How to Setup VNC Server on Ubuntu 16.10 with ssh Tunneling
Traditional way to administer server is over ssh and command line. But sometimes you need to run some application with a GUI on a server, and since you typically don't sit next to server and even if you do, server might not have monitor and keyboard, you need some sort of remote desktop. VNC is good solution for this which is widely used and it is pretty easy to setup. Ubuntu has TightVNC in repositories and in this article we will setup multi user TightVNC server on Ubuntu Server 16.10. For GUI we will use XFCE which is more lightweight alternative to GNOME and Unity.
Setting up Tight VNC and XFCE
We assume that you have a non-root user with sudo rights configured. In my case that is user miki, and in later part of this guide I will be adding one more user for multiple user access. First we start of by installing TightVNC server and XFCE desktop environment.
sudo apt install gnome-core xfce4 firefox xfce4-goodies tightvncserver
Then we need to configure VNC server with password for login on as user miki
vncserver
It will also prompt you for view only password, you need that one if you want to have someone connect to your VNC session without control of the cursor and keyboard, only as spectator. This password must be different than your main password. If you don't plan to have spectators you can chose not to enter view only password. After this process is completed, VNC instance will be launched on port 5901 and VNCserver will count this port as :1. If you start multiple instances of VNC you will have multiple display ports, and it will increment both number by 1, to :2 and 5902 and so on for every instance. To continue configuration, we actually need to kill all instances of VNC server. We do this by following command:
vncserver -kill :1
After this is done, configuration file for VNC server can be edited to select which desktop environment will be started upon connecting to the VNC server. The file I am talking about is called xstartup and it is found inside hidden .vnc directory in ~/ dir. Lets first backup this file
mv ~/.vnc/xstartup ~/.vnc/xstartup.backup
And then create new file from clean slate
nano ~/.vnc/xstartup
In this empty file, paste this few lines:
#!/bin/bash
xrdb $HOME/.Xresources
startxfce4 &
Add excutable bit to tihs file
sudo chmod +x ~/.vnc/xstartup
Next we can start the VNC server again
vncserver
Connecting to the VNC server
Next we need to connect to VNC server to see if our setup is working. We can use any VNC client, like for example Vinagre or Remote Desktop Viewer, like it is also called. First install it and start it
sudo apt install vinagre
Enter the name of your server, port 5901 and click connect. You should get prompted for your password and then you should get into XFCE
You can connect to this session from unlimited number of computers, but then yo would all be controlling one mouse cursor and have same session. If some of users type the view only password (provided that you created one) they would not have control of cursor but they would still be in single session and watch one same screen.
Multiple users
It is possible to have multiple VNC sessions that don't interfere with each other. This is done by crating arbitrary number of users and each user will have his own display port and his own instance of VNC server. And in turn he will run his own instance of desktop environment, or that could be entirely separate DE. Lets start first by adding new user
sudo adduser newuser
Next we log in as that user
su newuser
And lets make a password for new user
vncserver
Other than password, this also crated new process that listens on port 5902. We need to kill this process in order to be able to edit config file.
vncserver -kill :2
And we need to actually repeat process from earlier. First backup the xstartup file
mv ~/.vnc/xstartup ~/.vnc/xstartup.backup
Then create new one from scratch
nano ~/.vnc/xstartup
Past three lines bellow
#!/bin/bash
xrdb $HOME/.Xresources
startxfce4 &
And make it executable:
sudo chmod +x ~/.vnc/xstartup
Now run vncserver to spwawn the process
vncserver :2
And you can now connect at port 5902 and have separate session.
How to setup SSH tunneling
So far we managed to make the connection directly on display ports, in our case 5901 and 5902. But what if those ports are closed, by firewall, and it is for some reason impractical to open them. There is solution in that case, we can use SSH tunneling. Port 22 or any other port that you use for SSH access on a server can be used to trick the VNC viewer that VNC server is running on localhost on port 5901 or 5902. With this command you are establishing a SSH tunnel:
ssh -L 5902:127.0.0.1:5902 newuser@192.168.122.14
Be sure to change highlighted part to your IP adress and username.
After this you can start Vinagre or Remmina and enter localhot:5902 as your address. It will think that remote desktop is on localhost and will route the traffic over ssh port to your server, as long as SSH connection is active.
Making the systemd units
This is all good when you manually set the user and the server over SSH, but you have to redo it on every server reboot. So to avoid that, lets make systemd unit file. That is new fancy name of old school startup script. We will actually need to make two for two users lets first create one
sudo nano /etc/systemd/system/vncserver@1.service
There yup put this configuration
[Unit]
Description=Start TightVNC server at startup
After=syslog.target network.target[Service]
Type=forking
User=miki
PAMName=login
PIDFile=/home/miki/.vnc/%H:%i.pid
ExecStartPre=-/usr/bin/vncserver -kill :%i > /dev/null 2>&1
ExecStart=/usr/bin/vncserver -depth 24 -geometry 1280x800 :%i
ExecStop=/usr/bin/vncserver -kill :%i[Install]
WantedBy=multi-user.target
Then you make another one:
sudo nano /etc/systemd/system/vncserver@2.service
And paste same stuff, just in both cases change user name for your own users. Now we need to kill old processes if they are still running and reload the unit files
vncserver -kill :2
vncserver -kill :1sudo systemctl daemon-reload
And start using unit files
sudo systemctl start vncserver@1
sudo systemctl start vncserver@2
And if you want vnc server on every boot you do one more time same as above just enable instead of start.
Conclusion
We have set up a VNC server with two users on Ubuntu 16.10. From here you can easily add users and chose another desktop environment. VNC is very good software to use for collaboration over the internet or for presenting something to group of people, if you give them spectator passwords. With this we wrap up this article, have a nice day and thank you for reading.
You might also like
Filed Under : GUI, UBUNTU HOWTO
Free Linux Ebook to Download
I had been using vncserver and vncviewer combination for several years with Ubuntu and other Linux distros. It wasn't until Ubuntu 16.10 came out that I first had trouble connecting to my server. For years I had been using:
[code]
# Uncomment the following two lines for normal desktop:
# unset SESSION_MANAGER
# exec /etc/X11/xinit/xinitrc
[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid black
vncconfig -iconic &
x-terminal-emulator -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
mate-session &
[/code]
But this was giving me a gray screen with no windows and no desktop session to work on. I tried several things for nearly 3days until I finally stumbled upon this page and used this for xstartup:
[code]#!/bin/bash
xrdb $HOME/.Xresources
mate-session & [/code]
And that did the trick. I don't know what changed between 16.04 and 16.10, but apparently the older xstartup code no longer works. The one specified here does. Thank you very much for putting this up.