How to Install and Configure VNC on Ubuntu
Posted: Mon May 11, 2026 10:07 pm
Virtual Network Computing,
or VNC, is a connection system that allows you to use your keyboard and
mouse to interact with a graphical desktop environment on a remote
server. This method provides a user-friendly way to manage files,
software, and settings on a remote machine, which is useful for users
who are not yet comfortable with the command line.
In this guide, you’ll set up a VNC server with TightVNC on an Ubuntu server and connect to it securely through an SSH tunnel.
Then, you’ll use a VNC client program on your local machine to interact
with your server through a graphical desktop environment.
Key Takeaways:
To complete this tutorial, you’ll need:
[*]A local computer with a VNC client installed. The VNC client you use must support connections over SSH tunnels:
Step 1 — Installing the Desktop Environment and VNC Serverhttps://www.digitalocean.com/community/ ... vnc-server
By default, an Ubuntu server does not come with a graphical desktop
environment or a VNC server installed, so you’ll begin by installing
those.
You have many options when it comes to which VNC server and desktop
environment you choose. In this tutorial, you will install packages for
the latest Xfce
desktop environment and the TightVNC package available from the
official Ubuntu repository. Both Xfce and TightVNC are known for being
lightweight and fast, which will help ensure that the VNC connection
will be smooth and stable even on slower internet connections.
After connecting to your server with [ update your list of packages:
Now install Xfce along with the
package, which contains a few enhancements for the desktop environment:
During installation, you may be prompted to choose a default display
manager for Xfce. A display manager is a program that allows you to
select and log in to a desktop environment through a graphical
interface. You’ll only be using Xfce when you connect with a VNC client,
and in these Xfce sessions you’ll already be logged in as your non-root
Ubuntu user. So for the purposes of this tutorial, your choice of
display manager isn’t pertinent. Select either one and press
.
Once that installation completes, install the TightVNC server:
Next, run the
command to set a VNC access password, create the initial configuration files, and start a VNC server instance:
You’ll be prompted to enter and verify a password to access your machine remotely:
The password must be between six and eight characters long. Passwords more than 8 characters will be truncated automatically.
Once you verify the password, you’ll have the option to create a
view-only password. Users who log in with the view-only password will
not be able to control the VNC instance with their mouse or keyboard.
This is a helpful option if you want to demonstrate something to other
people using your VNC server, but this isn’t required.
The process then creates the necessary default configuration files
and connection information for the server. Additionally, it launches a
default server instance on port
. This port is called a display port, and is referred to by VNC as
. VNC can launch multiple instances on other display ports, with
referring to port
,
referring to
, and so on:
Note that if you ever want to change your password or add a view-only password, you can do so with the
command:
At this point, the VNC server is installed and running. Now let’s
configure it to launch Xfce and give us access to the server through a
graphical interface.
Step 2 — Configuring the VNC Serverhttps://www.digitalocean.com/community/ ... vnc-server
The VNC server needs to know which commands to execute when it starts
up. Specifically, VNC needs to know which graphical desktop environment
it should connect to.
The commands that the VNC server runs at startup are located in a configuration file called
in the
folder under your home directory. The startup script was created when you ran the
command in the previous step, but you’ll create your own to launch the Xfce desktop.
Because you are going to be changing how the VNC server is
configured, first stop the VNC server instance that is running on port
with the following command:
The output will look like this, although you’ll see a different PID:
Before you modify the
file, back up the original:
Now create a new
file and open it in a text editor, such as
:
Then add the following lines to the file:
The first line is a shebang.
In executable plain-text files on *nix platforms, a shebang tells the
system what interpreter to pass that file to for execution. In this
case, you’re passing the file to the Bash interpreter. This will allow
each successive line to be executed as commands, in order.
The first command in the file,
, tells VNC’s GUI framework to read the server user’s
file.
is where a user can make changes to certain settings of the graphical
desktop, like terminal colors, cursor themes, and font rendering. The
second command tells the server to launch Xfce. Whenever you start or
restart the VNC server, these commands will execute automatically.
Save and close the file after adding these lines. If you used
, do so by pressing
,
, then
.
To ensure that the VNC server will be able to use this new startup file properly, you’ll need to make it executable:
Then restart the VNC server:
Notice that this time the command includes the
option, which binds the VNC server to your server’s loopback interface.
This will cause VNC to only allow connections that originate from the
server on which it’s installed.
In the next step, you’ll establish an SSH tunnel between your local
machine and your server, essentially tricking VNC into thinking that the
connection from your local machine originated on your server. This
strategy will add an extra layer of security around VNC, as the only
users who will be able to access it are those that already have SSH
access to your server.
You’ll see output similar to this:
With the configuration in place, you’re ready to connect to the VNC server from your local machine.
or VNC, is a connection system that allows you to use your keyboard and
mouse to interact with a graphical desktop environment on a remote
server. This method provides a user-friendly way to manage files,
software, and settings on a remote machine, which is useful for users
who are not yet comfortable with the command line.
In this guide, you’ll set up a VNC server with TightVNC on an Ubuntu server and connect to it securely through an SSH tunnel.
Then, you’ll use a VNC client program on your local machine to interact
with your server through a graphical desktop environment.
Key Takeaways:
- Virtual Network Computing (VNC) enables remote control of a server’s
graphical desktop environment using your own keyboard and mouse. - For optimal performance, especially over slower connections, it is best to use a lightweight VNC server and desktop environment.
- Most servers are command-line only, so a graphical desktop environment must be installed before a VNC server can be used.
- Proper VNC setup involves creating a dedicated system user and setting a secure password for remote access.
- A critical security measure is to configure the VNC server to only
accept connections from the server itself, preventing direct exposure to
the internet. - To ensure the VNC server runs reliably and starts automatically on boot, it should be configured as a systemd service.
- Since the VNC protocol itself is not encrypted, an SSH tunnel is essential for creating a secure, encrypted connection.
- A VNC client connects to a local port on your machine, which is then
securely forwarded to the remote server through the SSH tunnel.
To complete this tutorial, you’ll need:
[*]A local computer with a VNC client installed. The VNC client you use must support connections over SSH tunnels:
- On Windows, you can use TightVNC, RealVNC, or UltraVNC.
- On macOS, you can use the built-in Screen Sharing program, or you can use a cross-platform app like RealVNC.
- On Linux, you can choose from many options, including ,
Code: Select all
vinagre, RealVNC, or TightVNC.Code: Select all
krdc
Step 1 — Installing the Desktop Environment and VNC Serverhttps://www.digitalocean.com/community/ ... vnc-server
By default, an Ubuntu server does not come with a graphical desktop
environment or a VNC server installed, so you’ll begin by installing
those.
You have many options when it comes to which VNC server and desktop
environment you choose. In this tutorial, you will install packages for
the latest Xfce
desktop environment and the TightVNC package available from the
official Ubuntu repository. Both Xfce and TightVNC are known for being
lightweight and fast, which will help ensure that the VNC connection
will be smooth and stable even on slower internet connections.
After connecting to your server with [ update your list of packages:
Code: Select all
sudo apt updateCode: Select all
xfce4-goodiesCode: Select all
sudo apt install xfce4 xfce4-goodiesmanager for Xfce. A display manager is a program that allows you to
select and log in to a desktop environment through a graphical
interface. You’ll only be using Xfce when you connect with a VNC client,
and in these Xfce sessions you’ll already be logged in as your non-root
Ubuntu user. So for the purposes of this tutorial, your choice of
display manager isn’t pertinent. Select either one and press
Code: Select all
ENTEROnce that installation completes, install the TightVNC server:
Code: Select all
sudo apt install tightvncserverCode: Select all
vncserverCode: Select all
vncserverCode: Select all
OutputYou will require a password to access your desktops.
Password:
Verify:Once you verify the password, you’ll have the option to create a
view-only password. Users who log in with the view-only password will
not be able to control the VNC instance with their mouse or keyboard.
This is a helpful option if you want to demonstrate something to other
people using your VNC server, but this isn’t required.
The process then creates the necessary default configuration files
and connection information for the server. Additionally, it launches a
default server instance on port
Code: Select all
5901Code: Select all
:1Code: Select all
:2Code: Select all
5902Code: Select all
:3Code: Select all
5903Code: Select all
OutputWould you like to enter a view-only password (y/n)? n
xauth: file /home/sammy/.Xauthority does not exist
New 'X' desktop is your_hostname:1
Creating default startup script /home/sammy/.vnc/xstartup
Starting applications specified in /home/sammy/.vnc/xstartup
Log file is /home/sammy/.vnc/your_hostname:1.logCode: Select all
vncpasswdCode: Select all
vncpasswdconfigure it to launch Xfce and give us access to the server through a
graphical interface.
Step 2 — Configuring the VNC Serverhttps://www.digitalocean.com/community/ ... vnc-server
The VNC server needs to know which commands to execute when it starts
up. Specifically, VNC needs to know which graphical desktop environment
it should connect to.
The commands that the VNC server runs at startup are located in a configuration file called
Code: Select all
xstartupCode: Select all
.vncCode: Select all
vncserverBecause you are going to be changing how the VNC server is
configured, first stop the VNC server instance that is running on port
Code: Select all
5901Code: Select all
vncserver -kill :1Code: Select all
OutputKilling Xtightvnc process ID 17648Code: Select all
xstartupCode: Select all
mv ~/.vnc/xstartup ~/.vnc/xstartup.bakCode: Select all
xstartupCode: Select all
nanoCode: Select all
nano ~/.vnc/xstartupCode: Select all
~/.vnc/xstartupCode: Select all
#!/bin/bash
xrdb $HOME/.Xresources
startxfce4 &In executable plain-text files on *nix platforms, a shebang tells the
system what interpreter to pass that file to for execution. In this
case, you’re passing the file to the Bash interpreter. This will allow
each successive line to be executed as commands, in order.
The first command in the file,
Code: Select all
xrdb $HOME/.XresourcesCode: Select all
.XresourcesCode: Select all
.Xresourcesdesktop, like terminal colors, cursor themes, and font rendering. The
second command tells the server to launch Xfce. Whenever you start or
restart the VNC server, these commands will execute automatically.
Save and close the file after adding these lines. If you used
Code: Select all
nanoCode: Select all
CTRL + XCode: Select all
YCode: Select all
ENTERTo ensure that the VNC server will be able to use this new startup file properly, you’ll need to make it executable:
Code: Select all
chmod +x ~/.vnc/xstartupCode: Select all
vncserver -localhostCode: Select all
-localhostThis will cause VNC to only allow connections that originate from the
server on which it’s installed.
In the next step, you’ll establish an SSH tunnel between your local
machine and your server, essentially tricking VNC into thinking that the
connection from your local machine originated on your server. This
strategy will add an extra layer of security around VNC, as the only
users who will be able to access it are those that already have SSH
access to your server.
You’ll see output similar to this:
Code: Select all
OutputNew 'X' desktop is your_hostname:1
Starting applications specified in /home/sammy/.vnc/xstartup
Log file is /home/sammy/.vnc/your_hostname:1.log