I’ve had this request a number of times lately — so I thought it was time to write up an easy how-to on setting up a VNC server on your Linux box.
I recently had to set up five CentOS-based Linux servers for a client. Said client had to have remote access to the machines, and the easiest solution was to set up VNC servers on each machine. Believe it or not, the process is much easier than you might expect. Once you’ve completed the process, you’ll be able to easily access your server with the help of a VNC viewing tool, like vncviewer. Let’s break this down into steps.
I’ll demonstrate this process as if you were setting the server up on a CentOS package (which could then easily be translated to any rpm-based distribution). Anyone using, say, a Debian-based platform would only have to make minor adjustments.
NOTE: Every step in this tutorial will be done via the command line.
NOTE: We will be setting up unencrypted VNC. If you need a more secure VNC setup, we’ll discuss that in a later entry.
Step 1: Installing required packages
There are a just a couple of packages to be dealt with. Those packages can be installed with a single command. Before you run the command, you must first “su” to root. This is done by entering the command su and then typing your root user password. Once you have root access, run the command:
yum install vnc vnc-server
Once the above command completes, you are ready to begin the configuration.
Step 2: Configure the users
I will assume you already have either the users that will be allowed to VNC into the machine, or you only have one user that will be gaining access to the machine. Either way, the users will already have accounts on the server and will have logged in to confirm their passwords/accounts.
For each user that needs to gain access to the VNC server, you must set a VNC password for them. Let’s say you’ve set up a user account called vncuser and intend on logging in with only that user. To set the VNC password for the user, you must first su to that user account. Issue the command:
Now issue the command:
You will then be prompted to enter (and confirm) the new password for the user. Once you’ve completed that action, you are done with user configuration.
Step 3: Configure VNC
Now for the important pieces.The first phase of this step is to edit the /etc/sysconfig/vncservers file. At the end of that file, enter the following:
VNCSERVERS="1:vncuser" VNCSERVERARGS="-geometry 1600x1200"
NOTE: You can set the geometry to whatever resolution you require.
In the above section, you can set up multiple users for connection. Say you had three users that needed access using different resolutions. To accomplish this, you could enter something like:
VNCSERVERS="1:vncuser1 2:vncuser2 3:vncuser3"
VNCSERVERARGS="-geometry 800x600"VNCSERVERARGS="-geometry 1600x1200"
Step 4: Check VNC server startup
Before you go any further, make sure the VNC server will start and stop cleanly. As the root user, issue the commands:
- service vncserver start
- service vncserver stop
If the VNC server started and stopped cleanly, set VNC up to start at boot with the command:
chkconfig vncserver on
Step 5: Create xstartup scripts
You now need to go into each user that will be logging in with VNC and editing their ~/.vnc/xstartup script. Within that script, you should find the following:
# Uncomment the following two lines for normal desktop:
# unset SESSION_MANAGER
# exec /etc/X11/xinit/xinitrc
[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey
vncconfig -iconic &
xterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &twm &
Uncomment the following two lines (remove the “#” characters):
- unset SESSION_MANAGER
- exec /etc/X11/xinit/xinitrc
Save that file and you’re ready to move on.
Step 6: Edit iptables
In order for the VNC connections to get through, you must allow them with iptables. To do this, open up the file /etc/sysconfig/iptables and add the line:
-A INPUT -m state --state NEW -m tcp -p tcp -m multiport --dports 5901:5903,6001:6003 -j ACCEPT
Save the file and restart iptables with the command:
service iptables restart
Step 7: Start the VNC server
Issue the command:
service vncserver start
And the VNC server should start up nice and cleanly.
Step 8: Test the connection
Move over to a machine that can display graphics (if your server does, you can test from there) and fire up your VNC client of choice and attempt to log in with the IP address of the server and port 5801. You can actually test this with a browser (if Java is installed on the machine). To do this, open up the browser and go to http://ADDRESS_OF_VNC_SERVER:5801. That address should open up a VNC session in your browser. If, on the off chance, it does not… try the address http://ADDRESS_OF_VNC_SERVER:1.
There you go! You should now have a working VNC server on your Linux box.
The next time we visit this topic, we’ll see up VNC with the help of ssh encryption.