Installing VNC Server in Rocky Linux 8

In this article, we learn how to install and configure VNC server on Rocky Linux 8 then connect to the server using another machine.

Table of contents.

1. Introduction.
2. Installing the GNOME desktop environment on the server.
3. Starting VNC server.
4. Establishing an SSH Tunnel.
5. Desktop environments.
6. Summary.

Introduction.

VNC(virtual network computing) is a screen-sharing client-server system. System administrators and support staff use it to troubleshoot issues on a remote computer without physically being there. VNC applications include TeamViewer, Anydesk, TigerVNC, TightVNC, etc.

A VNC server is a host with a VNC server software component installed. We access this host using another host with a VNC client software component, also referred to as a VNC viewer. Using the VNC client, we can perform actions remotely on the server host as if we were right in front of the host monitor.

We demonstrate how to install and configure the VNC client/VNC viewer on a client and VNC server software component on the server and set up the Graphical User Interface in Rocky Linux 8. We use TigerVNC - an open-source system for sharing desktops. It allows us to control remote computers.

For this installation, we need to be running a RHEL-based Linux OS and have sudo privileges on both systems.

We will be installing a VNC server component on a RHEL-based machine - 192.168.100.75 then connecting to this server using a Debian-based client system - 192.168.100.66, where we’ll install the tigervnc client.
Updating packages.
Before any installation, we should update and upgrade the repositories and packages currently installed in the system to prevent any issues later:

$ sudo dnf check-update
$ sudo dnf update -y

Installing the VNC server component.
As mentioned earlier, we will use TigerVNC. In that regard, we install the TigerVNC server component on this server using the following command:

$ sudo dnf install tigervnc-server -y

Installing the GNOME desktop environment on the server.

When we connect to the remote server, we want to use a graphical user interface such as GNOME, cinnamon, Xfce, etc. If you are currently running a RHEL system without a GUI, then we install a GNOME desktop environment and other packages required for the GUI on this server. If you already use the GNOME desktop environment, this step is unnecessary:

$ sudo dnf groupinstall "Server with GUI" -y

We have used the groupinstall option to install the whole package-group where the GNOME package is also available. Later, we will see how to install another popular desktop environment.

Once the package-group installation is complete, we set the GNOME desktop environment as the default session during a VNC connection by editing the ~/.vnc/config file located in the home directory.

$ sudo vim ~/.vnc/config

When the file is open, we paste the following configuration.

session=gnome
geometry=1920X1200
localhost
alwaysshared

We have specified the value of the session as gnome. However, this is flexible. We can decide to go with any other desktop environment. We only have to download its package and set its name as the value of the session. For example, if we were to use the cinnamon desktop environment, we would change the value of the session to cinnamon.

We also specify the screen resolution to 1920 by 1200. We can also change this according to our needs. Localhost specifies the hostname of this server. Finally, alwaysshared states that multiple users can be connected concurrently, meaning the session is sharable.

Creating a VNC user.
For this tutorial, we create a user named vncuser for learning purposes:

$ sudo adduser vncuser
$ sudo passwd vncuser

After the above action, we switch to the newly created account using the su command and configure a VNC password that this user will use to connect to this server using a VNC client. For this, we execute the vncpasswd command as shown:

$ su - vncuser
$ vncpasswd

From the session above, notice the prompt concerning the view-only password. It determines if users such as vncuser, can send any mouse clicks or keyboard strokes to this server during the session. If we select y, the vncuser cannot perform mouse or keyboard actions. In this case, we choose option n, meaning we can send keyboard or mouse strokes to the remote system.

Assigning ports to users.

After creating a user, we have to assign a port number. Ports are communication endpoints between computers. In this case, we need the client system to communicate with this server on a port we specify. To assign a port number to our user vncuser, we edit the /etc/tigervnc/vncserver.users file and add the following line:

:1=vncuser

$ sudo vim /etc/tigervnc/vncserver.users

Notice from the file we have users assigned to numbers preceded by a colon - :1. It means that a particular user, for example, vncuser, will connect to this server on port 5901. This port numbering is incremental. For example, :2 maps to port 5902, :3 maps to port 5903, and so forth. In this case, if we uncomment :2=andrew, this user will use port 5902 to connect to the server during a VNC connection.

For the changes made to take effect, we reload the systemd daemon by writing:
$ sudo systemctl daemon-reload

Allowing VNC connection through the firewall.
Before the VNC server service can send and receive data, we need to ensure the firewall is OK with incoming VNC connections from clients. For this, we need to use the firewalld utility to manipulate the firewall rules:

$ sudo firewall-cmd --zone=public --permanent --add-service=vnc-server
Here we allow the VNC service through the firewall and make it permanent by using the permanent option so that when the system reboots, the changes will remain. After this change, we reload the firewall so the changes can take effect:

$ sudo firewall-cmd --reload

Starting VNC server.

After all the configurations, it is now time to start the service on the server. For this, we use the following command:

$ sudo systemctl start vncserver@:1.service		[ start the service ]
$ sudo systemctl status vncserver@:1.service 	[ make sure it started ]

If after the above operation the service still does not start, we can edit the /etc/gdm/custom.conf file and uncomment the text ‘Wayland=false’ as shown below:

$ sudo vim /etc/gdm/custom.conf

In Rocky Linux, GNOME is the default desktop environment. It uses the Wayland display manager. However, the Wayland display manager is not a remote rendering API, so we disable it to make the login screen use Xorg.

After uncommenting the line, we restart the gdm service so the changes can take effect:

$ sudo systemctl restart gdm.service

If we use this service frequently, we can configure it to launch automatically upon system startup by executing the command:

$ sudo systemctl enable vncserver@:1.service

To undo this, we use the disable option:

$ sudo systemctl disable vncserver@:1.service

Establishing an SSH Tunnel.

SSH tunneling/SSH port forwarding involves creating an encrypted connection between a client and a server. VNC is not secure. Therefore, we use SSH tunneling to encrypt the communication between the two systems.

To increase trust between the client and the server, we can also configure SSH passwordless login.

Now, to create a tunnel between the two systems, we execute the command:

$ ssh -L 5900:127.0.0.1:5901 -N -f -l [username] [ip address]

From the command, we have specified port 5900 on the 127.0.0.1 host and 5901 on the remote server using the -L option. We use the -N option to prevent the execution of commands from the remote system. It tells ssh to only forward ports. The -l option specifies the user login to the remote host.

For speed, we can use the -C option to compress data making it smaller.
The [username] [ipaddress] specifies the username we use to log into the remote server followed by its Ip address. Remember to replace these with your details.
For more ssh command options, we execute $ man ssh in Linux.
Installing VNC client.

On another Linux client system, we install the VNC client/VNC viewer client component. In this article, our focus will be on TigerVNC, so we install the tigervnc package.

We will use this host to connect to the server we configured in the previous section. To install a Tiger VNC viewer, we execute the following command:
On RHEL and Fedora:

$ sudo dnf install tigervnc -y

On Debian and Ubuntu:

$ sudo apt-get install tigervnc-viewer -y

After this operation, we should expect to see a new icon created in the application launcher.

To connect the VNC server from the client, we first launch the application using the vncviewer command or directly using the GUI application launcher:

$ vncviewer

You should expect to see a screen such as the following.

In the server input field, we enter the IP address of the remote server followed by a port number, separated by a colon as shown above:

In our case, it is 192.168.100.75, and the port is 5901, so we write:
192.168.100.75:5901. Make sure to use your details for this to work.
After this, we have a password prompt. Here we enter the VNC password we configured earlier in the section about creating a user.

If the credential is correct, we are connected as shown below:

Desktop environments.

We have seen how to configure and use the GNOME desktop environment. We can also configure other desktop environments such as plasma, Xfce, cinnamon, etc.
To view currently installed desktop environments, we list the contents of the /usr/share/xsessions directory.

$ ls /usr/share/xsessions/

Configuring XFCE desktop environment.

Let us configure an XFCE desktop environment. In addition to being very user-friendly and intuitive, Xfce is also lightweight, fast, and consumes few system resources.

To install it, we first install EPEL(Extra packages for Enterprise Linux) by executing the command:

$ sudo dnf install -y epel-release

Just like we installed GNOME previously, we install the XFCE package group that also has the XFCE desktop environment package:

$ sudo dnf groupinstall -y "Xfce"

After installation, the next step is to change the value of the session in the ~/.vnc/config file to Xfce as shown:

$ sudo vim ~/.vnc/config

After this operation, we restart the service on the server:

$ sudo systemctl restart vncserver@:1.service

Now when we connect, we will use the XFCE desktop environment.

Similarly, we can install and configure other desktop environments such as; Budgie-desktop, cinnamon, cinnamon2d, gnome-classic, gnome-custom-session, gnome-Xorg, mate, Openbox, plasma, Xfce, xinit-compat, etc.

We do this in two simple steps. First, we install the specified desktop environment package then edit the vnc config file in the home directory.

Summary.

We saw how to install VNC server and client software components in the client and server hosts, how to configure the graphical environment, allow VNC service through the firewall, and secure the connection using SSH tunneling..

Note that this installation is not limited to TigerVNC. We can also apply what we have learned to other VNC installations such as TightVNC, RealVNC, UltraVNC, etc.
We use VNC to administer remote systems and troubleshoot their problems. It uses a client-server model where the client connects to a server with a vnc-server component installed.