How to Install VNC Server on Rocky Linux
Virtual Network Computing (VNC) is a desktop sharing protocol that allows you to control a computer remotely using VNC client software. VNC is working on GUI (Graphical User Interface) environments, it transmits movements of your mouse and keyboard input over the network using the Remote Frame Buffer (RFB) protocol.
Commonly, VNC is used for technicians to control client desktops or used by someone that needs to access their Desktop in the office from their home. VNC can be used securely through the VPN network or using the SSH tunneling connection.
In this tutorial, you will set up the VNC Server with TigerVNC on a Rocky Linux server. You will also learn how to connect securely to the VNC Server via SSH tunneling.
To complete this tutorial, you will need a server with the following requirements:
- A fresh Rocky Linux server - You can use Rocky Linux v8.5 or v9.
- A non-root user with root or administrator privileges.
- A firewalld enabled on the server.
Installing Desktop Environment
The default Rocky Linux server installation comes without GUI. To set up VNC Server, you will need to install the Desktop Environment on your Rocky Linux server. For VNC Server, it's recommended to use the lightweight Desktop Environment, which gives you more performance and speed.
On Rocky Linux, there are multiple groups of packages that provide a Desktop Environment. For this example, you will install and configure the XFCE as the Desktop Environment for the VNC Server on the Rocky Linux system.
Before starting installing packages, run the following dnf command to upgrade installed packages to the latest version.
sudo dnf update
Now, add the EPEL repository to your Rocky Linux system via the dnf command below. Input Y to add the EPEL repository and press ENTER.
sudo dnf epel-release
Next, you will install the Desktop Environment XFCE via the group package "Xfce" provided by the Rocky Linux repository. Also, you will install the group package "base-x" which contains Xorg packages.
sudo dnf groupinstall "Xfce" "base-x"
Input Y when prompted to confirm the installation and press ENTER to proceed.
Once the XFCE desktop and base-x is installed, enable the graphical environment via the systemctl command below. This will enable the Graphical environment when the server is started.
sudo systemctl set-default graphical
Adding VNC User
For security, it's recommended to use a non-root user to run the VNC server. You should create dedicated users that will run the VNC server. If you the user need the sudo privileges, you can add your user to group "wheel" group.
Run the following command to create a new user. Then, set up the password for the user. In this example, you will create a new user "jane", and be sure to use a strong password.
sudo useradd -m -s /bin/bash jane
sudo passwd jane
After the new user is created, run the following command to add the new user to the "wheel" group. This allows the new user to execute the sudo command and get root privileges.
sudo usermod -aG wheel jane
With the XFCE Desktop Environment installed and the VNC user is created, you will next start the TigerVNC installation and configurations.
Installing TigerVNC Server
To set up a VNC server, you must install the VNC server software. In this example, you will install and use "TigerVNC Server", which is available by default on the Rocky Linux repository.
You will also generate the VNC server configurations, set up the default Desktop Environment, and add the VNC user to the TigerVNC Server user list.
Run the dnf command below to install the "tigervnc-server" package to the Rocky Linux system. Input Y when prompted to confirm the installation and press ENTER to proceed.
sudo dnf install tigervnc-server
Once installation is complete, you will next set up the VNC server for each user (VNC users).
Log in to your user using the following command.
su - jane
Now, run the following command to initialize the VNC Server for the user "jane". During the initialization of the VNC server, you will be asked to create the password for your VNC server, so input the strong password and repeat. And for the "view-only password", input "n" to disable.
This command will generate VNC server configurations that will be located at "~/.vnc". The VNC server configurations include the xstartup script, desktop environment configuration, and logs for the VNC process.
Also, you can see the new VNC process is running with the name such as "HOSTNAME:N" - which means the system hostname and the desktop/display :N in number.
Verify the list of VNC processes via the vncserver command below. You should see the VNC process of the display ":1" is running.
Now, you must terminate the current VNC process ":1" to set up the XFCE Desktop Environment. Run the vncserver command below to stop the VNC process on display ":1".
vncserver -kill :1
Once the VNC process is terminated, you should get the output message such as "Killing Xvnc process ID PID".
Now that you have generated VNC server configurations, open the file "~/.vnc/config" using nano editor.
Change the default configuration as below. In this example, you will use the XFCE as the default Desktop Environment for the VNC server, and when the user connected to the VNC Server, the default display screen is "1920x1200". The VNC server will only be running on localhost and enable shared desktops.
Save the file and exit the editor when you are finished.
Next, press 'Ctrl+d' and back to the root user session. Then, open the file '/etc/tigervnc/vncserver.users' using nano editor.
sudo nano /etc/tigervnc/vncserver.users
Add the display number and the VNC user like the following configuration. In this example, the display ":1" will be used to run the VNC server for the user "jane".
Save the file and exit the editor when you are done.
With the VNC server configurations generated, the default Desktop Environment configured, and the VNC user added to the TigerVNC user list, you're now ready to start the TigerVNC server and run it as a service.
Starting VNC Server
The TigerVNC Server provides dynamic systemd service files, which means each display or user has its systemd service. In this example, the user "jane" is running the VNC server with the display ":1", so the service file would be "[email protected]:1.service.
Now, every time you added a new VNC user, you must reload the systemd manager to apply new changes. You can reload the systemd manager via the systemctl command as below.
sudo systemctl daemon-reload
Next, start and enable the "[email protected]:1.service" for the display ":1" using the following systemctl command. This will enable the VNC server process display ":1" to be running automatically at boot.
sudo systemctl start [email protected]:1.service
sudo systemctl enable [email protected]:1.service
Lastly, verify the "[email protected]:1.service" to make sure the service is running.
sudo systemctl status [email protected]:1.service
If the "[email protected]:1.service" is running, you should see a similar output as the following screenshot.
At this point, you have completed the installation and configuration of the VNC server via the "Tiger-VNC" on the Rocky Linux server. You have also configured the XFCE as the default Desktop Environment for the VNC server. Next, you will set up the Firewalld to secure the VNC server.
Setting up Firewalld
On the default Rocky Linux server, the firewalld is installed and enabled. You will add a new service "vnc-server" to the firewalld.
Add the service "vnc-server" to the firewalld via the firewall-cmd command below. Then, reload the firewalld rules to apply new changes.
sudo firewall-cmd --add-service=vnc-server --permanent
sudo firewall-cmd --reload
Lastly, verify the list of firewalld rules using the command below. If you see the "vnc-server" service on the list of services, then the service rule is added and enabled.
sudo firewall-cmd --list-services
Connect to VNC Server via Secure SSH Tunnel
To start SSH tunneling, run the following ssh command below. In this example, you will create new tunneling to the VNC server IP address "192.168.5.100" with the user "jane" to the localhost on the port TCP port "5901", which is the same port of the VNC server.
ssh -L 5901:127.0.0.1:5901 -N -f -l jane 192.168.5.100
Input the password for your user. Once you are connected, you can connect to the VNC server via localhost with port 5901.
Open your VNC viewer on your local computer. In this example, we will use the "TigerVNC Viewer".
On the "VNC Server" address, input the host as localhost or 127.0.0.1 with port 5901. Then, click "Connect" to proceed.
Now, input the VNC server password for your user and click "OK".
If your connections are successful, you will see the XFCE desktop on your screen in the following screenshot.
You can also open your terminal and run the following command to verify your user.
In this guide, you have installed the VNC Server with TigerVNC on the Rocky Linux server. You also have installed and configured the XFCE as the default Desktop Environment for your VNC server. And then lastly, you have learned how to connect to the VNC server securely via SSH tunneling.
Another consideration for the VNC server is that you can limit IP addresses that can access the VNC server port via the Firewalld. And also you can secure your connection via a local VPN server.