How to Setup and Configure a VNC Server on Linux CentOS A comprehensive tutorial explaining how to install, setup and configure a VNC Server on a CentOS 7.x machine using TigerVNC Service

How to Setup and Configure a VNC Server on Linux CentOS

In this post we’ll see how to setup and configure a VNC Server on a Linux CentOS 7.x server machine to allow remote connections from any VNC client – such as TightVNC, RealVNC and the likes. More specifically, we’ll do that using the tigervnc-server software, a free tool that allows to do just that.

Before proceeding, let’s briefly recap what VNC is about.

Introduction

The acronym VNC stands for Virtual Network Computing and is a server-client protocol that allows a client machine (running a VNC client) to connect to and control a remote computer (powered by a VNC server). The software was originally developed by the Olivetti & Oracle Research Lab in Cambridge, UK as an open-source initiative and its source code is still available, as of today,  under the GNU General Public License.

Depending on the VNC server software, the client will connect to the currently active runtime desktop (such as some “modern” softwares like Teamviewer or AnyDesk) or to a stand-alone virtual desktop, just like the Windows Remote Desktop RDP protocol: the latter behaviour is arguably more powerful and secure, especially if we need to control a server machine, because each session will be a unique environment configured with the permissions and grants of the connected user. That’s why we’re chosing TigerVNC, which works exactly like that by starting parallel sessions of the machine desktop environment (Gnome, KDE or other GUI) on the connecting client VNC desktop: this basically means that a standalone virtual desktop will be created for each separate connection – which is precisely what we want.

Installing TigerVNC

Now that we know what are we talking about, let’s see how we can setup and configure TigerVNC under our CentOS environment. The first thing to do is to install the tigervnc-server software package by opening a terminal session and issuing the following command with root privileges:

Right after that, you should create a dedicated VNC user to connect with (with a dedicated password).

To do that, type the following:

We’ll say it only once: never do that with the root user. Enabling VNC for the root user would create a serious security risk to your system that you’ll generally want to avoid.  Leaving the root user out of VNC and configuring a dedicated account with limited permissions instead – like the one in the above example – is definitely a better choice.

Once you created the vncuser and its login password, you also need set a VNC-unique password for that user. This can be done with the following command:

(the first line can be omitted if we are actually connected with vncuser beforehand).

The next thing to do is to create a VNC configuration file for the vncuser: the fastest way to do that is to copy the VNC generic template file – located in the /lib/systemd/system/ folder – and then modify it according to our need:

That “1” which we put in the new filename is the display number that will be used for that specific service instance. That’s important to know, because it will also determine the TCP port that our VNC server will be listening to, which is 5900 + the display number: the first one will be 5901, then 5902 and so on.

Right after the copy, you need to edit the new file using vi, nano or another text editor and replace the [USER] placeholder with the name of the user created a short while ago (vncuser in our scenario). Here’s how the file should look after the update (minus the long commented part at the beginning):

As soon as you do that, you can reload the VNC daemon and start the vncserver @1 with the commands below:

Before proceeding, it could be wise to check if the service is running by issuing the systemctl status command…

… and create the symlink to have it always executed on system startup using the following command:

Another check you can do before trying to connect to our server is to take a look to the active network sockets using the ss command: if everything works properly, you should see a VNC server running and listening on port TCP 5901.

Here’s the command to execute…

… And this should be the result:

If you can see this, it means that everything has been setup correctly.

Firewall configuration

Since our VNC service is listening to port TCP 5901, you need to be sure that such port is open and accessible by external clients: therefore, if you have a firewall installed, you should create an appropriate rule to allow VNC clients to connect.

How many ports to open will depend by how many instances of VNC servers you’ll going to need: in our scenario, you only made 1, therefore you only need to open the first allocated VNC port: TCP 5901, just like we said. Here’s the command to open that port on firewalld:

Needless to say, you can also restrict that port for specific groups, IP addresses, network cards or other simple or complex firewall rules: that’s entirely to you, depending on your network environment’s configuration and how much you want to be safe.

Installing a GUI

If you already have GNOME, KDE or other desktop environments installed on our system you can skip this step, otherwise you’ll need to add one: the TigerVNC server will start a parallel instance of a given desktop environment for each login session, meaning that we need to have one – otherwise it won’t work.

GNOME

If you really want the great (but heavy-weight) GNOME, type the following:

Xfce

If you want a lightweight alternative, we can suggest Xfce –  a free & open source desktop environment for Unix-like platforms which work perfectly with TigerVNC. Don’t misunderstand us here, GNOME works fine as well, but it’s quite space-and-resource-intensive: if you want to save resources on your server machine, Xfce would arguably be a better choice.

To install it, type the following:

Additional settings for Xfce

If you’ve chosen to use Xfce, you’ll also need to change the file to execute when the VNC session starts. To do that, edit the /home/<user>/.vnc/xstartup file and change the exec entry (usually line 4)from etc/X11/xinit/xinitrc to startxfce4, just like the following:

That’s about it.

Connecting with VNC Client

Now that everything has been setup properly, we can try to connect to our VNC service using a VNC client such as TightVNC, UltraVNC, RealVNC and so on and see what happens. Just remember to specify the port TCP 5901 (if you’ve followed our guide).

Troubleshooting

In case your client is unable to establish a working VNC connection, you need to checkup the following:

  • Connection issues -> Firewall configuration: if you see pop-up errors saying that the client cannot connect to the remote host, you need to check your network & firewall configuration to be sure that there aren’t blocking issues that could prevent the client from connecting to server port TCP 5901.
  • Black screen with mouse -> YUM update or GUI reinstall: if you see a black screen with the mouse pointer working, that probably means that your VNC connection is working fine but there is something that prevents Desktop Environment GUI from starting properly. The best things you can try to fix such odd behaviour are:
    • Perform a yum update to install the newest versions of TigerVNC and the GUI itself. Be sure to watch out for any issue during the install phase that could prevent them from installing/updating properly.
    • Uninstall and reinstall the GUI using yum remove / yum group remove and yum groupinstall again. If it still doesn’t work, you might want to try out a different GUI to see if the problem persists.

Conclusion

That’s about it, at least for the time being: we hope that this guide could help other System Administrators who want to connect to their servers with the VNC protocol!

 

About Ryan

IT Project Manager, Web Interface Architect and Lead Developer for many high-traffic web sites & services hosted in Italy and Europe. Since 2010 it's also a lead designer for many App and games for Android, iOS and Windows Phone mobile devices for a number of italian companies. Microsoft MVP for Development Technologies since 2018.

View all posts by Ryan

0 Comments on “How to Setup and Configure a VNC Server on Linux CentOS A comprehensive tutorial explaining how to install, setup and configure a VNC Server on a CentOS 7.x machine using TigerVNC Service

  1. Pingback: Connettersi a Ubuntu tramite Accesso Remoto: VNC, RDP, etc.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.