Installing and configuring VNC on Debian 10 is covered in this tutorial.
Introduction to VNC
It is also known as Virtual Network Computing (VNC), and it is a connection technology that enables you to use your keyboard and mouse to communicate with a graphical desktop environment running on a computer. There is no need to learn how to use the command line to manage files and applications on a remote server.
In this tutorial, you’ll learn how to set up a VNC server on a Debian 10 server and use an SSH tunnel to access to it safely. Fast and lightweight remote control software TightVNC will be used. Our VNC connection will be more reliable and fluid as a result of this decision, even on slower internet connections.
Prerequisites
In order to finish this lesson, you’ll need:
- A non-root user with sudo access and a firewall are both installed on a Debian 10 server that was set up using the Debian 10 initial server setup instructions.
- An SSH-enabled VNC client installed on a local computer that may be used to connect to remote hosts.
- It’s possible to connect to a remote computer with TightVNC, RealVNC, or UltraVNC while using Windows.
- It’s possible to utilize a cross-platform tool like RealVNC on macOS to share screen content.
- Vinagre, Krdc, RealVNC, and TightVNC are just a few of the numerous alternatives available to you on Linux.
Step 1 – Installing the Desktop Environment and the VNC Server is the first step.
For the time being, we’ll start by installing the necessary components that aren’t pre-installed on the Debian 10 server. We will install the most recent versions of the Xfce desktop environment and the TightVNC package from the Debian repository’s official distribution.
Your server’s list of packages should be updated:
sudo apt update
Now, set up the Xfce desktop environment on your server by following these instructions:
sudo apt install xfce4 xfce4-goodies
If you don’t already know what layout you want, you can choose it throughout the installation process. Press Enter to choose the one that is suited for your language. The installation will go on as scheduled.
The TightVNC server can be installed when the installation is complete:
sudo apt install tightvncserver
You’ll need to use the vncserver command to build the basic configuration files and set up a strong password after installing the VNC server.
vncserver
If you want to access your computer remotely, you’ll need to enter and provide a password:
To get access to your computers, you will need to provide a password.
Password:
Verify:
The password must be at least six characters long. There will be an automated restriction of long passwords.
Creating a view-only password is possible once the password has been verified. It is not possible to control VNC using the mouse or keyboard of users who have a view-only password. If you wish to show anything to others through your VNC server, you can use this feature, although it isn’t essential
After that, the server’s default configuration files and connection information are generated by the procedure.
Would you like to enter a view-only password (y/n)? n xauth: file /home/tommy/.Xauthority does not exist New 'X' desktop is your_hostname:1 Creating default startup script /home/tommy/.vnc/xstartup Starting applications specified in /home/tommy/.vnc/xstartup Log file is /home/tommy/.vnc/your_hostname:1.log
Let’s get started with configuring the VNC server.
Step 2 – Next, we’ll set up the VNC server.
When the VNC server first starts up, it needs to know which instructions to run in order to function properly. VNC, in particular, needs to know which graphical desktop to connect to.
The xstartup file in your home directory’s.vnc folder contains these instructions. The vncserver command produced the starting script, but we’ll make our own to start the Xfce desktop.
In the initial setup of VNC, a server instance is launched on port 5901. VNC uses the following identifiers to designate this port:1. VNC may run many instances on different display ports, such as:2,:3, and so on..
Stop the VNC server on port 5901 using the following command before making any changes to the server configuration:
vncserver -kill :1
However, you’ll notice a different PID in the output:
Killing Xtightvnc process ID 17648
Back up the original file before making any changes to it:
mv ~/.vnc/xstartup ~/.vnc/xstartup.bak
Create a new xstartup file and open it with a text editor like Notepad:
nano ~/.vnc/xstartup
When you start or restart the VNC server, the commands in this file are automatically performed. If our desktop environment isn’t currently running, we’ll need VNC to get it up and running. Add the following commands to the file:
~/.vnc/xstartup
#!/bin/bash xrdb $HOME/.Xresources startxfce4 &
When VNC’s GUI framework reads the user’s resources file, the first command is xrdb $HOME/.Xresources. In Xresources, users can customize the graphical desktop’s appearance by altering things like the terminal’s color scheme, the cursor theme, and the font rendering. You can find all the graphical software you need to operate your server in Xfce, which is launched by the second command.
We must make this new startup file executable in order for it to be used by the VNC server.
sudo chmod +x ~/.vnc/xstartup
Restart the VNC server at this time.
vncserver
You’ll get something like this as a result:
Output
New ‘X’ desktop is your_hostname:1
Starting applications specified in /home/tommy/.vnc/xstartup
Log file is /home/tommy/.vnc/your_hostname:1.log
Once everything is set up, let’s attempt to establish a connection to the server using a local PC.
Step 3 In this step, you’ll securely connect to the VNC desktop.
When establishing a connection, VNC does not use any secure methods. To establish a safe connection to our server, we’ll create an SSH tunnel and instruct our VNC client to make use of that tunnel instead of a direct connection.
Set up a secure SSH connection between your local computer and the VNC server. Using the command line on Linux or macOS, you may accomplish this:
ssh -L 5901:127.0.0.1:5901 -C -N -l tommy your_server_ip
You can easily set up your desktop by using the default configuration.
Using the file manager or the command line, you may access files in your home directory.
Press CTRL+C in your terminal to exit the SSH tunnel and return to the prompt on your local system. In addition, your VNC session will be terminated.
After that, we’ll create a service for the VNC server.
Step 4 – Next, you’ll need to set up VNC as a system service.
In the next step, we’ll create a systemd service for the VNC server, which will allow us to manage the server like any other service. The restart of your server will not affect this.
To begin, open a text editor and create a new file named /etc/systemd/system/[email protected]:
sudo nano /etc/systemd/system/[email protected]
A parameter can be passed in by using the @ symbol at the end of the name in the service configuration. When we administer the service, we’ll utilize this to identify the VNC display port we’d want to use.
The following lines should be added to the document. User, Group, WorkingDirectory, and PIDFILE’s username should all be changed to reflect your actual username.
/etc/systemd/system/[email protected]
[Unit] Description=Start TightVNC server at startup After=syslog.target network.target [Service] Type=forking User=tommy Group=tommy WorkingDirectory=/home/tommy PIDFile=/home/tommy/.vnc/%H:%i.pid ExecStartPre=-/usr/bin/vncserver -kill :%i > /dev/null 2>&1 ExecStart=/usr/bin/vncserver -depth 24 -geometry 1280x800 :%i ExecStop=/usr/bin/vncserver -kill :%i [Install] WantedBy=multi-user.target
In the event that VNC is already operating, the ExecStartPre command puts a halt to it. Using the ExecStart command, VNC is started and the resolution is configured to 1280×800 with a 24-bit color depth. These starting choices can also be customized to suit your requirements.
Close and save the document.
The next step is to notify the system of the new unit file’s existence.
sudo systemctl daemon-reload
On your computer, open the unit file and choose “Enable”.
sudo systemctl enable [email protected]
Using the @ symbol, the service will appear on display number 1 as mentioned in Step 2..
The VNC server should be stopped if it is still functioning.
vncserver -kill :1
Then, just like any other systemd service, start it.
sudo systemctl start vncserver@1
The following command can be used to confirm that it was started:
sudo systemctl status vncserver@1
If everything went according to plan, you should see something like this:
Output ● [email protected] - Start TightVNC server at startup Loaded: loaded (/etc/systemd/system/[email protected]; enabled; vendor preset: enabled) Active: active (running) since Thu 2019-10-10 17:56:17 UTC; 5s ago Process: 935 ExecStartPre=/usr/bin/vncserver -kill :1 > /dev/null 2>&1 (code=exited, status=2) Process: 940 ExecStart=/usr/bin/vncserver -depth 24 -geometry 1280x800 :1 (code=exited, status=0/SUCCESS) Main PID: 948 (Xtightvnc) . . .
When you reboot your computer, your VNC server will be accessible.
It’s time to restart your SSH tunnel.
ssh -L 5901:127.0.0.1:5901 -C -N -l tommy your_server_ip
Make a new connection to localhost:5901 using your VNC client program to access your computer.
Conclusion
As a result of this, you now have a secure VNC server operating on your Debian 10 server. In addition to managing your files, software, and settings using an easy-to-use and familiar graphical interface, you will be able to operate graphical applications, such as web browsers, from a distant location as well.