Setup VNC server for remote desktop management in Ubuntu 12.04

Setup VNC server for remote desktop management in Ubuntu 12.04
by Janeth Kent Date: 24-04-2013

   VNC is a protocol that is used to share the desktop with other users/computers over the network/Internet.In order to share a desktop, VNC server must be install and configure on the computer and VNC client must be run on the computer that will access the shared desktop.

When we install the fresh copy of Ubuntu Server, it only gives us the “Command Line” interface.

But some people prefer GUI instead and for this they install Full version of Gnome on Ubuntu Server. Actually there is a better way and that is to install VNC. VNC provides a lightweight virtual desktop than full blown version of Gnome.

To install the core components of gnome, use this command:

sudo apt-get install gnome-core 

To install a virtual desktop, use this command:

sudo apt-get install vnc4server

In order to use VNC, we need to setup a password using the following command:

vncserver

To make a tweak in startup script, we need to kill the session that we just created:

vncserver -kill :1

Now open up the file that we need to edit:

cd ~
nano .vnc/xstartup

And Modify the file so it looks like this:

#!/bin/sh
# Uncomment the following two lines for normal desktop:
unset SESSION_MANAGER
#exec /etc/X11/xinit/xinitrc
gnome-session --session=gnome-classic &

[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey
vncconfig -iconic &
#x-terminal-emulator -geometry 1280x1024+10+10 -ls -title "$VNCDESKTOP Desktop" &
#x-window-manager &

Next, create the VNC Session once more:

vncserver -geometry 1024x600

Now, download VNCViewer onto our desktop computer from which we want to access the shared desktop. Connect using ServerIP/Name:1 (:1 is for the VNC server window), In my case it is tendo:1.

Enter the password that we created using the vncserver command:

We now have GUI access to our server.

After reboot the server, we will not be able to connect to the server with VNC, this is because the “vncserver -geometry 1024×600” command that we typed above is not persistent. To solve this problem, we will use an excellent script of Justin Buser.

As sudo user create the file (and directory if it doesn’t exist):

sudo mkdir -p /etc/vncserver
sudo touch /etc/vncserver/vncservers.conf
sudo nano /etc/vncserver/vncservers.conf

Add servers as needed for each user by adding something like the following to the vncservers.conf file we just created:

VNCSERVERS="1:arbab"
VNCSERVERARGS[1]="-geometry 1024x600 -depth 24"

Next, create an empty init script and make it executable:

sudo touch /etc/init.d/vncserver
sudo chmod +x /etc/init.d/vncserver
sudo nano /etc/init.d/vncserver

Add the following to /etc/init.d/vncserver:

#!/bin/bash
unset VNCSERVERARGS
VNCSERVERS=""
[ -f /etc/vncserver/vncservers.conf ] && . /etc/vncserver/vncservers.conf
prog=$"VNC server"
start() {
 . /lib/lsb/init-functions
 REQ_USER=$2
 echo -n $"Starting $prog: "
 ulimit -S -c 0 >/dev/null 2>&1
 RETVAL=0
 for display in ${VNCSERVERS}
 do
 export USER="${display##*:}"
 if test -z "${REQ_USER}" -o "${REQ_USER}" == ${USER} ; then
 echo -n "${display} "
 unset BASH_ENV ENV
 DISP="${display%%:*}"
 export VNCUSERARGS="${VNCSERVERARGS[${DISP}]}"
 su ${USER} -c "cd ~${USER} && [ -f .vnc/passwd ] && vncserver :${DISP} ${VNCUSERARGS}"
 fi
 done
}
stop() {
 . /lib/lsb/init-functions
 REQ_USER=$2
 echo -n $"Shutting down VNCServer: "
 for display in ${VNCSERVERS}
 do
 export USER="${display##*:}"
 if test -z "${REQ_USER}" -o "${REQ_USER}" == ${USER} ; then
 echo -n "${display} "
 unset BASH_ENV ENV
 export USER="${display##*:}"
 su ${USER} -c "vncserver -kill :${display%%:*}" >/dev/null 2>&1
 fi
 done
 echo -e "\n"
 echo "VNCServer Stopped"
}
case "$1" in
start)
start $@
;;
stop)
stop $@
;;
restart|reload)
stop $@
sleep 3
start $@
;;
condrestart)
if [ -f /var/lock/subsys/vncserver ]; then
stop $@
sleep 3
start $@
fi
;;
status)
status Xvnc
;;
*)
echo $"Usage: $0 {start|stop|restart|condrestart|status}"
exit 1
esac

We’ll need to run vncserver command AT LEAST ONCE AS EACH USER that want to login as. I put that in caps because if you skip that step none of it will work.

Finally, do the following:

sudo update-rc.d vncserver defaults 99

Now, restart the service by typing:

sudo service vncserver restart

Ability to connect for multiple users:

Create a local user, using the following command:

sudo adduser hussain

Switch to the newly created user and run vncserver command for it:

su hussain
vncserver

Move to the home directory and edit the xstartup file:

cd ~
nano .vnc/xstartup

Modify the file so it looks like this:

 
#!/bin/sh
# Uncomment the following two lines for normal desktop:
unset SESSION_MANAGER
#exec /etc/X11/xinit/xinitrc
gnome-session --session=gnome-classic &

[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey
vncconfig -iconic &
#x-terminal-emulator -geometry 1280x1024+10+10 -ls -title "$VNCDESKTOP Desktop" &
#x-window-manager &

Now open up the /etc/vncserver/vncservers.conf file as sudo user:

sudo nano /etc/vncserver/vncservers.conf

Add servers for newly created user by adding something like this:

VNCSERVERS="1:arbab 2:hussain"
VNCSERVERARGS[1]="-geometry 1024x600 -depth 24"
VNCSERVERARGS[2]="-geometry 1024x600 -depth 24"

Restart the service:

sudo service vncserver restart

Connect with newly created user using tendo:2, Where tendo is my server name:

Enter the password that we created using the vncserver command:

We now have GUI access to our server for newly created user.

Preventing Gnome to start on boot on the server:

Gnome is automatically started on boot in Ubuntu 12.04 LTS, if we connect a monitor to our server we will see that GUI sitting there waiting for us to log in.

To prevent it, edit the gdm.conf file:

sudo nano /etc/init/gdm.conf

Comment these six lines:

#start on ((filesystem
# and runlevel [!06]
# and started dbus
# and (drm-device-added card0 PRIMARY_DEVICE_FOR_DISPLAY=1
# or stopped udev-fallback-graphics))
# or runlevel PREVLEVEL=S)

Reboot the server and that GUI log-in screen will no longer appear:

VNC encrypted through the ssh tunnel:

By default, VNC is not secure protocol.VNC uses encryption during initial connection and login (passwords are not sent in plain-text). Once, we connected then all the VNC data is unencrypted and hacker could sniff our VNC session. It is better (safer) to start VNC server only on 127.0.0.1(localhost) and tunnel it over secure SSH tunnel (For this,there are options in Putty).

On Ubuntu, edit /etc/vncserver/vncservers.conf:

sudo nano /etc/vncserver/vncservers.conf

Add the option “-localhost“:

VNCSERVERS="1:arbab 2:hussain"
VNCSERVERARGS[1]="-geometry 1024x600 -depth 24 -localhost"
VNCSERVERARGS[2]="-geometry 1024x600 -depth 24 -localhost"

Restart the service:

sudo service vncserver restart

Here is visual, how to connect to VNC Server through PuTTY(SSH) from Windows Machine.

Run PuTTY,enter the IP address or hostname of the VNC Server:

On the left-hand panel, Go to Connection -> SSH -> Tunnels:

Source Port:590x(Where x is a value that we set in vncservers.conf,like 1 for arbab)
Destination:localhost:590x(Same x value that we used above in source port)

Click Open button in order to connect to the Server via SSH:

Login to the Ubuntu (VNC Server) with username and password:

Upon successful connection to VNC Server, we’ll find port 5901 is in listening mode on localhost:

netstat -a

Run VNC Viewer and enter the localhost:1(:1 is for arbab user, that we defined in vncservers file):

Enter the password, in order to connect to the VNC Server:

Now, we are connected to remote VNC Server through ssh tunnel:

Hope this will help you!

Enjoy :-)

 
by Janeth Kent Date: 24-04-2013 hits : 11493  
 
Janeth Kent

Janeth Kent

Licenciada en Bellas Artes y programadora por pasión. Cuando tengo un rato retoco fotos, edito vídeos y diseño cosas. El resto del tiempo escribo en MA-NO WEB DESIGN AND DEVELOPMENT.