Some users rent relatively inexpensive VPS with Windows to launch the Remote Desktop service. The same can be done on Linux Without hosting your own hardware in a data center or renting a dedicated server. Others need a familiar graphical environment for testing and development, or a remote desktop with a broadband connection for working from mobile devices. There are numerous applications for the Remote FrameBuffer (RFB) protocol-based Virtual Network Computing (VNC). In this short article, we'll explain how to set it up on a virtual machine with any hypervisor.
Table of Contents:
Choosing a VNC Server
The VNC service can be built into the virtualization system, while the hypervisor will associate it with the emulated devices and no additional configuration is required. This option involves significant overhead and is not supported by all providers - even in a less resource-intensive implementation, when instead of emulating a real graphics device, a simplified abstraction (framebuffer) is passed to the virtual machine. Sometimes the VNC server is bound to a running X server, but this method is more suitable for accessing a physical machine, and on a virtual machine it creates a number of technical difficulties. It's easiest to install a VNC server with a built-in X server. It does not require the presence of physical devices (video adapter, keyboard and mouse) or their emulation using a hypervisor, and therefore is suitable for any type of VPS.
Installation and Setup
We will need a virtual machine with Ubuntu Server 18.04 LTS in its default configuration. This distribution's standard repositories include several VNC servers: , , and others. We settled on TigerVNC - the current fork of TightVNC, which is not supported by the developer. Other servers are configured in a similar way. You also need to choose a desktop environment: in our opinion, XFCE would be the best option because of the relatively low requirements for computing resources. Those who wish can install another DE or WM: it all depends on personal preferences, but the choice of software directly affects the need for RAM and computing cores.
Installing the desktop environment with all dependencies is done with the following command:
sudo apt-get install xfce4 xfce4-goodies xorg dbus-x11 x11-xserver-utilsNext, you need to install the VNC server:
sudo apt-get install tigervnc-standalone-server tigervnc-commonRunning it as root is a bad idea. Create user and group:
sudo adduser vnc 
Let's add the user to the sudo group so that he can perform administration-related tasks. If there is no such need, this step can be skipped:
sudo gpasswd -a vnc sudoThe next step is to start the VNC server with vnc user privileges to create a secure password and configuration files in the ~/.vnc/ directory. The password length can be from 6 to 8 characters (extra ones are cut off). If necessary, a view-only password is also set, ie. without keyboard and mouse access. The following commands are run as the vnc user:
su - vnc
vncserver -localhost no 
By default, the RFB protocol uses the TCP port range from 5900 to 5906 - this is the so-called. display ports, each corresponding to an X server screen. The ports are associated with screens :0 to :6. The VNC server instance we started is listening on port 5901 (screen :1). Other instances may run on other ports with screens :2, :3, etc. Stop the server before further configuration:
vncserver -kill :1The command should display something like this: “Killing Xtigervnc process ID 18105… success!”.
On startup, TigerVNC executes the ~/.vnc/xstartup script to set configuration options. Let's create our own script, after saving a backup copy of the existing one, if it exists:
mv ~/.vnc/xstartup ~/.vnc/xstartup.b
nano ~/.vnc/xstartupAn XFCE desktop environment session is started with the following xstartup script:
#!/bin/bash
unset SESSION_MANAGER
unset DBUS_SESSION_BUS_ADDRESS
xrdb $HOME/.Xresources
exec /usr/bin/startxfce4 &The xrdb command is required for the VNC system to read the .Xresources file in the home directory. There, the user can define various options for the graphical desktop: font rendering, terminal colors, cursor themes, and so on. The script needs to be made executable:
chmod 755 ~/.vnc/xstartupThis completes the VNC server setup. If you run it with the vncserver -localhost no command (as the vnc user), you can connect with the password you specified earlier and see the following picture:
Starting a service via systemd
Manually starting the VNC server is not well suited for combat use, so we will set up a system service. Commands are executed as root (using sudo). First, let's create a new unit file for our server:
sudo nano /etc/systemd/system/vncserver@.serviceThe @ character in the name allows you to pass an argument to configure the service. In our case, it specifies the VNC display port. The unit file consists of several sections:
[Unit]
Description=TigerVNC server
After=syslog.target network.target
[Service]
Type=simple
User=vnc
Group=vnc
WorkingDirectory=/home/vnc
PIDFile=/home/vnc/.vnc/%H:%i.pid
ExecStartPre=-/usr/bin/vncserver -kill :%i > /dev/null 2>&1
ExecStart=/usr/bin/vncserver -depth 24 -geometry 1280x960 :%i
ExecStop=/usr/bin/vncserver -kill :%i
[Install]
WantedBy=multi-user.targetThen you need to notify systemd about the new file and activate it:
sudo systemctl daemon-reload
sudo systemctl enable vncserver@1.serviceThe number 1 in the name specifies the screen number.
Stop the VNC server, start it as a service and check the status:
# от имени пользователя vnc
vncserver -kill :1# с привилегиями суперпользователя
sudo systemctl start vncserver@1
sudo systemctl status vncserver@1If the service is running, we should get something like this.
Desktop connection
Our configuration does not use encryption, so network packets can be intercepted by intruders. In addition, in VNC servers quite often , so there's no point in opening them up to internet access. To securely connect to your local computer, you need to tunnel your traffic into an SSH tunnel and then configure the VNC client. Windows You can use a graphical SSH client (such as PuTTY). For security, TigerVNC on the server listens only to localhost and is not directly accessible from public networks:
sudo netstat -ap |more 
В Linux, FreeBSD, OS X and other UNIX-like operating systems, a tunnel from the client computer is created using the ssh utility (sshd must be running on the VNC server):
ssh -L 5901:127.0.0.1:5901 -C -N -l vnc vnc_server_ipThe -L option binds port 5901 of the remote connection to port 5901 on localhost. The -C option enables compression, and -N tells the ssh utility not to run the remote command. The -l option specifies login for remote login.
After setting up the tunnel on the local computer, you need to start the VNC client and establish a connection to the host 127.0.0.1:5901 (localhost:5901) using the previously set password to access the VNC server. Now we can securely communicate through an encrypted tunnel with the XFCE graphical desktop environment on the VPS. In the screenshot, the top utility is running in the terminal emulator to show the virtual machine's light consumption of computing resources. Further, everything will depend on user applications.
Install and configure the VNC server in Linux This can be done on virtually any VPS. This doesn't require expensive and resource-intensive configurations with video adapter emulation or the purchase of commercial software licenses. In addition to the system service option we've discussed, there are others: starting in daemon mode (via /etc/rc.local) at system boot or on demand via inetd. The latter is useful for creating multi-user configurations. The internet superserver will launch the VNC server and connect the client to it, and the VNC server will create a new screen and initiate the session. A graphical display manager (e.g., ), and after disconnecting the client, the session will be closed and all programs working with the screen will be terminated.
Source: habr.com
