[Linux] Setting Up a Debian VNC Server (via SSH tunnel)

“and first for something complete different”: Muzaq… coding or administrating system can’t do without gooood muzaq. Check our latest tunes here ;-)

I. Abstract

No doubt, configuring a web server won’t work without being in the know of basics about the terminal, vim or nano. Anyway many tasks can also be performed by administrating a server using a GUI. The problem is: only Windows 2003 or Windows 2008 come with a preinstalled remote desktop connection – and they are really much more expensive than Linux solutions. When using our beloved and most stable Linux distribution Debian, it mostly comes preinstalled with almost nothing.

The following article assumes, you have a server, which can be managed via ssh rather than by physically access. We will show you how to setup a GNOME desktop on that server and virtually connect to that desktop using an SSH tunnel.

In case you are running a client machine with:

  • Linux or Mac OS X, just keep on reading, all tools come onboard
  • MS Windows, please install Cygwin with the openSSH package first
    (Note: you may also use the Putty/Pageant combo instead, but this will require some different steps. The following article is straightened to using Cygwin, because we feel it’s got several client sided advantages in contrast to Putty)

II. Preparations

First of all: log into your server via SSH as root. Make sure openSSH has been updated, a serious security flaw has been discovered some days ago concerning Debian based Linux distros. Make also sure you have secured your SSH access. We really recommend public-, private-key crypto for ssh login.

III. Update and Upgrade your server with current packages

Being logged into your server as root, do the following:

  • server$ apt-get update
  • server$ apt-get upgrade
  • server$ apt-get dist-upgrade

to upgade your whole installation.

IV. Installing GNOME

After having done a dist-upgrade we are used to reboot the servers. This might not be necessary in all cases and might be a strange obsession from ancient MS Windows times, but we would recommend it to allow all scripts to become initialized anew.

After reboot login as root again and do the following:

  • server$ apt-get install gnome-desktop-environment

V. Install fonts for GNOME and VNC

Install some (required) fonts for the VNC server GNOME session:

  • server$ apt-get install xfonts-100dpi
  • server$ apt-get install xfonts-100dpi-transcoded
  • server$ apt-get install xfonts-75dpi
  • server$ apt-get install xfonts-75dpi-transcoded
  • server$ apt-get install xfonts-base

VI. Install VNC server

We prefer TightVNCServer, simply because it worked from the very beginning…

  • server$ apt-get install tightvncserver
    (installs TightVNCServer)
  • server$ tightvncserver :1
    (initialize the VNC server for the first time, it will copy some files to ~/.vnc folder and it will ask twice for a VNC password – we recommend to provide it for your own safety)
  • server$ tightvncserver -kill :1
    (stop VNC server – for further configuration purposes)

VII. Configure VNC server

In this example we’re gonna use nano, you can also use vim, vi or whatever you think what editor fits your needs best:

  • server$ nano ~/.vnc/xstartup

We need to change the standard X-Windows interface, since we like to use GNOME.

Original xstartup file:

  • #!/bin/shxrdb $HOME/.Xresources
    xsetroot -solid grey
    x-terminal-emulator -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
    x-window-manager &

Change this to

  • #!/bin/shxrdb $HOME/.Xresources
    xsetroot -solid grey
    x-terminal-emulator -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
    # x-window-manager &

    gnome-session &

Save and exit nano (ctrl + x).

VIII. Setup an SSH tunnel for VNC connections

VNC connections are usually to be found on port 5901. Usually they are not encrypted on that port. That means you send the VNC password unencrypted thru the net to that port. Since this allows too many attacks, it is just too weak for a web server solution.

We don’t want to provide possible Zombies. So the solution is: we just setup an SSH tunnel as a wrapper for our VNC connection. Further information about SSH tunneling can be found here and here.

On your client machine do the following:

  • client$ ssh -f -N -L 5901:localhost:5901 root@yourserver.net

In case you changed the ssh port on your server (like we recommended in our article here), you need to specify your ssh port for the SSH tunneling aswell, like:

  • client$ ssh -f -N -L 5901:localhost:5901 root@yourserver.net -p 8722
    (in this case we use port 8722 instead of the standard port 22)

IX. Connect to your server via VNC

Start tightvnc on your server:

  • server$ tightvncserver :1

In case you like to have a different screen resolution than 1024×768 you may start tightvnc with:

  • server$ tightvncserver -geometry 1280x1024 :1

On a Mac the VNC client is called Chicken of the VNC (Download here). On Windows you can use RealVNC (Download here). Both work quite similar and contain almost the same features.

Use the VNC client (like Chicken of the VNC) to connect to your SSH tunnel,

  • connect to localhost (or 127.0.0.1)
  • display 1, because of port 5901 (display 0 would be port 5900)
  • enter your VNC password
    (the password, that has been setup in step VI. Install VNC server)

 

  • hit connect and
  • you should see something like that (on vservers the performance may be kinda slow and GNOME’s GUI may take some time to initialize).

Congratulations, you’re done.

X. Stopping VNC session and SSH tunneling

You can simply quit the VNC session by just closing your VNC client. But the SSH tunnel from your client to your server will still be up until you stop it (means until you kill it). We may provide a simple script to do that when we finished cleaning it up. Right now it is kinda spaghetti code. Although this is not too comfy, you may live with a simple command until then:

  • client$ killall ssh

It simply kills every SSH process :-)

XI. Final words

We hope you enjoyed our trip into the amazing VNC worlds on Debian and also hope you learned something. You could now setup a firewall like firestarter, which is GUI driven. We will publish some words about this in the early future.

And of course, you are still invited to consider our sponsor (Google-Adsense) and help us maintaining this project here free. Thanks…

You can leave a response, or trackback from your own site.

28 Responses to “[Linux] Setting Up a Debian VNC Server (via SSH tunnel)”

  1. Alphy says:

    I hope to try this soon, but I have one question: if I would rather use KDE, would I just replace “gnome-session” with “kde-session”?

  2. metapapa says:

    Though KDE is a great window manager, we don’t have experiences in using it. We simply prefer Gnome as a matter of choice. Give it a try and tell us if it works with KDE aswell.
    Thanks

    P.S. Some people say Gnome’s code has been written tighter, so that it can be used better on slower systems like virtualized servers. Anyway give it a try and report back…

  3. mitch says:

    Hi, the setting for kde have to be

    startkde &

    instead of gnome-session &

    Greetz mitch

  4. Deneidez says:

    No, no, no, no! Do not run server as a root. Also use tightvncserver -localhost :1 . That will block all but localhost connections(Tunneling will make you look like you are from localhost.) and you will get much more secure set up.

  5. Norbert says:

    It seems you must install gnome-session
    apt-get gnome-session before install gnome-desktop-environment.

    Norbert

  6. Sikoly says:

    Thanks!

    I’ve been trying to install a working vnc server for the whole day now. I just reinstalled debian to my old laptop. I rembember back than it was also a pain in the ass to get the vncserver working.
    Beacuse it seemed to be working, but the desktop did not show up, only a terminal.

    I bookmark thhis page for sure.

  7. Nick says:

    Hi,

    thank you for your description and the time you spent creating this, i appreciate all the effort.
    I have a problem though, i install everything and works well but only the keyboard layout is wrong. for example ‘s’ is ‘b’ as in the characters are all jumbled up.
    Is there anything that i am doing wrong. I am located in Germany and i have changed the Keyboard layout to German-Key or German-Key map but still doesnt help.

    Kind regards
    Nick

  8. [...] Up a Debian VNC Server (via SSH tunnel) Posted on September 7, 2010 by dandotreportbug Setting Up a Debian VNC Server (via SSH tunnel) This entry was posted in Uncategorized. Bookmark the permalink. ← KVM on [...]

  9. Djeff ETIENNE says:

    HERE IS SOME ADD-ON FOR DEBIAN SQUEEZE

    Debian Squeeze – Secure VNC Server with TightVNC Server via SSH Tunnel
    1 – Install OpenSSH-Server on your Debian Machine and make sure you can connect to it from the
    client Machine.
    apt-get install openssh-server
    2 – Open a SSH Session from Putty (If you are using Windows Putty is a good deal to do so)
    3 – install a desktop environment. For this article I recommend GNOME, but KDE and others should
    work as well.
    apt-get install gnome-desktop-environment
    We also need to install some fonts for the GNOME session
    apt-get install xfonts-100dpi
    apt-get install xfonts-100dpi-transcoded
    apt-get install xfonts-75dpi
    apt-get install xfonts-75dpi-transcoded
    apt-get install xfonts-base
    4 – Last of all, we are ready to install VNC Server. TightVNCServer is my choice here.
    apt-get install tightvncserver
    This will install TightVNCServer. In order to initialize it we run
    tightvncserver :1
    VNC runs on port 5900 by default, so the :1 tells TightVNCServer to run on port 5901 Because the
    port 5900 might already be in use. This is the port you will use to later connect to your Debian. There
    are some parameters you can give to adjust resolution, for example:
    tightvncserver -geometry 1280×1024 :1
    tightvncserver -geometry 1280×1024 –depth 24 :1
    This will create some files in ~/.vnc and it should ask you for a password. Make sure you pick a good
    password, even though we will be securing it with SSH later.
    After you initialize VNC for the first time you need stop it for further configuration. This is done with
    tightvncserver -kill :1
    5 – Configuration
    We’ll use an editor to configure VNC from now on. Lets open the configuration file and look at the
    options
    vi ~/.vnc/xstartup
    Since VNC uses the standard X Windows interface, we will need to tell it to use GNOME. Change the
    last line to invoke GNOME instead of X Windows, like so:
    #!/bin/sh
    xrdb $HOME/.Xresources
    xsetroot -solid grey
    #x-terminal-emulator -geometry 80×24+10+10 -ls -title “$VNCDESKTOP Desktop” &
    #x-window-manager &
    gnome-session &
    Save the config file and exit. You can now start VNC again
    tightvncserver -geometry 1280×1024 –depth 24 :1
    Now you can access your Debian server with TightVNC Viewer or UltraVNC Viewer

  10. Steen says:

    If it happens your keyboard is all jumbled up, go to ssh and invoke the following command.
    “gconftool –set /desktop/gnome/peripherals/keyboard/kbd/layouts –type List –list-type String [aa]”
    Restart tightvncserver and it should work perfectly ;)

  11. jingren says:

    hello, i followed all the instruction as stated above.
    but i got a grey screen in my ultra vnc…
    i been google for several hours but i still can’t find a solution…
    hope u can help me out ><

  12. Mridul says:

    If you are seing gray window, then wse the following in the xstartup file instead of the one mentioned above..

    ——
    #!/bin/sh

    # Uncomment the following two lines for normal desktop:
    # unset SESSION_MANAGER
    # exec /etc/X11/xinit/xinitrc

    [ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
    #Comment out the next 2 lines if you see a grey screen when
    #logging in via VNC
    ##[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
    ##xsetroot -solid grey
    vncconfig -iconic &
    xterm -geometry 80×24+10+10 -ls -title “$VNCDESKTOP Desktop” &
    gnome-session &
    —-

  13. [...] http://news.metaparadigma.de/linux-s…nc-server-237/ You probably don't need to install Gnome, so you can skip step 4. [...]

  14. [...] Fatal IO error 11 (Resource temporarily unavailable) on X server :1.0. I followed this tutorial: http://news.metaparadigma.de/linux-s…nc-server-237/ It all went surprisingly smooth. It crash's/stops VNCServer and I have to delete 2 files to be [...]

  15. sotiris says:

    i want to use openbox instead of gnome and other “heavy” DE

  16. Uenal says:

    Work’s like a charm!
    Many thanks for this HOWTO.

  17. Alan says:

    hi, i have followed the above script to get vnc running on my alix 3d3 thin client and it does work very nicely.

    there is a problem, can the vnc server start when the alix thin client startsup.

    at the moment the only way i get vnc into the server is to run putty and ssh into the alix, then issue tightvncserver :1 to start the vnc server, then close putty and then i can vnc into the server, it seems a pointless waste of time. so can the server be configured to run the vncserver at boot up.

    thanks

  18. [...] [Linux] Setting Up a Debian VNC Server (via SSH tunnel) | incomplete-nooz [...]

  19. Sharon says:

    Thank you so much for the tip about the xstartup script for the grey screen. I have been struggling for days trying to figure out why I have installed on debian before and could not do it this time. With all the vnc desktops I’ve set up I thought that would be the easy part of the server and it became the hardest.

  20. zyg says:

    came for the tut … stayed for the music =D

    // comment: goooood :D make yourself comfy here. May I suggest a cold Pilsner Urquell or an old Scotch?

  21. Richard says:

    Thank you
    You help me :)

  22. unknown says:

    You are stupid monkey with you music on site! Turn off!

    // well thanks for you uber-politess. your comment speaks a lot about your mental state rather than about this our site. Bye…

  23. JusKubTej says:

    Osum tutorial, love it, love your music taste. ;-)

    // comment: Thanks a lot ;-)

  24. Ty says:

    This did not work for me, just like every other similar guide out there… Can anyone help me? I’m not new to this, just dont undertstand why it’s not working. I always just get a grey screen when i connect with a viewer… I’ve followed these instructions(minus the ssh tunneling cause the security isn’t needed) but still no luck.

    Any help would be greatly appreciated!!!

    Thanks.

  25. Ty says:

    I apologize, some awesome human being gave me this random bit for Xstartup:

    #!/bin/sh

    # Uncomment the following two lines for normal desktop:
    # unset SESSION_MANAGER
    # exec /etc/X11/xinit/xinitrc

    [ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
    #Comment out the next 2 lines if you see a grey screen when
    #logging in via VNC
    ##[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
    ##xsetroot -solid grey
    vncconfig -iconic &
    xterm -geometry 80×24+10+10 -ls -title “$VNCDESKTOP Desktop” &
    gnome-session &

    Now things appear to work like a charm! If you’re getting the grey screen like I was, I would suggest giving this a try. Couldn’t hurt:P

    Thanks again!

  26. It’s truly very complex in this full of activity life to listen news on Television, therefore I simply use internet for that
    purpose, and take the most up-to-date news.

Leave a Reply