How to Install and Configure VNC on CentOS 7

In this tutorial, we will walk you through the steps for installing and configuring a VNC server on a CentOS 7 system. We will also show you how to securely connect to the VNC server through an SSH tunnel.

Virtual Network Computing (VNC) is a graphical desktop sharing system that allows you to use your keyboard and mouse to remotely control another computer.

Prerequisites #

Before continuing with the tutorial, make sure you are logged in as a user with sudo privileges . We will assume you are logged in as a user named linuxize.

Installing Xfce Desktop Environment #

CentOS server installations often do not come with a desktop environment installed, so we’ll start by installing a lightweight desktop environment.

We’ll be installing Xfce . It is fast, stable, and low on system resources, which makes it ideal for usage on remote servers.

Xfce packages are available in the EPEL repository . If the repository is not enabled on your server, you can enable it by typing:

sudo yum install epel-release

Once the repository is added, install Xfce on your CentOS with:

sudo yum groupinstall xfce

Depending on your system, downloading and installing the Xfce packages and dependencies may take some time.

Installing VNC Server #

We’ll be using TigerVNC as our VNC server of choice. TigerVNC is an actively maintained high-performance open-source VNC server.

Type the following command to install TigerVNC on your CentOS server:

sudo yum install tigervnc-server

Now that the VNC server is installed, the next step is to run the vncserver command, which will create the initial configuration and set up the password. Do not use sudo when running the following command:

vncserver

You will be prompted to enter and confirm the password and whether to set it as a view-only password. If you choose to set up a view-only password, the user will not be able to interact with the VNC instance with the mouse and the keyboard.

You will require a password to access your desktops.

Password:
Verify:
Would you like to enter a view-only password (y/n)? n
/usr/bin/xauth:  file /home/linuxize/.Xauthority does not exist

New 'server2.linuxize.com:1 (linuxize)' desktop at :1 on machine server2.linuxize.com

Starting applications specified in /etc/X11/Xvnc-session
Log file is /home/linuxize/.vnc/server2.linuxize.com:1.log

The first time the vncserver command is run, it will create and store the password file in the ~/.vnc directory which will be created if not present.

Note the :1 after the hostname in the output above. This indicates the display port number on which the vnc server is running. In our case, the server is running on TCP port 5901 (5900+1). If you create a second instance with vncserver it will run on the next free port i.e :2, which means that the server is running on port 5902 (5900+2).

What is important to remember is that when working with VNC servers, :X is a display port that refers to 5900+X.

Before continuing with the next step, first stop the VNC instance using the vncserver command with a -kill option and the server number as an argument. In this case, the server is running in port 5901 (:1), so we’ll stop it with:

vncserver -kill :1

Killing Xvnc process ID 2432

Configuring VNC Server #

Now that both Xfce and TigerVNC are installed on the server the next step is to configure TigerVNC to use Xfce. To do so open the following file:

nano ~/.vnc/xstartup

And change the last line from exec /etc/X11/xinit/xinitrc to exec startxfce4:

#!/bin/sh
unset SESSION_MANAGER
unset DBUS_SESSION_BUS_ADDRESS
exec startxfce4 

Save and close the file. The script above will be automatically executed whenever you start or restart the TigerVNC server.

If you need to pass additional options to the VNC server, open the ~/.vnc/config file and add one option per line. The most common options are listed in the file. Uncomment and modify to your liking.

Here is an example:

# securitytypes=vncauth,tlsvnc
# desktop=sandbox
geometry=1920x1080
# localhost
# alwaysshared
dpi=96

Creating a Systemd unit file #

We’ll create a systemd unit file that will enable us to easily start, stop, and restart the VNC service as needed, same as any other systemd service.

Copy the vncserver unit file with the cp command:

sudo cp /usr/lib/systemd/system/[email protected] /etc/systemd/system/vncserver@:1.service

Open the file with your text editor, edit the lines highlighted in yellow and replace “linuxize” with your actual username:

sudo nano /etc/systemd/system/vncserver@\:1.service

[Unit]
Description=Remote desktop service (VNC)
After=syslog.target network.target

[Service]
Type=forking
User=linuxize
Group=linuxize

# Clean any existing files in /tmp/.X11-unix environment
ExecStartPre=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'
ExecStart=/usr/bin/vncserver %I
PIDFile=/home/linuxize/.vnc/%H%i.pid
ExecStop=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'

[Install]
WantedBy=multi-user.target

Save and close the file. Notify systemd that we created a new unit file with:

sudo systemctl daemon-reload

The next step is to enable the unit file with the following command:

sudo systemctl enable vncserver@:1.service

The number 1 after the @ sign defines the display port on which the VNC service will run. In this example, that is the default 1, and the VNC server will listen on port 5901, as we discussed in the previous section.

Start the VNC service by executing:

sudo systemctl start vncserver@:1.service

Verify that the service is successfully started with:

sudo systemctl status vncserver@:1.service

● vncserver@:1.service - Remote desktop service (VNC)
   Loaded: loaded (/etc/systemd/system/vncserver@:1.service; enabled; vendor preset: disabled)
   Active: active (running) since Mon 2020-04-06 19:27:47 UTC; 16s ago
  Process: 909 ExecStart=/usr/bin/vncserver %I (code=exited, status=0/SUCCESS)
  Process: 891 ExecStartPre=/bin/sh -c /usr/bin/vncserver -kill %i > /dev/null 2>&1 || : (code=exited, status=0/SUCCESS)
 Main PID: 923 (Xvnc)
 ...

Connecting to VNC server #

VNC is not an encrypted protocol and can be subject to packet sniffing. The recommended approach is to create an SSH tunnel that will securely forward traffic from your local machine on port 5901 to the server on the same port.

Set Up SSH Tunneling on Linux and macOS #

If you run Linux, macOS, or any other Unix-based operating system on your machine, you can easily create a tunnel with the following ssh command:

ssh -L 5901:127.0.0.1:5901 -N -f -l username server_ip_address

You will be prompted to enter the user password.

Do not forget to replace username and server_ip_address with your username and the IP address of your server.

Set Up SSH Tunneling on Windows #

If you run Windows, you can set up SSH Tunneling using the PuTTY SSH client .

Open Putty and enter your server IP Address in the Host name or IP address field.

Under the Connection menu, expand SSH and select Tunnels. Enter the VNC server port (5901) in the Source Port field and enter server_ip_address:5901 in the Destination field and click on the Add button as shown in the image below:

Go back to the Session page to save the settings so that you do not need to enter them each time.

To login to the remote server, select the saved session, and click on the Open button

Connecting using Vncviewer #

Now that you set up SSH tunneling, it is time to open your Vncviewer and to connect to the VNC Server at localhost:5901.

You can use any VNC viewer such as TigerVNC, TightVNC, RealVNC, UltraVNC, Vinagre, and VNC Viewer for Google Chrome .

In this example, we’ll be using TigerVNC. Open your VNC viewer, enter localhost:5901, and click on the Connect button.

Enter your password when prompted, and you should see the default Xfce desktop. It should look something like this:

You can now start interacting with the remote XFCE desktop from your local machine using your keyboard and mouse.

Conclusion #

By now, you should have a VNC server up and running, and you can easily manage your CentOS 7 server using a graphic interface.

To configure your VNC server to start a display for more than one user, create the initial configuration and set up the password using the vncserver command and create a new service file using a different port.

Feel free to leave a comment if you have any questions.