How to Install and Configure VNC on Ubuntu

Various protocols are used to organize remote access to computers and servers. For Windows, the native protocol is RDP, while for Unix/Linux, we mostly use SSH. However, there is another option: VNC. This guide will cover installing a VNC server, specifically the TightVNC implementation, on Ubuntu 22.04, and explain how to connect to the VNC server.

What is VNC?

VNC (Virtual Network Computing) is a system for remote access to computers and servers based on the RFB (Remote FrameBuffer) protocol. Using a network connection, it transmits keyboard inputs and mouse movements from one machine to another. VNC is platform-independent and a cross-platform solution.

VNC consists of a server and a client: the server provides access to the device's screen, and the client displays the server's screen. We will use TightVNC, which is open-source, optimized for slow connections, and widely supported by third-party VNC client programs.

VNC vs. RDP

While VNC and RDP both provide remote access, there are key differences. RDP is a proprietary protocol developed by Microsoft for Windows, while VNC is cross-platform, running on Windows, Linux/Unix, and macOS. VNC is open-source and free.

RDP transmits a video stream using a capture device, displaying the remote desktop after the connection is initiated. VNC, however, sends pixel data directly. RDP includes built-in encryption and authentication integration with Windows, while VNC requires additional security configuration. RDP also supports device forwarding, file transfers, and peripheral access (e.g., USB drives and printers), while VNC primarily focuses on remote desktop functionality.

Prerequisites

To install and configure VNC, you'll need:

1. A VPS running Ubuntu 22.04.

2. A VNC client program installed on any operating system, as VNC is cross-platform. Some client programs are listed in the "Connecting to the VNC Server" section.

Installing TightVNC and Xfce

First, we'll install the TightVNC server and the Xfce desktop environment, which is lightweight and optimized for TightVNC. The following commands should be run as the root user or a user with sudo privileges.

Update the package list and install the required packages:

apt update && apt -y install xfce4 xfce4-goodies tightvncserver

If you are using UFW, iptables, or another firewall tool, open port 5901 for VNC connections:

For UFW:

ufw allow 5901

You can also temporarily disable UFW for testing:

systemctl stop ufw

For iptables:

To allow incoming connections on port 5901:

iptables -I INPUT -p tcp --dport 5901 -j ACCEPT

To allow outgoing connections on port 5901:

iptables -I OUTPUT -p tcp --sport 5901 -j ACCEPT

Configuring the TightVNC Server

Once TightVNC is installed, we need to configure it.

1. Set the password for accessing the remote host by running the vncserver command:

vncserver

The password should be between 6 and 8 characters. If it's longer, TightVNC will truncate it to 8 characters.

You will be prompted to set a view-only password (optional). This password allows users to view the remote screen without controlling it. To set this password, type y and provide a password. If you don't need this feature, enter n.

After running vncserver, you’ll see the following output:

Creating default startup script /root/.vnc/xstartup
Starting applications specified in /root/.vnc/xstartup
Log file is /root/.vnc/[hostname]:1.log

2. Stop the VNC server to configure it further:

vncserver -kill :1

3. Backup the default configuration file before editing it:

cp ~/.vnc/xstartup ~/.vnc/xstartup.bak

4. Open the configuration file in a text editor:

nano /root/.vnc/xstartup

Add the following line to the end of the file:

startxfce4

Save the changes and exit.

5. Restart the VNC server:

vncserver

Managing TightVNC with systemd

We’ll create a systemd service to manage TightVNC more easily.

Create a new unit file:

nano /etc/systemd/system/vncserver.service

Add the following content:

[Unit]
   Description=TightVNC server
   After=syslog.target network.target
[Service]
   Type=forking
   User=root
   PAMName=login
   PIDFile=/root/.vnc/%H:1.pid
   ExecStartPre=-/usr/bin/vncserver -kill :1 > /dev/null 2>&1
   ExecStart=/usr/bin/vncserver
   ExecStop=/usr/bin/vncserver -kill :1
[Install]
   WantedBy=multi-user.target

Reload the systemd daemon:

systemctl daemon-reload

Enable the service to start on boot:

systemctl enable --now vncserver

Check the VNC server status:

systemctl status vncserver

If the status shows "active (running)," the server is running successfully.

Connecting to the VNC Server

There are various VNC client programs, both free and paid. Examples include UltraVNC and TightVNC Viewer for Windows, Remmina for Linux, and RealVNC for macOS.

For example, to connect using TightVNC Viewer on Windows:

1. Enter the server's IP address and port in the format:

IP_address::port

Note: TightVNC requires :: to separate the IP and port, whereas other programs may use :.

2. When prompted, enter the password you set earlier.

3. Once authenticated, the remote desktop will appear.

TightVNC Viewer allows saving sessions for quick connections. Click the save icon, provide a name, and save the file with a .vnc extension. You can also save the password for easier future access.

For increased security, it's recommended to use SSH tunnels when connecting over VNC.

Conclusion

VNC is a convenient system for remote access, often used for technical support or server maintenance. This guide provides a step-by-step process for installing and configuring TightVNC on an Ubuntu server and connecting to it from a remote machine. With simple setup steps, you can have a VNC server running in no time.