RHEL BasedRocky Linux

How To Install VNC Server on Rocky Linux 10

r00t

Install VNC Server on Rocky Linux 10

Virtual Network Computing (VNC) represents a powerful remote desktop solution that enables administrators and users to access graphical desktop environments over network connections. This technology has become essential for modern IT infrastructure management, providing seamless remote access capabilities across diverse computing environments.

TigerVNC stands out as the preferred VNC implementation for Rocky Linux 10, offering superior performance, enhanced security features, and robust multi-session support. The software enables remote desktop access through an intuitive client-server architecture that transmits screen data efficiently over network protocols.

This comprehensive guide walks you through the complete installation and configuration process of VNC Server on Rocky Linux 10. You’ll learn essential security practices, troubleshooting techniques, and optimization strategies to ensure reliable remote access functionality. The tutorial covers everything from basic installation to advanced security configurations, making it suitable for system administrators, IT professionals, and developers seeking reliable remote desktop solutions.

By following these detailed instructions, you’ll establish a secure, high-performance VNC server environment that supports multiple users while maintaining system security and optimal performance standards.

Table of Contents

Prerequisites and System Requirements

Hardware Requirements

Rocky Linux 10 VNC server installation requires specific hardware specifications to ensure optimal performance. Your system needs a minimum of 2GB RAM, though 4GB is recommended for smooth operation with graphical desktop environments. Adequate disk space is crucial – allocate at least 20GB of free storage space for the operating system, desktop environment packages, and user data.

CPU performance directly impacts VNC session responsiveness. Modern multi-core processors provide better concurrent user support and faster screen refresh rates. Network connectivity forms the backbone of VNC functionality, requiring stable internet or local network connections with sufficient bandwidth for remote desktop data transmission.

Software Prerequisites

Verify your Rocky Linux 10 installation completeness before proceeding with VNC server setup. The system must have active internet connectivity for package downloads and updates. Root access or sudo privileges are mandatory for installing system packages and configuring services.

Essential packages should include the basic development tools and desktop environment components. Most Rocky Linux 10 installations come with necessary base packages, but you may need to install additional desktop environment packages depending on your requirements.

Network and Security Prerequisites

Firewall configuration readiness ensures smooth VNC server deployment. Rocky Linux 10 uses firewalld by default, which requires specific port configurations for VNC access. The standard VNC port range spans from 5900 to 5909, with each display number corresponding to a specific port (display :1 uses port 5901, display :2 uses port 5902, and so forth).

SSH access verification enables secure remote administration and tunneling capabilities. VPN considerations become important for enterprise environments where direct internet access to VNC ports poses security risks. Plan your network topology carefully to balance accessibility with security requirements.

User Account Preparation

Creating dedicated VNC user accounts enhances security and system organization. Each user requiring VNC access should have a properly configured system account with appropriate home directory permissions. Consider implementing a naming convention for VNC users to maintain consistency across your infrastructure.

Multiple user access scenarios require careful planning of display number assignments and resource allocation. Each user session consumes system resources, so calculate your server capacity accordingly.

Understanding VNC Technology

VNC Protocol Fundamentals

The Remote Frame Buffer (RFB) protocol serves as the foundation for VNC communication, enabling the transmission of desktop screen data between client and server systems. This protocol operates through a client-server architecture where the VNC server captures desktop screen updates and transmits them to connected clients in real-time.

VNC technology works by encoding screen changes into compressed data packets that travel across network connections. The client receives these packets and reconstructs the desktop display, creating a seamless remote desktop experience. Understanding this fundamental process helps optimize VNC configurations for specific use cases.

TigerVNC Advantages

TigerVNC offers significant performance improvements over traditional VNC implementations through advanced compression algorithms and optimized data transmission protocols. The software provides robust security features including built-in authentication mechanisms and support for encrypted connections through SSH tunneling.

Cross-platform compatibility ensures TigerVNC clients can connect from Windows, macOS, and Linux systems without compatibility issues. Multi-session support allows multiple users to maintain concurrent VNC sessions on a single server, making it ideal for shared development environments and administrative tasks.

Common Use Cases

Remote system administration represents the primary use case for VNC servers, enabling administrators to manage headless servers or systems located in remote data centers. Technical support teams utilize VNC for troubleshooting user systems and providing real-time assistance without physical presence.

Development environments benefit from VNC when team members need access to shared resources, specialized software, or consistent development configurations. Server management becomes more efficient when administrators can access graphical management interfaces without requiring physical console access.

Security Considerations Overview

VNC security requires careful attention to authentication mechanisms and network protection strategies. Built-in password authentication provides basic security, while integration with system authentication offers enhanced user management capabilities. Network security considerations include firewall configuration, VPN integration, and SSH tunneling for encrypted connections.

Installing TigerVNC Server

System Updates and Preparation

Begin the installation process by updating your Rocky Linux 10 system to ensure all packages are current and security patches are applied. Execute the following command to update system packages:

sudo dnf update -y

This command downloads and installs the latest package versions, security updates, and system improvements. The update process may take several minutes depending on your system’s current state and available updates.

Verify your Rocky Linux 10 repository configuration to ensure package availability. The default repositories should include the necessary TigerVNC packages, but enterprise environments may require additional repository configuration.

TigerVNC Server Installation Process

Install the TigerVNC server package using the DNF package manager with the following command:

sudo dnf install tigervnc-server -y

The installation process automatically resolves package dependencies and installs required supporting libraries. DNF displays progress information and confirms successful installation completion.

Verify the installation by checking the installed TigerVNC version:

vncserver -version

This command displays version information and confirms successful installation. The output should show TigerVNC version details and build information.

Additional Package Installation

Desktop environment packages are essential for providing graphical interfaces through VNC connections. Install the GNOME desktop environment using:

sudo dnf groupinstall "GNOME Desktop Environment" -y

Alternatively, install the lightweight XFCE desktop environment for better performance:

sudo dnf groupinstall "Xfce Desktop" -y

XFCE provides excellent performance for VNC sessions with lower resource consumption compared to full-featured desktop environments like GNOME or KDE.

Post-Installation Verification

Confirm TigerVNC server installation by checking service availability in systemd:

systemctl list-unit-files | grep vnc

This command displays available VNC-related systemd services and their current states. Look for vncserver service files that will be used for service management.

Verify the installation directory structure and configuration file locations:

ls -la /etc/tigervnc/

This directory contains system-wide VNC configuration files and templates that will be used for individual user configurations.

Initial Configuration

VNC Server Configuration Files

The TigerVNC configuration system utilizes several key files located in the /etc/tigervnc/ directory. The primary configuration file vncserver.users maps display numbers to specific user accounts, establishing the foundation for multi-user VNC access.

Configuration file hierarchy follows a specific precedence order, with user-specific configurations overriding system-wide settings. Understanding this hierarchy helps troubleshoot configuration issues and optimize individual user experiences.

User Display Assignment

Configure user display assignments by editing the /etc/tigervnc/vncserver.users file:

sudo nano /etc/tigervnc/vncserver.users

Add user assignments using the format :display_number=username. For example:

:1=alice
:2=bob
:3=charlie

Each display number corresponds to a specific TCP port calculated by adding 5900 to the display number. Display :1 uses port 5901, display :2 uses port 5902, and so forth.

Basic VNC Server Settings

Create individual user configuration files to customize VNC server behavior. Each user should have a .vnc directory in their home folder containing configuration files:

mkdir -p ~/.vnc

Create a configuration file ~/.vnc/config with basic settings:

session=gnome-session
geometry=1920x1080
depth=24

These settings configure the desktop session type, screen resolution, and color depth for optimal display quality and performance.

VNC Password Configuration

Set up VNC passwords for each user account by running the vncpasswd command:

vncpasswd

The command prompts for a VNC password and optionally a view-only password. VNC passwords are stored in encrypted format within the user’s .vnc directory.

Strong password practices apply to VNC authentication. Use complex passwords with mixed characters, numbers, and symbols to enhance security. Consider implementing password rotation policies for enterprise environments.

Configuration File Customization

Advanced configuration options allow fine-tuning of VNC server behavior. Edit the ~/.vnc/config file to include additional parameters:

geometry=1920x1080
depth=24
desktop=Rocky Linux 10
alwaysshared=1
nevershared=0

These settings configure screen geometry, color depth, desktop name, and session sharing options. Adjust parameters based on your specific requirements and network conditions.

User Setup and Authentication

Creating VNC Users

Establish dedicated user accounts for VNC access to maintain security and organization. Create new user accounts using the useradd command:

sudo useradd -m vncuser1
sudo passwd vncuser1

The -m flag creates the user’s home directory automatically. Set strong passwords for user accounts to maintain system security.

Configure user account properties including shell assignment and group membership:

sudo usermod -s /bin/bash vncuser1
sudo usermod -aG wheel vncuser1

These commands assign the bash shell and add the user to the wheel group for sudo access if required.

VNC Password Management

Each VNC user must configure individual VNC passwords using the vncpasswd utility. Switch to the user account and run:

su - vncuser1
vncpasswd

The utility prompts for a VNC password (maximum 8 characters) and an optional view-only password. View-only passwords allow connection viewing without input capabilities.

VNC passwords are stored in the ~/.vnc/passwd file in encrypted format. Protect this file with appropriate permissions:

chmod 600 ~/.vnc/passwd

Authentication Methods

TigerVNC supports multiple authentication methods including traditional VNC authentication and system-based authentication. Configure authentication types in the VNC server configuration:

echo "authentication=vncauth" >> ~/.vnc/config

Advanced authentication options include integration with system authentication mechanisms and support for external authentication systems in enterprise environments.

User Permission Configuration

Set appropriate file permissions for VNC directories and configuration files to maintain security:

chmod 700 ~/.vnc
chmod 600 ~/.vnc/config
chmod 600 ~/.vnc/passwd

These permissions ensure only the user account can access VNC configuration files and passwords.

Desktop Environment Configuration

Desktop Environment Selection

Choose an appropriate desktop environment based on performance requirements and user preferences. GNOME provides a full-featured desktop experience with modern interface elements, while XFCE offers lightweight performance ideal for VNC sessions.

Performance considerations favor lightweight desktop environments for VNC usage. XFCE typically provides better responsiveness over network connections compared to resource-intensive environments like GNOME or KDE.

GNOME Configuration for VNC

Configure GNOME desktop environment for VNC compatibility by creating a startup script in ~/.vnc/xstartup:

#!/bin/bash
unset SESSION_MANAGER
unset DBUS_SESSION_BUS_ADDRESS
export XDG_SESSION_TYPE=x11
export GNOME_SHELL_SESSION_MODE=classic
gnome-session --session=gnome-classic &

Make the script executable:

chmod +x ~/.vnc/xstartup

XFCE Setup and Optimization

XFCE configuration for VNC requires a different startup script approach. Create ~/.vnc/xstartup with XFCE session commands:

#!/bin/bash
unset SESSION_MANAGER
unset DBUS_SESSION_BUS_ADDRESS
startxfce4 &

XFCE provides excellent performance for VNC sessions with minimal resource consumption and fast screen refresh rates.

Wayland vs. Xorg Considerations

VNC requires Xorg display server compatibility, as Wayland doesn’t support traditional VNC protocols. Disable Wayland by editing the GDM configuration:

sudo nano /etc/gdm/custom.conf

Add the following lines:

[daemon]
WaylandEnable=false

This configuration forces the system to use Xorg display server, ensuring VNC compatibility.

Systemd Service Configuration

Understanding VNC Systemd Services

Rocky Linux 10 uses systemd for service management, replacing traditional init scripts with modern service unit files. VNC services utilize template units that support multiple instances for different display numbers and users.

Service template files are located in /lib/systemd/system/ and can be customized for specific deployments. Understanding systemd service management is crucial for reliable VNC server operation.

Creating VNC Service Files

Copy the VNC service template to create user-specific service files:

sudo cp /lib/systemd/system/vncserver@.service /etc/systemd/system/vncserver@:1.service

Edit the service file to specify user information:

sudo nano /etc/systemd/system/vncserver@:1.service

Update the service file with appropriate user information and display settings.

Service Configuration and Management

Reload systemd configuration after creating service files:

sudo systemctl daemon-reload

Enable the VNC service for automatic startup:

sudo systemctl enable vncserver@:1.service

Start the VNC service:

sudo systemctl start vncserver@:1.service

Check service status to verify successful operation:

sudo systemctl status vncserver@:1.service

Multi-User Service Setup

Create separate service files for multiple users by copying the template and customizing each instance:

sudo cp /lib/systemd/system/vncserver@.service /etc/systemd/system/vncserver@:2.service
sudo cp /lib/systemd/system/vncserver@.service /etc/systemd/system/vncserver@:3.service

Edit each service file to specify the appropriate user and display settings for multi-user environments.

Firewall Configuration

Rocky Linux Firewall Overview

Rocky Linux 10 utilizes firewalld as the default firewall management system, providing dynamic firewall configuration with support for network zones and service definitions. Understanding firewalld concepts is essential for configuring VNC access securely.

The default firewall configuration blocks VNC ports, requiring specific rules to allow VNC client connections. Proper firewall configuration balances security with functionality.

Opening VNC Ports

Add VNC service to the firewall configuration:

sudo firewall-cmd --add-service=vnc-server --permanent

Alternatively, open specific VNC port ranges:

sudo firewall-cmd --add-port=5901-5910/tcp --permanent

Reload firewall configuration to apply changes:

sudo firewall-cmd --reload

Port Range Management

VNC uses a predictable port numbering system where display numbers correspond to specific TCP ports. Plan your port usage carefully to avoid conflicts with other services.

Configure custom port ranges based on your user requirements and security policies. Limit port ranges to minimize the attack surface while providing necessary functionality.

Security Zone Configuration

Configure firewall zones to restrict VNC access to specific network segments:

sudo firewall-cmd --zone=internal --add-service=vnc-server --permanent

This command allows VNC access only from the internal network zone, enhancing security by restricting remote access.

Security Considerations

VNC Security Fundamentals

VNC protocol security limitations require additional measures to ensure safe remote access. Traditional VNC transmits screen data and authentication information without encryption, making SSH tunneling essential for secure deployments.

Implement layered security approaches combining strong authentication, network controls, and encryption to protect VNC communications effectively.

SSH Tunneling Implementation

Create secure SSH tunnels for VNC connections using local port forwarding:

ssh -L 5901:localhost:5901 username@server_ip

This command creates an encrypted tunnel from your local port 5901 to the server’s VNC port 5901, protecting all VNC traffic through SSH encryption.

Configure SSH key-based authentication for enhanced security:

ssh-keygen -t rsa -b 4096
ssh-copy-id username@server_ip

Authentication Strengthening

Implement strong VNC password policies requiring complex passwords with regular rotation schedules. Consider integrating VNC authentication with existing identity management systems for centralized user control.

Multi-factor authentication can be implemented at the SSH level when using SSH tunneling, providing additional security layers for VNC access.

Network Security Measures

VPN integration provides secure remote access for VNC connections over untrusted networks. Configure VPN access policies to restrict VNC connectivity to authorized users and networks.

Network segmentation strategies isolate VNC servers from critical systems, limiting potential security impact from compromised VNC sessions.

Connecting to VNC Server

VNC Client Installation

Install TigerVNC client on Rocky Linux systems:

sudo dnf install tigervnc

Alternative VNC clients include UltraVNC for Windows systems and RealVNC for cross-platform compatibility. Choose clients based on your operating system and feature requirements.

Basic Connection Process

Connect to VNC server using the vncviewer command:

vncviewer server_ip:1

This command connects to display :1 on the specified server. The client prompts for the VNC password configured during server setup.

Connection String Formats

VNC connection strings support multiple formats for server addressing:

  • IP address with display: 192.168.1.100:1
  • Hostname with display: server.example.com:1
  • Full port specification: 192.168.1.100:5901

Choose the format that best matches your network configuration and naming conventions.

Client Configuration Options

Configure VNC client display settings for optimal performance:

vncviewer -FullScreen -Quality 6 server_ip:1

Common client options include full-screen mode, quality settings, and compression levels. Adjust these parameters based on your network conditions and performance requirements.

SSH Tunneling for Secure Access

SSH Tunnel Setup Process

Establish SSH tunnels for secure VNC connections by configuring local port forwarding. Create the tunnel before connecting VNC clients:

ssh -L 5901:localhost:5901 -N username@server_ip

The -N flag prevents SSH from executing remote commands, creating a dedicated tunnel for VNC traffic.

Tunnel Configuration Options

Configure persistent SSH tunnels with automatic reconnection capabilities:

ssh -L 5901:localhost:5901 -o ServerAliveInterval=60 -o ServerAliveCountMax=3 username@server_ip

These options maintain tunnel connectivity and automatically reconnect if the connection is lost.

Security Benefits

SSH tunneling provides end-to-end encryption for VNC communications, protecting against network eavesdropping and man-in-the-middle attacks. The tunnel encrypts all VNC traffic including authentication credentials and screen data.

Remote Access Scenarios

Configure SSH tunnels for internet-based VNC access by connecting through intermediate SSH servers or bastion hosts. This approach enables secure remote access without exposing VNC ports directly to the internet.

Troubleshooting Common Issues

Connection Problems

VNC server connectivity issues often stem from firewall configuration, service status, or network problems. Verify service status using systemctl commands and check firewall rules for proper port access.

Network connectivity troubleshooting includes ping tests, port scanning, and network route verification. Use telnet or nc commands to test port accessibility:

telnet server_ip 5901

Service Management Issues

Systemd service startup problems require log analysis and configuration review. Check service logs for error messages:

journalctl -u vncserver@:1.service

Common issues include user permission problems, missing configuration files, and desktop environment conflicts.

Display and Desktop Issues

Desktop environment loading problems often result from missing packages, configuration errors, or permission issues. Verify desktop environment installation and user home directory permissions.

Resolution and scaling issues can be addressed through VNC configuration file adjustments and client-side display settings.

Performance Optimization

Optimize VNC performance by adjusting compression settings, reducing color depth, and selecting appropriate desktop environments. Monitor system resources to identify bottlenecks:

top -u vncuser1

Performance Optimization

Desktop Environment Optimization

Choose lightweight desktop environments like XFCE or LXDE for optimal VNC performance. Disable visual effects, animations, and unnecessary desktop components to reduce network traffic and improve responsiveness.

Configure desktop themes for minimal resource usage while maintaining usability. Simple themes with basic graphics provide better performance over network connections.

Network Performance Tuning

Optimize network settings for VNC traffic by adjusting TCP buffer sizes and connection parameters. Configure quality of service (QoS) rules to prioritize VNC traffic on congested networks.

Compression settings balance image quality with network performance. Experiment with different compression levels to find optimal settings for your network conditions.

Server Resource Management

Monitor server resources to ensure adequate CPU, memory, and network capacity for VNC sessions. Use system monitoring tools to track resource usage:

htop
iotop
nethogs

VNC Server Configuration Tuning

Fine-tune VNC server parameters for optimal performance:

echo "geometry=1024x768" >> ~/.vnc/config
echo "depth=16" >> ~/.vnc/config
echo "desktop=Rocky Linux VNC" >> ~/.vnc/config

Lower resolution and color depth settings improve performance on slower network connections.

Advanced Configuration Options

Custom VNC Configuration

Advanced VNC configurations support custom display settings, session management, and integration with existing systems. Create sophisticated startup scripts for complex desktop environments.

Implement configuration management tools like Ansible or Puppet for large-scale VNC deployments, ensuring consistent configurations across multiple servers.

Multi-Session Management

Configure VNC for multiple concurrent sessions with resource isolation and user management. Implement session sharing capabilities for collaborative work environments.

Resource allocation strategies ensure fair distribution of system resources among multiple VNC users while maintaining system stability.

Automation and Scripting

Develop automation scripts for VNC server management, user provisioning, and maintenance tasks. Create monitoring scripts to track VNC server health and performance metrics.

Integration with configuration management systems enables automated VNC deployment and maintenance in enterprise environments.

Maintenance and Best Practices

Regular Maintenance Tasks

Establish regular maintenance schedules for VNC server updates, security patches, and performance monitoring. Keep TigerVNC software updated to latest versions for security and feature improvements.

Log rotation and cleanup procedures prevent disk space issues and maintain system performance. Configure logrotate for VNC-related log files.

Security Maintenance

Implement regular security audits for VNC installations, including password strength verification, access control reviews, and network security assessments.

Monitor VNC connections for suspicious activity and implement alerting systems for security events. Regular security updates ensure protection against newly discovered vulnerabilities.

Backup and Recovery

Create backup procedures for VNC configurations, user settings, and system configurations. Test recovery procedures regularly to ensure business continuity.

Document configuration changes and maintain change control processes for VNC infrastructure modifications.

Long-term Strategy

Plan for scalability and growth in VNC usage, considering server capacity, network bandwidth, and user support requirements. Evaluate new technologies and features that may enhance VNC deployments.

Congratulations! You have successfully installed VNC Server. Thanks for using this tutorial for installing the VNC Server on your Rocky Linux 10 system. For additional help or useful information, we recommend you check the official VNC website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!
Tags
r00t
Photo of r00t

r00t

r00t is an experienced Linux enthusiast and technical writer with a passion for open-source software. With years of hands-on experience in various Linux distributions, r00t has developed a deep understanding of the Linux ecosystem and its powerful tools. He holds certifications in SCE and has contributed to several open-source projects. r00t is dedicated to sharing her knowledge and expertise through well-researched and informative articles, helping others navigate the world of Linux with confidence.
Copyright © 2025 idroot.us | All Rights Reserved | Follow us for more Linux tutorials!
Back to top button