Virtual Network Computing, or VNC, is a connection system that allows you to use your keyboard and mouse to interact with a graphical desktop environment on a remote server. It makes managing files, software, and settings on a remote server easier for users who are not yet comfortable with the command line.
In this quickstart guide, you’ll set up a VNC server with TightVNC on an Ubuntu 20.04 server and connect to it securely through an SSH tunnel. Then, you’ll use a VNC client program on your local machine to interact with your server through a graphical desktop environment.
To complete this tutorial, you’ll need:
- One Ubuntu 20.04 server with a non-root administrative user and a firewall configured with UFW. To set this up, follow our initial server setup guide for Ubuntu 20.04.
- A local computer with a VNC client installed. The VNC client you use must support connections over SSH tunnels:
- On Windows, you can use TightVNC, RealVNC, or UltraVNC.
- On macOS, you can use the built-in Screen Sharing program, or can use a cross-platform app like RealVNC.
- On Linux, you can choose from many options, including
krdc, RealVNC, or TightVNC.
Step 1 — Installing the Desktop Environment and VNC Server
After connecting to your server with SSH, update your list of packages:
Then install Xfce along with the
xfce4-goodies package, which contains a few enhancements for the desktop environment:
- sudo apt install xfce4 xfce4-goodies
Once that installation completes, install the TightVNC server:
- sudo apt install tightvncserver
Next, run the
vncpasswd command to set a VNC access password and create the initial configuration files:
You’ll be prompted to enter and verify a password to access your machine remotely:
OutputYou will require a password to access your desktops. Password: Verify:
The password must be between six and eight characters long; passwords more than 8 characters will be truncated automatically. Once you verify the password you’ll have the option to create a view-only password, but this isn’t required.
If you ever want to change your password or add a view-only password, re-run the
Step 2 — Configuring the VNC Server
The commands that the VNC server runs at startup are located in a configuration file called
xstartup in the
.vnc folder under your home directory. In this step, we’ll create a custom
xstartup script which will tell the VNC server to connect to the Xfce desktop.
Create a new
xstartup file and open it in a text editor, such as
Add the following lines to the new file:
#!/bin/bash xrdb $HOME/.Xresources startxfce4 &
Following the shebang, the first command in the file,
xrdb $HOME/.Xresources, tells VNC’s GUI framework to read the server user’s
.Xresources file. The second command tells the server to launch Xfce.
Save and close the file after adding these lines. If you used
nano, do so by pressing
CTRL + X,
Then make the file executable:
And start the VNC server with the
This command includes the
-localhost option, which binds the VNC server to your server’s loopback interface. This will cause VNC to only allow connections that originate from the server on which it’s installed.
You’ll see output similar to this:
OutputNew 'X' desktop is your_hostname:1 Starting applications specified in /home/sammy/.vnc/xstartup Log file is /home/sammy/.vnc/your_hostname:1.log
Here, you can see that the command launches a default server instance on port
5901. This port is called a display port, and is referred to by VNC as
Step 3 — Connecting to the VNC Desktop Securely
To securely connect to your server, you’ll establish an SSH tunnel and then tell your VNC client to connect using that tunnel rather than making a direct connection.
Create an SSH connection on your local computer that securely forwards to the
localhost connection for VNC. You can do this via the terminal on Linux or macOS with the following
- ssh -L 59000:localhost:5901 -C -N -l sammy your_server_ip
The local port can be any port that isn’t already blocked by another program or process, though we use
59000 in this example. Also, make sure to change
sammy to your Ubuntu user’s username and
your_server_ip to reflect your server’s IP address.
If you are using PuTTY to connect to your server, you can create an SSH tunnel by right-clicking on the top bar of the terminal window, and then clicking the Change Settings… option:
Find the Connection branch in the tree menu on the left-hand side of the PuTTY Reconfiguration window. Expand the SSH branch and click on Tunnels. On the Options controlling SSH port forwarding screen, enter
59000 as the Source Port and
localhost:5901 as the Destination, like this:
Then click the Add button, and then the Apply button to implement the tunnel.
Once the tunnel is running, use a VNC client to connect to
localhost:59000. You’ll be prompted to authenticate using the password you set in Step 1.
Once you are connected, you’ll see the default Xfce desktop. It should look something like this:
You can access files in your home directory with the file manager or from the command line, as seen here:
CTRL+C in your local terminal to stop the SSH tunnel and return to your prompt. This will disconnect your VNC session as well.
Step 4 — Running VNC as a System Service
By setting up the VNC server to run as a systemd service you can use systemd’s management commands start, stop, and restart the server, as well as enable it to start running whenever the server boots up.
First, create a new systemd unit file called
- sudo nano /etc/systemd/system/vncserver@.service
@ symbol at the end of the name will let us pass in an argument you can use in the service configuration. You’ll use this to specify the VNC display port you want to use when you manage the service.
Add the following lines to the file, making sure to change the value of User, Group, WorkingDirectory, and the username in the value of PIDFILE to match your username:
[Unit] Description=Start TightVNC server at startup After=syslog.target network.target [Service] Type=forking User=sammy Group=sammy WorkingDirectory=/home/sammy PIDFile=/home/sammy/.vnc/%H:%i.pid ExecStartPre=-/usr/bin/vncserver -kill :%i > /dev/null 2>&1 ExecStart=/usr/bin/vncserver -depth 24 -geometry 1280x800 -localhost :%i ExecStop=/usr/bin/vncserver -kill :%i [Install] WantedBy=multi-user.target
Save and close the file.
Next, make the system aware of the new unit file:
- sudo systemctl daemon-reload
Enable the unit file:
- sudo systemctl enable firstname.lastname@example.org
1 following the
@ sign signifies which display number the service should appear over, in this case the default
:1 as was discussed in Step 2.
Stop the current instance of the VNC server if it’s still running:
Then start it as you would start any other systemd service:
- sudo systemctl start vncserver@1
You can verify that it started with this command:
- sudo systemctl status vncserver@1
See our tutorial on How To Use Systemctl to Manage Systemd Services and Units for more information on
To reconnect, start your SSH tunnel again:
- ssh -L 59000:127.0.0.1:5901 -C -N -l sammy your_server_ip
Then make a new connection using your VNC client software to
localhost:59000 to connect to your server.
You now have a secured VNC server up and running on your Ubuntu 20.04 server. Now you’ll be able to manage your files, software, and settings with a user-friendly graphical interface, and you’ll be able to run graphical software like web browsers remotely.