VPS on Linux with a graphical interface: running a VNC server on Ubuntu 18.04



Some users rent relatively inexpensive Windows VPSs to run Remote Desktop Services. The same can be done on Linux without placing your own hardware in the data center or renting a dedicated server. Someone needs a familiar graphical environment for testing and development, or a remote desktop with a wide bandwidth for working from mobile devices. There are many uses for Virtual Network Computing (VNC) based on the Remote FrameBuffer (RFB) protocol. In a short article, we'll show you how to configure it on a virtual machine with any hypervisor ..



Table of contents:



Selecting a VNC server

Installing and configuring

Starting a service via systemd

Connecting to a desktop



Choosing a VNC server



The VNC service can be built into the virtualization system, while the hypervisor will connect it to the emulated devices and no additional configuration is required. This option involves significant overhead and is not supported by all providers - even in a less resource-intensive implementation, when a simplified abstraction (framebuffer) is transferred to the virtual machine instead of emulating a real graphics device. Sometimes a VNC server is bound to a running X server, but this method is more suitable for accessing a physical machine, while on a virtual machine it creates a number of technical difficulties. The easiest way is to install a VNC server with an embedded X server. It does not require physical devices (video adapter, keyboard and mouse) or their emulation using a hypervisor, and therefore is suitable for any type of VPS.



Installation and configuration



We need a virtual machine with Ubuntu Server 18.04 LTS in the default configuration. There are several VNC servers in the standard repositories of this distribution: TightVNC , TigerVNC , x11vnc and others. We settled on TigerVNC - an actual fork not supported by the TightVNC developer. Other servers are configured in a similar manner. You also need to choose a desktop environment: in our opinion, XFCE will be the best option due to the relatively low requirements for computing resources. Those interested can install another DE or WM: it all depends on personal preferences, but the choice of software directly affects the need for RAM and computing cores.



image




Installing the desktop environment with all dependencies is done with the following command:



sudo apt-get install xfce4 xfce4-goodies xorg dbus-x11 x11-xserver-utils


Next, you need to install the VNC server:



sudo apt-get install tigervnc-standalone-server tigervnc-common


Running it as root is a bad idea. Create user and group:



sudo adduser vnc






Let's add the user to the sudo group so that he can solve administration-related tasks. If there is no such need, you can skip this step:



sudo gpasswd -a vnc sudo


The next step is to start the VNC server with vnc user privileges to create a secure password and configuration files in the ~ / .vnc / directory. The length of the password can be from 6 to 8 characters (the extra ones are cut off). If necessary, a view-only password is also set, i.e. without access to keyboard and mouse. The following commands are executed as the vnc user:



su - vnc
vncserver -localhost no




By default, the RFB protocol uses the TCP port range 5900 to 5906 - this is the so-called. display ports, each corresponding to an X server screen. In this case, the ports are associated with screens from: 0 to: 6. The VNC server instance we started is listening on port 5901 (screen: 1). Other instances can run on other ports with screens: 2,: 3, etc. Before further configuration, you need to stop the server:



vncserver -kill :1


The command should display something like the following message: "Killing Xtigervnc process ID 18105 ... success!".



At startup, TigerVNC runs the ~ / .vnc / xstartup script to set configuration parameters. Let's create our own script, having previously saved a backup copy of the existing one, if it exists:



mv ~/.vnc/xstartup ~/.vnc/xstartup.b
nano ~/.vnc/xstartup


An XFCE desktop environment session is started by the following xstartup script:



#!/bin/bash
unset SESSION_MANAGER
unset DBUS_SESSION_BUS_ADDRESS
xrdb $HOME/.Xresources
exec /usr/bin/startxfce4 &


The xrdb command is required for VNC to read the .Xresources file in the home directory. There the user can define various parameters of the graphical desktop: font rendering, terminal colors, cursor themes, etc. The script must be made executable:



chmod 755 ~/.vnc/xstartup


This completes the VNC server configuration. If you run it with the vncserver -localhost no command (on behalf of the vnc user), you can connect with the previously set password and see the following picture:





Starting a service via systemd



Starting a VNC server manually is not well suited for combat use, so we will configure a system service. Commands are executed as root (use sudo). First, let's create a new unit file for our server:



sudo nano /etc/systemd/system/vncserver@.service


The @ symbol in the name allows you to pass an argument to configure the service. In our case, it sets the VNC display port. A unit file consists of several sections:



[Unit]
Description=TigerVNC server
After=syslog.target network.target

[Service]
Type=simple
User=vnc 
Group=vnc 
WorkingDirectory=/home/vnc 
PIDFile=/home/vnc/.vnc/%H:%i.pid
ExecStartPre=-/usr/bin/vncserver -kill :%i > /dev/null 2>&1
ExecStart=/usr/bin/vncserver -depth 24 -geometry 1280x960 :%i
ExecStop=/usr/bin/vncserver -kill :%i

[Install]
WantedBy=multi-user.target


Then you need to notify systemd about the appearance of a new file and activate it:



sudo systemctl daemon-reload
sudo systemctl enable vncserver@1.service


The number 1 in the name indicates the screen number.



We stop the VNC server, start it as a service and check the status:



#    vnc 
vncserver -kill :1


#   
sudo systemctl start vncserver@1
sudo systemctl status vncserver@1


If the service is running, we should get something like this.





Desktop connection



Our configuration does not use encryption, so network packets can be intercepted by attackers. In addition, vulnerabilities are often found in VNC servers , so you should not open them for access from the Internet. To connect securely on the local computer, you need to pack the traffic into an SSH tunnel and then configure the VNC client. On Windows, you can use a graphical SSH client (eg PuTTY). For security, TigerVNC on the server only listens to localhost and is not directly accessible from public networks:




sudo netstat -ap |more




On Linux, FreeBSD, OS X and other UNIX-like operating systems, the tunnel from the client computer is done using the ssh utility (sshd must be running on the VNC server):



ssh -L 5901:127.0.0.1:5901 -C -N -l vnc vnc_server_ip


The -L option binds port 5901 of the remote connection to port 5901 on localhost. The -C option enables compression, and -N tells ssh not to run a remote command. The -l option specifies login for remote login.



After configuring the tunnel on the local computer, you need to start the VNC client and establish a connection to the host 127.0.0.1:5901 (localhost: 5901) using the password set earlier to access the VNC server. We can now securely communicate through an encrypted tunnel with the XFCE graphical desktop environment on the VPS. In the screenshot, the top utility is running in the terminal emulator to show the insignificant consumption of computing resources by the virtual machine. Then everything will depend on user applications.





You can install and configure a VNC server on Linux on almost any VPS. This does not require expensive and resource-intensive configurations with video adapter emulation or the purchase of commercial software licenses. In addition to the system service option we have considered, there are others: starting in daemon mode (via /etc/rc.local) at system boot or on demand via inetd. The latter is interesting for creating multi-user configurations. The Internet superserver will start the VNC server and connect the client to it, and the VNC server will create a new screen and start a session. For authentication inside it, you can use a graphical display manager (for example, LightDM ), and after disconnecting the client, the session will be closed and all programs working with the screen are terminated.






All Articles