Virtual Network Computing (VNC) is a graphical desktop sharing system that allows you to use your keyboard and mouse to remotely control another computer.

This article covers the steps to install and configure a VNC server on CentOS 8. We’ll also show you how to securely connect to the VNC server through an SSH tunnel.

Prerequisites

To follow along with this guide, you need to be logged in as a user with sudo privileges on your remote CentOS machine.

Installing Desktop Environment

Generally, servers don’t have a desktop environment installed. If the machine you want to connect to doesn’t have GUI, the first step is to install it. Otherwise, skip this step.

Run the following command to install Gnome, the default desktop environment in CentOS 8 on your remote machine:

sudo dnf groupinstall "Server with GUI"

Depending on your system, downloading and installing the Gnome packages and dependencies may take some time.

Installing VNC Server

TigerVNC is an actively maintained high-performance open-source VNC server. It is available in the default CentOS repositories, to install it type:

sudo dnf install tigervnc-server

Once the VNC server is installed, run the vncserver command to create the initial configuration and set up the password. Do not use sudo when running the following command:

vncserver

You will be prompted to enter and confirm the password and whether to set it as a view-only password. If you choose to set up a view-only password, the user will not be able to interact with the VNC instance with the mouse and the keyboard.

You will require a password to access your desktops.

Password:
Verify:
Would you like to enter a view-only password (y/n)? n
/usr/bin/xauth:  file /home/linuxize/.Xauthority does not exist

New 'server2.linuxize.com:1 (linuxize)' desktop at :1 on machine server2.linuxize.com

Starting applications specified in /etc/X11/Xvnc-session
Log file is /home/linuxize/.vnc/server2.linuxize.com:1.log 

The first time the vncserver command is run, it will create and store the password file in the ~/.vnc directory which will be created if not present.

Note the :1 after the hostname in the output above. This indicates the display port number on which the VNC server is running. In our case, the server is running on TCP port 5901 (5900+1). If you create a second instance , it will run on the next free port i.e :2, whic means that the server is running on port 5902 (5900+2).

What is important to remember is that when working with VNC servers, :X is a display port that refers to 5900+X.

Before continuing with the next step, first stop the VNC instance using the vncserver command with a -kill option and the server number as an argument. In our case, the server is running in port 5901 (:1), so to stop it, run:

vncserver -kill :1

Killing Xvnc process ID 19681 

Configuring VNC Server

Now that both Gnome and TigerVNC are installed on the remote CentOS machine, the next step is to configure TigerVNC to use Gnome. The VNC server uses the ~/.vnc/xstartup file to launch applications when creating a new desktop. Open the file:

vim ~/.vnc/xstartup

And edit it as follows:

#!/bin/sh [ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup [ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources

vncconfig -iconic & dbus-launch --exit-with-session gnome-session & 

Save and close the file. The script above is automatically executed whenever you start or restart the TigerVNC server.

If you want to pass additional options to the VNC server, open the ~/.vnc/config file and add one option per line. The most common options are listed in the file. Uncomment and modify to your liking.

Here is an example:

# securitytypes=vncauth,tlsvnc # desktop=sandbox  geometry=1920x1080  # localhost # alwaysshared

Creating a Systemd unit file

mkdir -p ~/.config/systemd/user

Copy the default vncserver unit file:

cp /usr/lib/systemd/user/vncserver@.service ~/.config/systemd/user/

Notify systemd that a new user unit file exist:

systemctl --user daemon-reload

Start the VNC service and enable it at boot:

systemctl --user enable vncserver@:1.service --now

The number 1 after @: defines the display port on which the VNC service will listen. We are using 1, which means that the VNC server will listen on port 5901 as we discussed in the previous section.

Enable lingering so that the user service starts at boot and keeps running when the user is not logged in:

loginctl enable-linger

Verify that the service is successfully started with:

systemctl --user status vncserver@:1.service

● vncserver@:1.service - Remote desktop service (VNC)
   Loaded: loaded (/home/linuxize/.config/systemd/user/vncserver@.service; enabled; vendor preset: enabled)
   Active: active (running) since Thu 2020-01-30 22:14:08 UTC; 2s ago
  Process: 20813 ExecStart=/usr/bin/vncserver :1 (code=exited, status=0/SUCCESS)
  Process: 20807 ExecStartPre=/bin/sh -c /usr/bin/vncserver -kill :1 > /dev/null 2>&1 || : (code=exited, status=0/SUCCESS)
   CGroup: /user.slice/user-1000.slice/user@1000.service/vncserver.slice/vncserver@:1.service
  ... 

Connecting to VNC server

VNC is not an encrypted protocol and can be subject to packet sniffing. The recommended approach is to create an SSH tunnel to securely forward traffic from your local machine on port 5901 to the remote server on the same port.

Set Up SSH Tunneling on Linux and macOS

If you run Linux, macOS, or any other Unix-based operating system on your machine, you can easily create a tunnel using the following ssh command:

ssh -L 5901:127.0.0.1:5901 -N -f -l username remote_server_ip

You will be prompted to enter the user password.

Do not forget to replace username and server_ip_address with your username and the IP address of your server.

Set Up SSH Tunneling on Windows

Windows users can set up SSH Tunneling using PuTTY.

Open Putty and enter your server IP Address in the Host name or IP address field.

Under the Connection menu, expand SSH and select Tunnels. Enter the VNC server port (5901) in the Source Port field, enter server_ip_address:5901 in the Destination field and click on the Add button as shown in the image below:

Go back to the Session page to save the settings so that you do not need to enter them each time. To login to the remote server, select the saved session and click on the Open button.

Connecting using Vncviewer

To connect to the remote Server, open your VNC viewer and enter localhost:5901.

You can use any VNC viewer such as TigerVNC, TightVNC, RealVNC, UltraVNC, Vinagre, and VNC Viewer for Google Chrome.

We’re using TigerVNC:

Enter the password when prompted, and you should see the default Gnome desktop. It should look something like this:

Thats’t it! You can now start working on your remote desktop from your local machine using your keyboard and mouse.

Conclusion

We’ve shown you how to setup a VNC server and connect to a remote CentOS 8 machine.

To start a display for more than one user, repeat the same steps. Create the initial configuration, set up the password using the vncserver command, and create a new service file using a different port.

Feel free to leave a comment if you have any questions.