How to Install VNC Server on Rocky Linux

Virtual Network Computing (VNC) is a desktop sharing protocol that allows you to control a computer remotely using VNC client software. VNC is working on GUI (Graphical User Interface) environments, it transmits movements of your mouse and keyboard input over the network using the Remote Frame Buffer (RFB) protocol.

Commonly, VNC is used for technicians to control client desktops or used by someone that needs to access their Desktop in the office from their home. VNC can be used securely through the VPN network or using the SSH tunneling connection.

In this tutorial, you will set up the VNC Server with TigerVNC on a Rocky Linux server. You will also learn how to connect securely to the VNC Server via SSH tunneling.

Prerequisites

To complete this tutorial, you will need a server with the following requirements:

  • A fresh Rocky Linux server - You can use Rocky Linux v8.5 or v9.
  • A non-root user with root or administrator privileges.
  • A firewalld enabled on the server.

Installing Desktop Environment

The default Rocky Linux server installation comes without GUI. To set up VNC Server, you will need to install the Desktop Environment on your Rocky Linux server. For VNC Server, it's recommended to use the lightweight Desktop Environment, which gives you more performance and speed.

On Rocky Linux, there are multiple groups of packages that provide a Desktop Environment. For this example, you will install and configure the XFCE as the Desktop Environment for the VNC Server on the Rocky Linux system.

Before starting installing packages, run the following dnf command to upgrade installed packages to the latest version.

sudo dnf update

Now, add the EPEL repository to your Rocky Linux system via the dnf command below. Input Y to add the EPEL repository and press ENTER.

sudo dnf epel-release

Next, you will install the Desktop Environment XFCE via the group package "Xfce" provided by the Rocky Linux repository. Also, you will install the group package "base-x" which contains Xorg packages.

sudo dnf groupinstall "Xfce" "base-x"

Input Y when prompted to confirm the installation and press ENTER to proceed.

Once the XFCE desktop and base-x is installed, enable the graphical environment via the systemctl command below. This will enable the Graphical environment when the server is started.

sudo systemctl set-default graphical

enable graphical

Adding VNC User

For security, it's recommended to use a non-root user to run the VNC server. You should create dedicated users that will run the VNC server. If you the user need the sudo privileges, you can add your user to group "wheel" group.

Run the following command to create a new user. Then, set up the password for the user. In this example, you will create a new user "jane", and be sure to use a strong password.

sudo useradd -m -s /bin/bash jane
sudo passwd jane

After the new user is created, run the following command to add the new user to the "wheel" group. This allows the new user to execute the sudo command and get root privileges.

sudo usermod -aG wheel jane

With the XFCE Desktop Environment installed and the VNC user is created, you will next start the TigerVNC installation and configurations.

setup user

Installing TigerVNC Server

To set up a VNC server, you must install the VNC server software. In this example, you will install and use "TigerVNC Server", which is available by default on the Rocky Linux repository.

You will also generate the VNC server configurations, set up the default Desktop Environment, and add the VNC user to the TigerVNC Server user list.

Run the dnf command below to install the "tigervnc-server" package to the Rocky Linux system. Input Y when prompted to confirm the installation and press ENTER to proceed.

sudo dnf install tigervnc-server

install tigervnc

Once installation is complete, you will next set up the VNC server for each user (VNC users).

Log in to your user using the following command.

su - jane

Now, run the following command to initialize the VNC Server for the user "jane". During the initialization of the VNC server, you will be asked to create the password for your VNC server, so input the strong password and repeat. And for the "view-only password", input "n" to disable.

vncserver

This command will generate VNC server configurations that will be located at "~/.vnc". The VNC server configurations include the xstartup script, desktop environment configuration, and logs for the VNC process.

Also, you can see the new VNC process is running with the name such as "HOSTNAME:N" - which means the system hostname and the desktop/display :N in number.

initialize vnc server

Verify the list of VNC processes via the vncserver command below. You should see the VNC process of the display ":1" is running.

vncserver -list

Now, you must terminate the current VNC process ":1" to set up the XFCE Desktop Environment. Run the vncserver command below to stop the VNC process on display ":1".

vncserver -kill :1

Once the VNC process is terminated, you should get the output message such as "Killing Xvnc process ID PID".

kill vnc server process

Now that you have generated VNC server configurations, open the file "~/.vnc/config" using nano editor.

nano ~/.vnc/config

Change the default configuration as below. In this example, you will use the XFCE as the default Desktop Environment for the VNC server, and when the user connected to the VNC Server, the default display screen is "1920x1200". The VNC server will only be running on localhost and enable shared desktops.

session=xfce
geometry=1920x1200
localhost
alwaysshared

Save the file and exit the editor when you are finished.

configure vnc server

Next, press 'Ctrl+d' and back to the root user session. Then, open the file '/etc/tigervnc/vncserver.users' using nano editor.

sudo nano /etc/tigervnc/vncserver.users

Add the display number and the VNC user like the following configuration. In this example, the display ":1" will be used to run the VNC server for the user "jane".

:1=jane

Save the file and exit the editor when you are done.

With the VNC server configurations generated, the default Desktop Environment configured, and the VNC user added to the TigerVNC user list, you're now ready to start the TigerVNC server and run it as a service.

Starting VNC Server

The TigerVNC Server provides dynamic systemd service files, which means each display or user has its systemd service. In this example, the user "jane" is running the VNC server with the display ":1", so the service file would be "[email protected]:1.service.

Now, every time you added a new VNC user, you must reload the systemd manager to apply new changes. You can reload the systemd manager via the systemctl command as below.

sudo systemctl daemon-reload

Next, start and enable the "[email protected]:1.service" for the display ":1" using the following systemctl command. This will enable the VNC server process display ":1" to be running automatically at boot.

sudo systemctl start [email protected]:1.service
sudo systemctl enable [email protected]:1.service

start enable vnc server

Lastly, verify the "[email protected]:1.service" to make sure the service is running.

sudo systemctl status [email protected]:1.service

If the "[email protected]:1.service" is running, you should see a similar output as the following screenshot.

check service status vnc

At this point, you have completed the installation and configuration of the VNC server via the "Tiger-VNC" on the Rocky Linux server. You have also configured the XFCE as the default Desktop Environment for the VNC server. Next, you will set up the Firewalld to secure the VNC server.

Setting up Firewalld

On the default Rocky Linux server, the firewalld is installed and enabled. You will add a new service "vnc-server" to the firewalld.

Add the service "vnc-server" to the firewalld via the firewall-cmd command below. Then, reload the firewalld rules to apply new changes.

sudo firewall-cmd --add-service=vnc-server --permanent
sudo firewall-cmd --reload

Lastly, verify the list of firewalld rules using the command below. If you see the "vnc-server" service on the list of services, then the service rule is added and enabled.

sudo firewall-cmd --list-services

setup firewalld

Connect to VNC Server via Secure SSH Tunnel

To start SSH tunneling, run the following ssh command below. In this example, you will create new tunneling to the VNC server IP address "192.168.5.100" with the user "jane" to the localhost on the port TCP port "5901", which is the same port of the VNC server.

ssh -L 5901:127.0.0.1:5901 -N -f -l jane 192.168.5.100

Input the password for your user. Once you are connected, you can connect to the VNC server via localhost with port 5901.

ssh tunneling

Open your VNC viewer on your local computer. In this example, we will use the "TigerVNC Viewer".

On the "VNC Server" address, input the host as localhost or 127.0.0.1 with port 5901. Then, click "Connect" to proceed.

login to vnc server

Now, input the VNC server password for your user and click "OK".

password vnc server

If your connections are successful, you will see the XFCE desktop on your screen in the following screenshot.

You can also open your terminal and run the following command to verify your user.

id
whoami
sudo su

vnc server rocky linxu xfce

Conclusions

In this guide, you have installed the VNC Server with TigerVNC on the Rocky Linux server. You also have installed and configured the XFCE as the default Desktop Environment for your VNC server. And then lastly, you have learned how to connect to the VNC server securely via SSH tunneling.

Another consideration for the VNC server is that you can limit IP addresses that can access the VNC server port via the Firewalld. And also you can secure your connection via a local VPN server.

Share this page:

Suggested articles

0 Comment(s)

Add comment