose not to enter view only password.  After this process is completed, VNC instance will be launched on port 5901 and VNCserver will count this port as :1. If you start multiple instances of VNC you will have multiple display ports, and it will increment both number by 1, to :2 and 5902 and so on for every instance. To continue configuration, we actually need to kill all instances of VNC server. We do this by following command:

vncserver -kill :1

After this is done, configuration file for VNC server can be edited to select which desktop environment will be started upon connecting to the VNC server. The file I am talking about is called xstartup and it is found inside hidden .vnc directory in ~/ dir. Lets first backup this file

mv ~/.vnc/xstartup ~/.vnc/xstartup.backup

And then create new file from clean slate

nano ~/.vnc/xstartup

In this empty file, paste this few lines:

#!/bin/bash
xrdb $HOME/.Xresources
startxfce4 &

Add excutable bit to tihs file

sudo chmod +x ~/.vnc/xstartup

Next we can start the VNC server again

vncserver

Connecting to the VNC server

Next we need to connect to VNC server to see if our setup is working. We can use any VNC client, like for example Vinagre or Remote Desktop Viewer, like it is also called. First install it and start it

sudo apt install vinagre

Enter the name of your server, port 5901 and click connect. You should get prompted for your password and then you should get into XFCE

XFCE working over VNC server

You can connect to this session from unlimited number of computers, but then yo would all be controlling one mouse cursor and have same session. If some of users type the view only password (provided that you created one) they would not have control of cursor but they would still be in single session and watch one same screen.

Multiple users

It is possible to have multiple VNC sessions that don't interfere with each other. This is done by crating arbitrary number of users and each user will have his own display port and his own instance of VNC server. And in turn he will run his own instance of desktop environment, or that could be entirely separate DE. Lets start first by adding new user

sudo adduser newuser

Next we log in as that user

su newuser

And lets make a password for new user

vncserver

Other than password, this also crated new process that listens on port 5902. We need to kill this process in order to be able to edit config file.

vncserver -kill :2

And we need to actually repeat process from earlier. First backup the xstartup file

mv ~/.vnc/xstartup ~/.vnc/xstartup.backup

Then create new one from scratch

nano ~/.vnc/xstartup

Past three lines bellow

#!/bin/bash
xrdb $HOME/.Xresources
startxfce4 &

And make it executable:

sudo chmod +x ~/.vnc/xstartup

Now run vncserver to spwawn the process

vncserver :2

And you can now connect at port 5902 and have separate session.

How to setup SSH tunneling

So far we managed to make the connection directly on display ports, in our case 5901 and 5902. But what if those ports are closed, by firewall, and it is for some reason impractical to open them. There is solution in that case, we can use SSH tunneling. Port 22 or any other port that you use for SSH access on a server can be used to trick the VNC viewer that VNC server is running on localhost on port 5901 or 5902. With this command you are establishing a SSH tunnel:

ssh -L 5902:127.0.0.1:5902 newuser@192.168.122.14

Be sure to change highlighted part to your IP adress and username.

After this you can start Vinagre or Remmina and enter localhot:5902 as your address. It will think that remote desktop is on localhost and will route the traffic over ssh port to your server, as long as SSH connection is active.

Making the systemd units

This is all good when you manually set the user and the server over SSH, but you have to redo it on every server reboot. So to avoid that, lets make systemd unit file. That is new fancy name of old school startup script. We will actually need to make two for two users lets first create one

sudo nano /etc/systemd/system/vncserver@1.service

There yup put this configuration

[Unit]
Description=Start TightVNC server at startup
After=syslog.target network.target

[Service]
Type=forking
User=miki
PAMName=login
PIDFile=/home/miki/.vnc/%H:%i.pid
ExecStartPre=-/usr/bin/vncserver -kill :%i > /dev/null 2>&1
ExecStart=/usr/bin/vncserver -depth 24 -geometry 1280x800 :%i
ExecStop=/usr/bin/vncserver -kill :%i

[Install]
WantedBy=multi-user.target

Then you make another one:

sudo nano /etc/systemd/system/vncserver@2.service

And paste same stuff, just in both cases change user name for your own users. Now we need to kill old processes if they are still running and reload the unit files

vncserver -kill :2
vncserver -kill :1

sudo systemctl daemon-reload

And start using unit files

sudo systemctl start vncserver@1

sudo systemctl start vncserver@2

 

And if you want vnc server on every boot you do one more time same as above just enable instead of start.

Conclusion

We have set up a VNC server with two users on Ubuntu 16.10. From here you can easily add users and chose another desktop environment. VNC is very good software to use for collaboration over the internet or for presenting something to group of people, if you give them spectator passwords. With this we wrap up this article, have a nice day and thank you for reading.

Filed Under : GUI, UBUNTU HOWTO

Tagged With : , ,

Free Linux Ebook to Download

Leave a Reply

Commenting Policy:
Promotion of your products ? Comment gets deleted.
All comments are subject to moderation.