How To Install VNC Server on Ubuntu 24.04 LTS

In this tutorial, we will show you how to install VNC Server on Ubuntu 24.04 LTS. Remote access to your Ubuntu system offers flexibility and convenience for system administrators, IT professionals, and everyday users. Virtual Network Computing (VNC) provides a graphical interface to your Ubuntu 24.04 LTS machine from anywhere in the world. This comprehensive guide will walk you through the entire process of installing, configuring, and securing a VNC server on Ubuntu’s latest LTS release.

Understanding VNC and Its Benefits

VNC (Virtual Network Computing) is a graphical desktop-sharing system that utilizes the Remote Frame Buffer protocol to control another computer remotely. It transmits keyboard and mouse events from one computer to another while relaying graphical screen updates in the opposite direction across a network connection.

What is VNC?

At its core, VNC is a platform-independent protocol that enables remote access to graphical user interfaces. It functions on a client-server model, where the VNC server runs on the computer you want to access, and the VNC client (or viewer) runs on the device you’re using to gain access.

How VNC Works

VNC works by capturing the screen of the host computer, compressing this information, and transmitting it to the client machine. Similarly, it captures input events from the client (keyboard presses, mouse movements) and sends them to the server for execution. This two-way communication creates a seamless remote desktop experience.

Benefits of Using VNC on Ubuntu

VNC offers numerous advantages for Ubuntu users:

• Remote system administration without physical access
• Technical support provision for distant users
• Access to GUI applications when SSH alone isn’t sufficient
• Cross-platform compatibility (Windows, macOS, Linux, mobile)
• Ability to work on your Ubuntu machine from anywhere

VNC vs. Other Remote Access Solutions

While SSH provides secure command-line access and RDP (Remote Desktop Protocol) offers a more integrated experience on Windows systems, VNC stands out for its platform independence and versatility. VNC may not deliver the performance of some proprietary solutions, but its open-source nature and wide compatibility make it an excellent choice for Linux environments.

Prerequisites

Before installing VNC on your Ubuntu 24.04 LTS system, ensure you have the following:

System Requirements

• A computer running Ubuntu 24.04 LTS (server or desktop edition)
• At least 1GB RAM (2GB or more recommended for smoother performance)
• Sufficient storage space (at least 10GB free)
• Processor with 1GHz or faster clock speed

User Privileges

You’ll need sudo privileges to install packages and configure system settings. All commands in this guide assume you have the necessary permissions.

Network Configuration

Your Ubuntu system should have:

• A stable internet connection for package installation
• A static IP address (recommended for server deployments)
• Network settings that allow VNC traffic (ports 5900-5909)

Firewall Considerations

If you’re using UFW (Uncomplicated Firewall) or another firewall solution, be prepared to configure it to allow VNC traffic. We’ll cover this in detail later in the guide.

Step 1: Preparing Your System

Proper preparation ensures a smooth VNC server installation. Let’s start by updating your system and installing a desktop environment if needed.

Updating System Packages

Always begin with a system update to ensure you have the latest packages and security patches:

sudo apt update
sudo apt upgrade -y

These commands refresh your package lists and upgrade installed packages to their latest versions.

Installing Desktop Environment Options

If you’re using Ubuntu Server without a GUI, you’ll need to install a desktop environment. Ubuntu 24.04 LTS offers several options:

• GNOME: Ubuntu’s default desktop environment, feature-rich but more resource-intensive
• XFCE: A lightweight desktop environment, perfect for remote access scenarios
• KDE Plasma: A customizable desktop environment with modern features

Recommended Desktop Environment for VNC

For VNC server installations, XFCE is often recommended due to its lightweight nature and responsiveness over remote connections. Install it with:

sudo apt install xfce4 xfce4-goodies -y

The xfce4-goodies package provides additional utilities and applications that enhance your XFCE experience.

If you prefer GNOME (Ubuntu’s default desktop), you can install it with:

sudo apt install ubuntu-gnome-desktop -y

However, note that GNOME might have compatibility issues with VNC when using Wayland. If you choose GNOME, you may need to disable Wayland, which we’ll address later.

Step 2: Installing VNC Server

With your system prepared, it’s time to install a VNC server. Several VNC server implementations are available for Ubuntu 24.04 LTS.

Choosing the Right VNC Server

The most popular options include:

• TigerVNC: A high-performance, robust VNC server with active development
• TightVNC: An efficient VNC server focused on bandwidth optimization
• x11vnc: Useful for sharing existing desktop sessions

For this guide, we’ll focus on TigerVNC, which offers an excellent balance of features, performance, and compatibility with Ubuntu 24.04 LTS.

Installing TigerVNC

Install TigerVNC server with:

sudo apt install tigervnc-standalone-server tigervnc-common -y

This command installs the server and common components required for TigerVNC to function properly.

Package Dependencies

During installation, apt will automatically resolve and install dependencies. These might include X server components, authentication libraries, and other supporting packages. The installation process typically completes within a few minutes, depending on your internet connection speed.

Verification of Installation

Verify that TigerVNC was installed correctly by checking its version:

vncserver --version

This command should display the installed version of TigerVNC, confirming successful installation.

Step 3: Configuring VNC Server

Proper configuration is crucial for a secure and functional VNC server. Let’s set up authentication and create necessary configuration files.

Setting Up VNC Password

First, set a password for VNC access:

vncpasswd

You’ll be prompted to enter and confirm a password. This password will be required when connecting to your VNC server. For security reasons, choose a strong, unique password different from your system password.

Optionally, you can create a view-only password when prompted. This allows you to give limited access to certain users.

Creating Configuration Files

Start VNC server once to generate the initial configuration files:

vncserver

This creates a .vnc directory in your home folder and populates it with default configuration files.

Now stop the server to modify these files:

vncserver -kill :1

The “:1” refers to the display number. If you started multiple servers, you might need to adjust this number.

The xstartup File

The xstartup file controls which desktop environment launches when you connect to VNC. Edit this file:

nano ~/.vnc/xstartup

For XFCE, replace the contents with:

#!/bin/sh
xrdb $HOME/.Xresources
startxfce4 &

Save the file (Ctrl+O, then Enter) and exit (Ctrl+X).

Make the file executable:

chmod +x ~/.vnc/xstartup

Configuration for Different Desktop Environments

For GNOME Desktop Environment, if installed:

#!/bin/sh
xrdb $HOME/.Xresources
export XKL_XMODMAP_DISABLE=1
/etc/X11/Xsession
gnome-session &

For KDE Plasma Desktop Environment, if installed:

#!/bin/sh
xrdb $HOME/.Xresources
export XKL_XMODMAP_DISABLE=1
/etc/X11/Xsession
startplasma-x11 &

These configurations ensure that the correct desktop environment starts when you connect to your VNC session.

Step 4: Starting and Managing VNC Server

Now that you’ve configured your VNC server, let’s start it and learn how to manage VNC sessions effectively.

Starting VNC Server Manually

Start your VNC server with:

vncserver -localhost no

The -localhost no option allows connections from external machines. Without this option, only connections from the local machine would be permitted.

You should see output similar to:

New 'X' desktop is your_hostname:1

This indicates that the VNC server is running on display :1 (typically port 5901).

Display Numbers and Port Assignments

VNC servers use display numbers that correspond to specific network ports:

• Display :1 corresponds to port 5901
• Display :2 corresponds to port 5902
• And so on…

The port number is calculated as 5900 + display number.

VNC Server Parameters and Options

TigerVNC offers numerous command-line options to customize your server:

• -geometry WIDTHxHEIGHT: Sets the screen resolution
• -depth DEPTH: Sets the color depth (16, 24, etc.)
• -localhost yes/no: Controls whether remote connections are allowed
• -name NAME: Sets a name for the desktop session

Example with multiple options:

vncserver -geometry 1920x1080 -depth 24 -name "Ubuntu Remote Desktop" -localhost no :1

This starts a VNC server with Full HD resolution, 24-bit color depth, a custom name, and allows remote connections.

Stopping VNC Sessions

To stop a VNC session:

vncserver -kill :1

Replace “:1” with the appropriate display number if needed.

Autostarting VNC Server at Boot

For a persistent VNC server that starts automatically at boot, create a systemd service:

sudo nano /etc/systemd/system/vncserver@.service

Add the following content:

[Unit]
Description=Start TigerVNC server at startup
After=syslog.target network.target

[Service]
Type=forking
User=your_username
Group=your_username
WorkingDirectory=/home/your_username

PIDFile=/home/your_username/.vnc/%H:%i.pid
ExecStartPre=-/usr/bin/vncserver -kill :%i > /dev/null 2>&1
ExecStart=/usr/bin/vncserver -depth 24 -geometry 1920x1080 -localhost no :%i
ExecStop=/usr/bin/vncserver -kill :%i

[Install]
WantedBy=multi-user.target

Replace “your_username” with your actual username.

Enable and start the service:

sudo systemctl daemon-reload
sudo systemctl enable vncserver@1.service
sudo systemctl start vncserver@1.service

This creates a service that starts VNC server on display :1 at system boot.

Step 5: Configuring the Firewall

Properly configuring your firewall is essential for both security and functionality of your VNC server.

Understanding VNC Ports

As mentioned earlier, VNC uses ports starting at 5900:

• Display :1 uses port 5901
• Display :2 uses port 5902
• And so on

You’ll need to allow traffic on these ports through your firewall.

UFW Configuration

If you’re using UFW (Uncomplicated Firewall), allow VNC traffic with:

sudo ufw allow 5901/tcp

If you’re using multiple displays, you may need to allow additional ports:

sudo ufw allow 5901:5905/tcp

This allows traffic on ports 5901 through 5905, accommodating displays :1 through :5.

IPTables Configuration

If you’re using IPTables directly, allow VNC traffic with:

sudo iptables -A INPUT -p tcp --dport 5901 -j ACCEPT

To make these rules persistent, save them:

sudo apt install iptables-persistent
sudo netfilter-persistent save

Verifying Firewall Rules

Check your UFW rules with:

sudo ufw status

Or for IPTables:

sudo iptables -L

These commands display your current firewall rules, allowing you to verify that VNC ports are properly allowed.

Step 6: Connecting to Your VNC Server

With your VNC server running and firewall configured, it’s time to connect from a client device.

VNC Client Options

Various VNC clients are available for different platforms:

• Linux: TigerVNC Viewer, Remmina
• Windows: TightVNC Viewer, RealVNC Viewer
• macOS: RealVNC Viewer, Screen Sharing (built-in)
• Mobile: VNC Viewer (available for Android and iOS)

Connection Methods

You can connect directly to your VNC server using its IP address and display number:

your_server_ip:1

For example, if your server’s IP is 192.168.1.100 and you’re using display :1, you would connect to:

192.168.1.100:1

Some clients might require the full format with port number:

192.168.1.100:5901

Authentication Process

When connecting, you’ll be prompted for the VNC password you set earlier. Enter it to access your remote desktop. If you set up a view-only password, you can choose which one to use depending on your needs.

Troubleshooting Connection Issues

If you encounter connection problems:

1. Check that the VNC server is running: vncserver -list
2. Verify firewall settings: sudo ufw status
3. Ensure the correct IP and port are being used
4. Check network connectivity: ping your_server_ip
5. Review VNC server logs in ~/.vnc/hostname:display.log

Security Considerations

VNC wasn’t designed with strong security in mind, so additional measures are necessary to protect your remote desktop.

VNC Security Limitations

Standard VNC has several security limitations:

• Password authentication can be vulnerable to brute force attacks
• Traffic is unencrypted by default, potentially exposing your data
• No built-in encryption for the data stream

Implementing SSH Tunneling

SSH tunneling provides encryption for VNC connections. On your client machine:

ssh -L 5901:localhost:5901 username@your_server_ip

Then connect your VNC client to:

localhost:5901

This routes VNC traffic through an encrypted SSH tunnel.

For this method, start your VNC server with:

vncserver -localhost yes

The yes parameter ensures that the VNC server only accepts connections from localhost, forcing external connections through SSH.

Using VNC Over SSL/TLS

For additional security, you can encrypt VNC traffic using SSL/TLS:

1. Generate certificates:

   mkdir -p ~/.vnc/certs
   cd ~/.vnc/certs
   openssl req -x509 -newkey rsa:4096 -days 365 -nodes -keyout key.pem -out cert.pem

2. Start VNC with encryption:

   vncserver -SecurityTypes TLSVnc -X509Key ~/.vnc/certs/key.pem -X509Cert ~/.vnc/certs/cert.pem

Limited User Accounts

Create a separate user account specifically for VNC access:

sudo adduser vncuser
sudo usermod -aG sudo vncuser

This limits potential damage if your VNC credentials are compromised.

Strong Password Policies

Use strong, unique passwords for VNC access. Consider:

• Minimum 12 characters
• Mix of uppercase, lowercase, numbers, and symbols
• Regular password rotation
• Different passwords for VNC and system accounts

Two-Factor Authentication Options

For enhanced security, implement two-factor authentication (2FA) for SSH access, which secures the tunnel used for VNC:

sudo apt install libpam-google-authenticator
google-authenticator

Follow the prompts to set up 2FA for SSH, which will protect your VNC tunnel access.

Advanced Configuration

Once you have a basic VNC server running, you can explore advanced configurations to enhance your remote desktop experience.

Multiple VNC Sessions

You can run multiple VNC sessions with different display numbers:

vncserver :1
vncserver :2

Each session can have different configurations, allowing you to tailor them for specific needs or users.

Resolution and Display Quality Settings

Customize display settings to balance quality and performance:

vncserver -geometry 1920x1080 -depth 24 :1

Lower resolution and color depth improve performance on slow connections:

vncserver -geometry 1280x720 -depth 16 :1

Clipboard Sharing Configuration

Enable clipboard sharing to copy text between your local and remote machines:

vncserver -AllowClipboardTransfer=yes :1

This allows you to copy text on your local machine and paste it on the remote desktop, and vice versa.

File Transfer Capabilities

Some VNC implementations support file transfers. For TigerVNC, you can enable this with:

vncserver -AllowFileDrag=true :1

This allows dragging files between your local and remote systems, though performance may vary depending on connection speed.

Session Recording

For auditing or training purposes, you can record VNC sessions:

vncserver -record record.vnc :1

These recordings can be played back later using:

vncviewer -play record.vnc

Resource Limitations

Limit CPU and memory usage to prevent VNC from overwhelming your server:

vncserver -IdleTimeout=3600 :1

This example automatically disconnects idle sessions after one hour (3600 seconds), freeing up system resources.

Troubleshooting Common Issues

Even with careful setup, you might encounter issues with your VNC server. Here are solutions to common problems.

Black or Gray Screen Issues

If you see a black or gray screen after connecting:

1. Check your xstartup file for errors:

   cat ~/.vnc/xstartup

2. Ensure the desktop environment is installed:

   sudo apt install xfce4 xfce4-goodies -y

3. Try a different desktop environment in your xstartup file.

Authentication Failures

If you can’t authenticate:

1. Reset your VNC password:

   vncpasswd

2. Check permissions on the password file:

   chmod 600 ~/.vnc/passwd

3. Verify you’re using the correct password.

Desktop Environment Problems

For issues with specific desktop environments:

1. For GNOME issues with Ubuntu 24.04, disable Wayland:

   sudo nano /etc/gdm3/custom.conf

   Uncomment the line: WaylandEnable=false
   Then restart your system.

2. Check if running as root causes issues. If so, create and use a regular user account instead.

Performance Optimization

For slow performance:

1. Reduce resolution and color depth:

   vncserver -kill :1
   vncserver -geometry 1280x720 -depth 16 :1

2. Use a lightweight desktop like XFCE instead of GNOME or KDE.
3. Consider compression options:

   vncserver -CompressLevel 9 -QualityLevel 5 :1

   Higher CompressLevel (1-9) increases CPU usage but reduces bandwidth. Lower QualityLevel (0-9) reduces quality but improves performance.

Log File Analysis

When troubleshooting, check VNC log files:

cat ~/.vnc/hostname:1.log

Look for error messages that might indicate the source of problems.

Reinstallation and Reset Procedures

If all else fails, you can completely reinstall:

1. Remove VNC and configuration:

   sudo apt purge tigervnc-standalone-server tigervnc-common
   rm -rf ~/.vnc

2. Reinstall following the steps in this guide.

Congratulations! You have successfully installed VNC Server. Thanks for using this tutorial for installing the VNC Server on the Ubuntu 24.04 LTS system. For additional help or useful information, we recommend you check the official TigerVNC website.