How to Configure a VNC Server to Use an SSH Tunnel on Ubuntu 14.04 LTS

VNC is short for ‘Virtual Network Computing’. It’s a simple method for sharing a graphical desktop environment. For example, if you install VNC on your hosted server, you could connect to its graphical desktop environment remotely.

Pre-Flight Check

Step #1: Create a New xstartup Configuration File

We’ll have to configure a new xstartup file, so let’s take a backup of the original:

mv ~/.vnc/xstartup ~/.vnc/xstartup.bak

For a refresher on editing files with vim see: New User Tutorial: Overview of the Vim Text Editor

vim ~/.vnc/xstartup

Insert the following into the new file:

#!/bin/bash
xrdb $HOME/.Xresources
startxfce4 &

Save and exit, and then correct the permissions on the new file:

sudo chmod +x ~/.vnc/xstartup

Step #2: Create a VNC Service File

We’re going to use vim to create and edit a service file for the vncserver service.

sudo vim /etc/init.d/vncserver

There are four sections that will be added to the service file. The first sets up the environment that the service will run. Here you can manipulate the user, which in this case is exampleuser, and the display resolution, which in this case is 1024×768:

#!/bin/bash
PATH="$PATH:/usr/bin/"
export USER="exampleuser"
DISPLAY="1"
DEPTH="16"
GEOMETRY="1024x768"
OPTIONS="-depth ${DEPTH} -geometry ${GEOMETRY} :${DISPLAY} -localhost"
. /lib/lsb/init-functions

Using the -localhost feature is what limits VNC Server connections to ONLY possible once connected via an SSH Tunnel.

Be absolutely sure to replace exampleuser with the non-root user that you have set up prior to this tutorial.

The second sections binds the start command to two functions: starting a VNC server and a message stating that it is being started:

case "$1" in
start)
log_action_begin_msg "Starting vncserver for user ‘${USER}’ on localhost:${DISPLAY}"
su ${USER} -c "/usr/bin/vncserver ${OPTIONS}"
;;

The third sections binds the stop command to two functions: stopping the VNC server and a message stating that it is being stopped:

stop)
log_action_begin_msg "Stopping vncserver for user ‘${USER}’ on localhost:${DISPLAY}"
su ${USER} -c "/usr/bin/vncserver -kill :${DISPLAY}"
;;

The fourth sections binds the restart command to running the stop and start command:

restart)
$0 stop
$0 start
;;
esac
exit 0

And then correct the permissions on the new file:

sudo chmod +x /etc/init.d/vncserver

Step #3: Use the VNC Service File

Start VNC Server:

sudo service vncserver start

Stop VNC Server:

sudo service vncserver stop

Restart VNC Server:

sudo service vncserver restart

Step #4: Connection to the VNC Server via an SSH Tunnel

netstat -plant

Shows:

Proto  Recv-Q  Send-Q  Local Address  Foreign Address  State  PID/Program name
tcp    0       0       127.0.0.1:5901   0.0.0.0:*        LISTEN 27760/Xtightvnc

Per the previous article (How to Install VNC Server on Ubuntu 14.04 LTS), that means that VNC is listening on port 5901. But, instead of listening on all IPs (0.0.0.0:5901) VNC is only listening on 127.0.0.1, or localhost.

To Connect via Linux

First establish an SSH tunnel:

ssh -L 5901:127.0.0.1:5901 -N -f -l exampleuser ip_address

Then connect to localhost:5901 via a VNC viewer such as TightVNC.

To Connect via PuTTy

Under Connection -> SSH -> Tunnels add:

Source port: 5901
Destination: localhost:5901

And connect to your server at its IP address and port 22 via PuTTY.

And then connect to localhost:5901 via a VNC viewer such as TightVNC.

Be Sociable, Share!
Here's $75, Launch a New VPS Today. Find out why 30,000 customers have chosen our Best-in-Class Performance & 24x7 Heroic Support.