💎 Earn 45%—Join Hostman Affiliate Program!
SupportContact Sales
English
Solutions
Community
Sign In
Sign In

How to Install and Configure SSH on an Ubuntu Server

How to Install and Configure SSH on an Ubuntu Server
Hostman Team
Technical writer
Ubuntu
24.11.2023
Reading time: 10 min
Share

Secure Shell (SSH) is a network protocol for secure client-server communication. Each interaction is encrypted. It allows you to securely manage the server, transfer files, and perform other tasks. 

For example, you have ordered a cloud server on Hostman and want to manage it from your laptop. To do this, you only need to set up SSH access. Through a secure connection, you will be able to perform all necessary administration actions.

For successful configuration, you need to: 

  1. Install the SSH server components on your server. The openssh-server package will cover that.

  2. Have the SSH client on your local machine from which you will connect to the remote host. 

    For this purpose, the openssh-client package is usually used. It's pre-installed in most Linux and BSD distributions and also in the latest Windows versions. On older versions of Windows, you'll need to install additional utilities. One of the most popular solutions is PuTTY.

Enabling SSH

By default, remote access via a secure network protocol is forbidden. However, installing SSH in Ubuntu is very easy.

Start the console of the server where you need to configure SSH. 

Update the package manager:

sudo apt update

Install the software:

sudo apt install openssh-server

Both operations require superuser rights, which you get with sudo.

On Ubuntu, the OpenSSH starts automatically after installation but you can check its status using the command:

sudo systemctl status ssh

The output should indicate that the service is running and allowed to start on system boot: 

ssh.service - OpenBSD Secure Shell server
    Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
    Active: active (running) since Mon 2022-03-21 12:34:00 CEST; 1m ago

This means that the installation was successful. To return to the command prompt, press the q key.

If the service is not active, start it manually with the command:

sudo systemctl enable --now ssh

Ubuntu comes with a firewall configuration tool called UFW. If you have a firewall enabled on your system, be sure to open the SSH port:

sudo ufw allow ssh

Now you can connect to your Ubuntu system via SSH from any remote computer.

-

Creating an SSH key pair

To make the connection even more secure and authentication more convenient, use an SSH key pair: a public and a private SSH keys. The public key is stored on the host, and the private key is stored on the user's computer.

Let's see how to create keys in different operating systems. Let's start with Ubuntu.

To generate a new 2048-bit RSA key pair, open a terminal and run the command below:

ssh-keygen -t rsa

A prompt will appear asking you where to save the keys. If you press Enter, the system will save the key pair in the default .ssh subdirectory of the home folder. You can also specify an alternate path where you want to save the key pair. However, it is recommended to use the default directory. It makes further management much easier.

If you have already created a key pair on the client computer, the system will prompt you to overwrite it. The choice is entirely up to you, but be careful. If you choose to overwrite it, you will not be able to use the previous key pair to log in to the server. It will be deleted. Fixing the conflict is easy; just specify a unique name for each new pair. The storage folder can remain the same.

You will also be prompted to enter a passphrase to add an extra layer of security that prevents unauthorized users from accessing the host. Press Enter if you do not want to use it.

To verify that the keys have been created, run the command:

ls -l ~/.ssh/id_*.pub. 

The terminal will display a list of keys.

Similarly, you can generate a pair on macOS or newer Windows versions.

If you're using an older Windows OS, you'll need to download the PuTTY utility suite. It contains the PuTTYgen application. To create an SSH key pair, all you need to do is run the PuTTYgen and swipe with your mouse. You can also select a folder to store the keys and add a passphrase for maximum protection.

Adding the SSH key to the server

The private key is stored on the computer. You should never transfer it to anyone. But you need to transmit the public part to the server.

If you have password access to the host, you can transfer the public key using ssh-copy-id. Example command:

ssh-copy-id hostman@123.456.78.99 

Instead of hostman enter your username, instead of 123.456.78.99 enter the server IP address. Enter the password when prompted, and after which the public key will be transferred to the host.

To connect to the server using the SSH keys, run the command:

ssh hostman@123.456.78.99

Instead of hostman enter your username, instead of 123.456.78.99 enter the server IP address. If you have not set a passphrase, you will log in without further authentication. The security system will check the public and private parts of the key and establish a connection if they match. 

Did you know?

Teams looking to reduce DevOps costs often migrate to managed Kubernetes instead of self-hosted clusters.

Configuring SSH

You can configure your Ubuntu Server through the /etc/ssh/sshd_config file. Before making changes to it, make a backup copy. It will keep you from wasting time on reinstallation if you suddenly make a mistake.

To make a copy, run the command:

sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.factory-defaults

The /etc/ssh/sshd_config.factory-defaults will store the default settings. You will be editing the /etc/ssh/sshd_config file.

Disabling password authentication

SSH password authentication on the Ubuntu Server isn't bad. But if you create long, complex passwords, you can be tempted to store them insecurely. Using encryption keys to authenticate the connection is a more secure alternative. In this case, the password may be unnecessary and you can disable it.

Before proceeding, keep the following in mind:

Disabling password authentication increases the likelihood of being locked out of your server. You can be locked out if you lose your private key or break the ~/.authorized_keys file .

If you are locked out, you can no longer access any application files.

You should only disable password authentication if you are very familiar with the key authentication mechanism and understand the potential consequences of losing access to your server.

To disable password authentication, connect to the server as root and edit the sshd_config file. Change the PasswordAuthentication parameter value to No instead of Yes

Then restart the SSH service by running the following command:

sudo systemctl restart sshd

After that, you will no longer be able to use passwords for authentication. You will only be able to connect using Linux SSH keys.

Disabling root access

To improve security on your remote Ubuntu system, consider disabling root user login via SSH.

To do this, edit the configuration file:

sudo vi /etc/ssh/sshd_config

Change the PermitRootLogin value to No.

Another option is allowing the root user to log in using any authentication mechanism other than a password. To do this, set the PermitRootLogin parameter to prohibit-password.

This configuration lets you log in as the root user with a private key. The main thing is to ensure that you have copied the public key to the system before restarting the SSH service.

To apply the updated configuration, restart the service:

sudo systemctl restart sshd

Changing the default port

By default, the SSH server uses port 22. To increase security, you can set it to any other value. We recommend using ports from the upper range, from 50000 to 65000. It is also preferable to pick numbers in which all digits are different, for example, 56713.

Open the configuration file:

sudo vi /etc/ssh/sshd_config

Uncomment the line Port 22. Instead of 22, specify another number, for example, Port 56713. Save the changes and close the file.

To apply the configuration, restart the service:

sudo systemctl restart sshd

After a successful restart, verify that the connection is now on a different port:

ssh -p 56713 user@server_ip

Remember to restart the service after each change. Otherwise, SSH connections will follow the old rules.

Configuring tunneling

Tunneling is a method of transmitting unencrypted traffic or data over an encrypted channel. In addition to file transfers, tunneling can also be used to access internal network services through firewalls and to create a VPN.

There are three types of tunneling (forwarding):

  • Local,

  • remote,

  • dynamic.

To configure some of them, you will need to edit the SSH configuration file.

Local forwarding

It is a port forwarding from a client computer to a remote computer. The connection is then redirected to another port on the target computer.

The SSH client checks for a connection on the given port. When it receives a connection request, it tunnels it with the specified port on the remote host. The host then connects to another target computer through the configured port.

Mostly, local forwarding is used to connect externally to a service from an internal network. For example, this is how you can configure access to a database. It is also used for remote file sharing.

The -L argument is used for local forwarding. For example:

ssh hostman@server.example -L 8080:server1.example:3000 

Now open a browser on the local computer. You can use localhost:8080 to access the remote application instead of accessing it using the address server.example:3000.

Did you know?

Hostman offers low priced tariffs for Linux VPS! Check it yourself and start deploying now!

Remote redirection

Remote redirection allows you to connect to a local computer from a remote computer. SSH does not support remote port forwarding by default. Therefore, you need to enable it in the SSH configuration file. It will require some additional configuration of the Ubuntu server. 

Open the configuration file:

sudo vi /etc/ssh/sshd_config 

Set the GatewayPorts parameter to Yes.

Save the changes and restart the service:

sudo systemctl restart sshd

Use the -R argument to configure forwarding. Example command:

ssh -R 8080:127.0.0.0.1:3000 -N -f user@remote.host 

After running this command, the host will listen on port 8080 and redirect all traffic to port 3000, which is open on the local computer.

Remote redirection is mainly used to give someone from outside access to an internal service.

Dynamic forwarding

Local and remote forwarding methods allow you to tunnel and communicate with a single port. With dynamic forwarding, you can tunnel and communicate with multiple ports.

Dynamic tunneling creates a socket on the local computer. It works like a SOCKS proxy server. Basically, your local computer is used as a SOCKS proxy server and listens on port 1080 by default. When the host connects to this port, it is redirected to the remote machine and then to the dynamic machine through the dynamic port.

The -D argument is used to configure dynamic tunneling. Example command:

ssh -D 9090 -N -f user@remote.host

Once you have set up tunneling, you can configure your application to use it. For example, to add a proxy to the browser. You'll need to configure redirection separately for each application you want to tunnel traffic for.

Disabling SSH

To disable the Open SSH server, stop the SSH service by running the command:

sudo systemctl disable --now ssh

To start the service back up, run the command:

sudo systemctl enable --now ssh

The enable command in Ubuntu does not reinstall the software, so you don't have to reconfigure anything. It simply starts up the previously installed and configured service.

Conclusion

In this article, we have covered the basics of using SSH on an Ubuntu machine. Now you know how to install the necessary software to set up a secure connection, configure it, route the tunnel, and even disable the service when it is not in use.

Connecting via SSH in Ubuntu is a common task, so you'll definitely need this knowledge. If not in development and administration, then for personal purposes, such as establishing a secure connection between devices in a local network.

Don't forget to check our low-latency USA VPS or a reliable Amsterdam VPS if you're targeting users in Western Europe.

Ubuntu
24.11.2023
Reading time: 10 min
Share

Similar

Ubuntu

Installing and Configuring Zabbix on Ubuntu 22.04

Zabbix is a popular open-source tool designed for monitoring servers, networks, services, cloud resources, and business metrics. It consists of several components, including: Zabbix Server: The core component responsible for data storage and network service management. Zabbix Agent: A background utility (daemon) that monitors and collects statistics on resources like RAM, CPU, and application metrics. It supports both active (agent requests data) and passive (agent waits for server requests) modes. Zabbix Proxy: An optional component that distributes the load on the Zabbix server. Web Interface: A web panel for tracking system metrics and configuring both Zabbix and monitored components. In this tutorial, we'll install Zabbix 6 on Ubuntu 22.04 and connect and configure one agent. Prerequisites You will need: Two cloud servers or virtual machines running Ubuntu 22.04: one for the Zabbix server and one for the Zabbix agent. A pre-installed MySQL/MariaDB or PostgreSQL database on the host for the Zabbix server. This tutorial uses PostgreSQL. Installing the Zabbix Server All steps should be performed as root or a sudo user. Add the official Zabbix repository: wget https://repo.zabbix.com/zabbix/6.0/ubuntu/pool/main/z/zabbix-release/zabbix-release_6.0-4+ubuntu22.04_all.deb Install the downloaded package: dpkg -i zabbix-release_6.0-4+ubuntu22.04_all.deb Install Zabbix server and dependencies: apt update && apt -y install zabbix-server-pgsql zabbix-frontend-php php8.1-pgsql zabbix-nginx-conf zabbix-sql-scripts zabbix-agent Create a PostgreSQL user and database for Zabbix: sudo -u postgres createuser --pwprompt zabbixsudo -u postgres createdb -O zabbix zabbix Import the Zabbix database schema: zcat /usr/share/zabbix-sql-scripts/postgresql/server.sql.gz | sudo -u zabbix psql zabbix Edit the Zabbix server configuration: nano /etc/zabbix/zabbix_server.conf Find the DBPassword parameter and set the database password. Edit the Nginx configuration for Zabbix: nano /etc/zabbix/nginx.conf Uncomment and set the listen and server_name parameters. Restart and enable services: systemctl restart zabbix-server zabbix-agent nginx php8.1-fpmsystemctl enable zabbix-server zabbix-agent nginx php8.1-fpm Verify the Zabbix server status: systemctl status zabbix-server Configuring the Zabbix Server Further configuration is done via the web interface. Navigate to the domain name and port specified in nginx.conf. Select the language. Verify system requirements. Configure database connection: Enter the database name zabbix, user zabbix, and the password. Set Zabbix server name, time zone, and theme. Review and confirm settings. After successful configuration, log in with the default credentials: Admin and zabbix. Installing the Zabbix Agent Switch to the second server for the Zabbix agent installation. Download the Zabbix repository: wget https://repo.zabbix.com/zabbix/6.0/ubuntu/pool/main/z/zabbix-release/zabbix-release_latest+ubuntu22.04_all.deb Install the downloaded package: dpkg -i zabbix-release_latest+ubuntu22.04_all.deb Install the Zabbix agent: apt update && apt -y install zabbix-agent Edit the Zabbix agent configuration: nano /etc/zabbix/zabbix_agentd.conf Set the parameters:  Server: enter the domain name or IP address of the Zabbix server. ServerActive: enter the same value as above; this parameter is responsible for the active mode, when Zabbix independently requests the necessary data. Hostname: enter the agent hostname exactly as it is specified in the system. You can use the hostname command to check. If the hostname is incorrect, the agent will not be able to connect to the Zabbix server. Restart and enable the Zabbix agent: systemctl restart zabbix-agentsystemctl enable zabbix-agent Verify the agent status: systemctl status zabbix-agent Adding the Zabbix Agent in the Zabbix Server Web Interface Navigate to Configuration > Hosts. Click on Create host. Fill in the host details: Host name: set any convenient name for the Zabbix agent to display in the Zabbix server web interface. Groups: create a new group or select an existing one. Groups are used for organizational purposes and to assign access rights to data. Templates: select a template that is used exactly like the agent installed on the server. Interfaces: Add the IP address or domain name of the Zabbix agent host. If using an IP address, you must enter it in the IP address field and select IP in the Connect to section. If using a domain name, you must enter the name in the DNS name section and select DNS in in the Connect to section. Update and verify: The agent will appear in the list and metrics will be available under Monitoring > Hosts > Graphs. Conclusion Zabbix provides comprehensive monitoring for hardware, networks, and services, making it suitable for both corporate environments and personal use. With this guide, you have set up a Zabbix virtual server and agent on Ubuntu, and you are now ready to monitor various metrics and ensure the health of your infrastructure. Frequently Asked Questions (FAQ) What is the difference between Zabbix Server and Agent? Zabbix Server: The central component that gathers data, calculates triggers, and sends notifications. It also houses the web interface. Zabbix Agent: A lightweight daemon installed on the client (the machine you want to monitor). It collects local metrics (CPU, disk, RAM) and sends them back to the Server. How to install and configure Zabbix Agent on Ubuntu? Install: Run sudo apt install zabbix-agent. Configure: Edit the config file (sudo nano /etc/zabbix/zabbix_agentd.conf) and update the Server= and ServerActive= lines to point to your Zabbix Server's IP address. Start: Run sudo systemctl restart zabbix-agent and sudo systemctl enable zabbix-agent. Where is the Zabbix config file in Ubuntu?  There are two main configuration files depending on what you have installed: Server Config: /etc/zabbix/zabbix_server.conf (Configure DB passwords, caches, etc.) Agent Config: /etc/zabbix/zabbix_agentd.conf (Configure which server to send data to). What is a Zabbix Agent?  It is a small piece of software that runs on the target device. It gathers information directly from the hardware and OS (like "how much drive space is left?") and reports it to the central Zabbix Server. Without the agent, you are limited to "agentless" checks like Ping or SNMP. How much RAM does Zabbix need? For the Agent: Negligible (usually < 64MB). For the Server: It depends on the number of hosts. A small home lab (10-20 hosts) runs fine on 2GB-4GB RAM. A production environment monitoring hundreds of devices should start with 8GB-16GB to accommodate the database (MySQL/PostgreSQL) and caching requirements. How do I check if the Zabbix Agent is communicating with the Server?  On the Zabbix Server, you can use the zabbix_get utility to test the connection manually: zabbix_get -s [Client_IP] -k agent.ping If it returns 1, the connection is successful.
28 January 2026 · 6 min to read
Ubuntu

How to Install and Configure VNC on Ubuntu

Various protocols are used to organize remote access to computers and servers. For Windows, the native protocol is RDP, while for Unix/Linux, we mostly use SSH. However, there is another option: VNC. This guide will cover installing a VNC server, specifically the TightVNC implementation, on Ubuntu 22.04, and explain how to connect to the VNC server. Before that, we'd like to recommend you check the instruction on how to deploy server on Ubuntu. And if you’re looking for a reliable, high-performance, and budget-friendly solution for your workflows, Hostman has you covered with Linux VPS Hosting options, including Debian VPS, Ubuntu VPS, and VPS CentOS. What is VNC? VNC (Virtual Network Computing) is a system for remote access to computers and servers based on the RFB (Remote FrameBuffer) protocol. Using a network connection, it transmits keyboard inputs and mouse movements from one machine to another. VNC is platform-independent and a cross-platform solution. VNC consists of a server and a client: the server provides access to the device's screen, and the client displays the server's screen. We will use TightVNC, which is open-source, optimized for slow connections, and widely supported by third-party VNC client programs. VNC vs. RDP While VNC and RDP both provide remote access, there are key differences. RDP is a proprietary protocol developed by Microsoft for Windows, while VNC is cross-platform, running on Windows, Linux/Unix, and macOS. VNC is open-source and free. RDP transmits a video stream using a capture device, displaying the remote desktop after the connection is initiated. VNC, however, sends pixel data directly. RDP includes built-in encryption and authentication integration with Windows, while VNC requires additional security configuration. RDP also supports device forwarding, file transfers, and peripheral access (e.g., USB drives and printers), while VNC primarily focuses on remote desktop functionality. Prerequisites To install and configure VNC, you'll need: A VPS running Ubuntu 22.04. A VNC client program installed on any operating system, as VNC is cross-platform. Some client programs are listed in the "Connecting to the VNC Server" section. Installing TightVNC and Xfce First, we'll install the TightVNC server and the Xfce desktop environment, which is lightweight and optimized for TightVNC. The following commands should be run as the root user or a user with sudo privileges. Update the package list and install the required packages: apt update && apt -y install xfce4 xfce4-goodies tightvncserver If you are using UFW, iptables, or another firewall tool, open port 5901 for VNC connections: For UFW: ufw allow 5901 You can also temporarily disable UFW for testing: systemctl stop ufw For iptables: To allow incoming connections on port 5901: iptables -I INPUT -p tcp --dport 5901 -j ACCEPT To allow outgoing connections on port 5901: iptables -I OUTPUT -p tcp --sport 5901 -j ACCEPT Configuring the TightVNC Server Once TightVNC is installed, we need to configure it. Set the password for accessing the remote host by running the vncserver command: vncserver The password should be between 6 and 8 characters. If it's longer, TightVNC will truncate it to 8 characters. You will be prompted to set a view-only password (optional). This password allows users to view the remote screen without controlling it. To set this password, type y and provide a password. If you don't need this feature, enter n. After running vncserver, you’ll see the following output: Creating default startup script /root/.vnc/xstartupStarting applications specified in /root/.vnc/xstartupLog file is /root/.vnc/[hostname]:1.log Stop the VNC server to configure it further: vncserver -kill :1 Backup the default configuration file before editing it: cp ~/.vnc/xstartup ~/.vnc/xstartup.bak Open the configuration file in a text editor: nano /root/.vnc/xstartup Add the following line to the end of the file: startxfce4 Save the changes and exit. Restart the VNC server: vncserver Managing TightVNC with systemd We’ll create a systemd service to manage TightVNC more easily. Create a new unit file: nano /etc/systemd/system/vncserver.service Add the following content: [Unit] Description=TightVNC server After=syslog.target network.target [Service] Type=forking User=root PAMName=login PIDFile=/root/.vnc/%H:1.pid ExecStartPre=-/usr/bin/vncserver -kill :1 > /dev/null 2>&1 ExecStart=/usr/bin/vncserver ExecStop=/usr/bin/vncserver -kill :1 [Install] WantedBy=multi-user.target Reload the systemd daemon: systemctl daemon-reload Enable the service to start on boot: systemctl enable --now vncserver Check the VNC server status: systemctl status vncserver If the status shows "active (running)," the server is running successfully. Connecting to the VNC Server There are various VNC client programs, both free and paid. Examples include UltraVNC and TightVNC Viewer for Windows, Remmina for Linux, and RealVNC for macOS. For example, to connect using TightVNC Viewer on Windows: Enter the server's IP address and port in the format: IP_address::port Note: TightVNC requires :: to separate the IP and port, whereas other programs may use :. When prompted, enter the password you set earlier. Once authenticated, the remote desktop will appear. TightVNC Viewer allows saving sessions for quick connections. Click the save icon, provide a name, and save the file with a .vnc extension. You can also save the password for easier future access. For increased security, it's recommended to use SSH tunnels when connecting over VNC. Conclusion VNC is a convenient system for remote access, often used for technical support or server maintenance. This guide provides a step-by-step process for installing and configuring TightVNC on an Ubuntu server and connecting to it from a remote machine. With simple setup steps, you can have a VNC server running in no time. Especially, if you use our low-latency US based VPS. If you want to know more about Hostman server solutions, you can check the most affordable VPS Servers.  Frequently Asked Questions (FAQ) What is the best VNC server for Linux?  For most users, TigerVNC or TightVNC are the best choices. TigerVNC: Known for speed and performance. TightVNC: Highly reliable and lightweight, great for low-bandwidth connections. RealVNC: Good for enterprise features but less common for open-source home labs. How do I install and configure VNC on Ubuntu?  The general process involves three steps: Install the Desktop: Ensure you have a desktop environment (like XFCE or GNOME) installed: sudo apt install xfce4. Install VNC Server: Run sudo apt install tigervnc-standalone-server. Configure: Run vncserver to set your password and generate the initial config files, then edit ~/.vnc/xstartup to tell VNC which desktop to launch. Is VNC better than RDP?  It depends on the use case. RDP (Remote Desktop Protocol): Generally offers better performance, audio support, and a smoother experience over slower networks because it transmits semantic instructions rather than just pixels. VNC (Virtual Network Computing): Is platform-independent (works on Mac, Linux, Windows, Android equally well) and uses a simpler "pixel-based" protocol, making it easier to troubleshoot across different systems. How do I check the status of VNC server in Ubuntu?  If you are running it manually, use: vncserver -list This will show all active display numbers and their process IDs. If you set it up as a systemd service, run: sudo systemctl status vncserver@1.service (adjusting the number to match your display ID). How do I find my VNC server address?  The address is your server's IP address followed by the port number. Find your IP: ip a (e.g., 192.168.1.50). Find your Port: Add 5900 to your display number. (Display :1 = Port 5901). Address: 192.168.1.50:5901. Why is my VNC screen blank or grey? This is the most common VNC error. It means the xstartup script is missing or has the wrong permissions. Ensure the file is executable (chmod +x ~/.vnc/xstartup) and contains the correct command to start your specific desktop session (e.g., startxfce4).
27 January 2026 · 7 min to read
Ubuntu

How to Install VNC on Ubuntu

If you need to interact with a remote server through a graphical interface, you can use VNC technology.Through a network, users can connect remotely to a server using VNC (Virtual Network Computing). It employs the RFB protocol to send screen images and input data from different devices (such keyboards and mice) and runs on a client-server architecture. Ubuntu, Windows, macOS, and other operating systems are among those that VNC supports. The ability to connect several users at once is another benefit of VNC, which can be helpful for group tasks or training sessions. Choose your server now! And if you’re looking for a reliable, high-performance, and budget-friendly solution for your workflows, Hostman has you covered with Linux VPS Hosting options, including Debian VPS, Ubuntu VPS, and VPS CentOS. In this guide, we will describe how to install VNC on Ubuntu, using a Hostman cloud server with Ubuntu 22.04 as an example. Finished installation of VNC on Ubuntu Step 1: Preparing to Install VNC Before starting the installation process on both the server and the local machine, there are a few prerequisites to review.  Here is a list of what you’ll need to complete the installation: A Server Running Ubuntu 22.04. In this guide, we will use a cloud server from Hostman with minimal hardware configuration. Hostman's plan selection in admin panel A User with sudo Privileges. You should perform the installation as a regular user with administrative privileges. Select a Graphical Interface. You’ll need to choose a desktop environment that you will use to interact with the remote server after installing the system on both the server and the local machine. A Computer with a VNC Client Installed.  At the moment, the console is the sole method of communication with a rented server running Ubuntu 22.04. You must install a desktop environment and VNC on the server in order to enable remote management through a graphical interface. The desktop environments and VNC servers that are compatible with Ubuntu servers are listed below. VNC Servers: TightVNC Server. One of the most popular VNC servers for Ubuntu. It is easy to set up and offers good performance. RealVNC Server. RealVNC provides a commercial solution for remote access to servers across various Linux distributions, including Ubuntu, Debian, Fedora, Arch Linux, and others. Desktop Environments: Xfce. A lightweight and fast desktop environment, ideal for remote sessions over VNC. It uses fewer resources than heavier desktop environments, making it an excellent choice for servers and virtual machines. GNOME. The default Ubuntu desktop environment, offering a modern and user-friendly interface. It can be used with VNC but will consume more resources than Xfce. KDE Plasma. Another popular desktop environment that provides a wide range of features and a beautiful design. The choice of VNC server and desktop environment depends on the user’s specific needs and available resources. TightVNC and Xfce are excellent options for stable remote sessions on Ubuntu, as they do not require high resources. In the next step, we will describe how to install them on the server in detail. Step 2: Installing the Desktop Environment and VNC Server To install the VNC server on Ubuntu along with the desktop environment, connect to the server and log in as a regular user with administrative rights. Update the Package List  After logging into the server, run the following command to update the packages from the connected repositories: sudo apt update Install the Desktop Environment  Next, install the previously selected desktop environment. To install Xfce, enter: sudo apt install xfce4 xfce4-goodies Here, the first package provides the basic Xfce desktop environment, while the second includes additional applications and plugins for Xfce, which are optional. Install the TightVNC Server  To install TightVNC, enter: sudo apt install tightvncserver Start the VNC Server  Once the installation is complete, initialize the VNC server by typing: vncserver This command creates a new VNC session with a specific session number, such as :1 for the first session, :2 for the second, and so on. This session number corresponds to a display port (for example, port 5901 corresponds to :1). This allows multiple VNC sessions to run on the same machine, each using a different display port. This command will ask you to create a password during the initial setup, which is necessary for users to access the server's graphical user interface. Don't forget to verify your password to run VNC on Ubuntu Set the View-Only Password (Optional)  After setting the main password, you’ll be prompted to set a password for view-only mode. View-only mode allows users to view the remote desktop without making any changes, which is helpful for demonstrations or when limited access is needed. If you need to change the passwords set above, use the following command: vncpasswd Now you have a VNC session. VNC on Ubuntu is running In the next step, we will set up VNC to launch the Ubuntu server with the installed desktop environment. Step 3: Configuring the VNC Server The VNC server needs to know which desktop environment it should connect to. To set this up, we’ll need to edit a specific configuration file. Stop Active VNC Instances  Before making any configurations, stop any active VNC server instances. In this guide, we’ll stop the instance running on display port 5901. To do this, enter: vncserver -kill :1 Simple command to stop VNC running on Ubuntu Here, :1 is the session number associated with display port 5901, which we want to stop. Create a Backup of the Configuration File  Before editing, it’s a good idea to back up the original configuration file. Run: mv ~/.vnc/xstartup ~/.vnc/xstartup.bak Edit the Configuration File  Now, open the configuration file in a text editor: nano ~/.vnc/xstartup Replace the contents with the following: #!/bin/bashxrdb $HOME/.Xresourcesstartxfce4 & #!/bin/bash: This line is called a "shebang," and it specifies that the script should be executed using the Bash shell. xrdb $HOME/.Xresources: This line reads settings from the .Xresources file, where desktop preferences like colors, fonts, cursors, and keyboard options are stored. startxfce4 &: This line starts the Xfce desktop environment on the server. Make the Configuration File Executable To allow the configuration file to be executed, use: chmod +x ~/.vnc/xstartup Start the VNC Server with Localhost Restriction Now that the configuration is updated, start the VNC server with the following command: vncserver -localhost The -localhost option restricts connections to the VNC server to the local host (the server itself), preventing remote connections from other machines. You will still be able to connect from your computer, as we’ll set up an SSH tunnel between it and the server. These connections will also be treated as local by the VNC server. The VNC server configuration is now complete. Step 4: Installing the VNC Client and Connecting to the Server Now, let’s proceed with installing a VNC client. In this example, we’ll install the client on a Windows 11 computer. Several VNC clients support different operating systems. Here are a few options:  RealVNC Viewer. The official client from RealVNC, compatible with Windows, macOS, and Linux. TightVNC Viewer. A free and straightforward VNC client that supports Windows and Linux. UltraVNC. Another free VNC client for Windows with advanced remote management features. For this guide, we’ll use the free TightVNC Viewer. Download and Install TightVNC Viewer Visit the official TightVNC website, download the installer, and run it. Download VNC from official website In the installation window, click Next and accept the license agreement. Then, select the custom installation mode and disable the VNC server installation, as shown in the image below. This is what you need to install Click Next twice and complete the installation of the VNC client on your local machine. Set Up an SSH Tunnel for Secure Connection To encrypt your remote access to the VNC server, use SSH to create a secure tunnel. On your Windows 11 computer, open PowerShell and enter the following command: ssh -L 56789:localhost:5901 -C -N -l username server_IP_address Make sure that OpenSSH is installed on your local machine; if not, refer to Microsoft’s documentation to install it. This command configures an SSH tunnel that forwards the connection from your local computer to the remote server over a secure connection, making VNC believe the connection originates from the server itself. Here’s a breakdown of the flags used: -L sets up SSH port forwarding, redirecting the local computer’s port to the specified host and server port. Here, we choose port 56789 because it is not bound to any service. -C enables compression of data before transmitting over SSH. -N tells SSH not to execute any commands after establishing the connection. -l specifies the username for connecting to the server. Connect with TightVNC Viewer After creating the SSH tunnel, open the TightVNC Viewer and enter the following in the connection field: localhost:56789 You’ll be prompted to enter the password created during the initial setup of the VNC server. Once you enter the password, you’ll be connected to the VNC server, and the Xfce desktop environment should appear. Stop the SSH Tunnel To close the SSH tunnel, return to the PowerShell or command line on your local computer and press CTRL+C. You found out how to install VNC on Ubuntu Conclusion This guide has walked you through the step-by-step process of setting up VNC on Ubuntu 22.04. We used TightVNC Server as the VNC server, TightVNC Viewer as the client, and Xfce as the desktop environment for user interaction with the server. We hope that using VNC technology helps streamline your server administration, making the process easier and more efficient. We're prepared more detailed instruction on how to create server on Ubuntu if you have some trouble deploying it. Or you can use our low-latency US based VPS! Choose your server now! Frequently Asked Questions (FAQ) How to install VNC server on Ubuntu via command line?  The most common lightweight server is TightVNC. To install it, open your terminal and run: Update lists: sudo apt update Install the package: sudo apt install tightvncserver Initialize it (and set a password) by running: vncserver How do I uninstall VNC server on Ubuntu?  To remove the software and your configuration files, follow these steps: Stop the VNC session: vncserver -kill :1 Remove the package: sudo apt remove tightvncserver --purge (Optional) Delete config files: rm -rf ~/.vnc Is VNC secure?  By default, no. VNC traffic is not encrypted, meaning passwords and keystrokes can be intercepted. It is highly recommended to tunnel your VNC connection through SSH rather than opening the VNC port (5901) directly to the internet. Why do I see a gray screen when I connect?  This "gray screen of death" usually means the VNC server doesn't know which desktop environment to load. You need to edit the ~/.vnc/xstartup file and add the command for your desktop (e.g., startxfce4 & for XFCE or gnome-session & for GNOME). Which port does VNC use?  VNC uses port 5900 + Display ID. Display :1 uses port 5901. Display :2 uses port 5902. You must ensure these ports are allowed on your firewall if you are not using an SSH tunnel. What is the difference between TigerVNC, RealVNC, and TightVNC? TightVNC: Lightweight, reliable, and great for slower connections. Very popular for Linux. TigerVNC: A high-performance fork of TightVNC, often faster on modern hardware. RealVNC: Often proprietary/commercial, offers cloud connectivity but is less common for open-source self-hosting.
21 January 2026 · 10 min to read

Do you have questions,
comments, or concerns?

Our professionals are available to assist you at any moment,
whether you need help or are just unsure of where to start.
Email us
Hostman's Support