Configuring VNC Server Access on a Redhat Linux

Most of the time as a Linux system administrator you are managing your servers over the network. It is very rare that you will need to have a physical access to any of your managed servers. In most cases all you need is to SSH remotely to do your administration tasks. In this article we will configure a GUI alternative to a remote access to your RHEL server, which is VNC. VNC allows you to open a remote GUI session to your server and thus providing you with a full graphical interface accessible from any remote location.

In this tutorial you will learn:

  • How to install required VNC packages
  • How to setup and start the VNC server on RHEL
  • How to connect to a graphical session remotely
  • How to run graphical programs in the xterm session

VNC connection to RHEL

VNC connection to RHEL
Software Requirements and Linux Command Line Conventions
Category Requirements, Conventions or Software Version Used
System Red Hat Enterprise Linux
Software TigerVNC
Other Privileged access to your Linux system as root or via the sudo command.
Conventions # – requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command
$ – requires given linux commands to be executed as a regular non-privileged user

Installation and setup of VNC server



There are many window managers we can use with the VNC server, but for the purpose of this tutorial we will setup a simple xterm session, as xterm is in the base repositories of Red Hat Enterprise Linux. We’ll show however, that this simple starting point gives about full functionality with a simple trick. Also note that there are much more sophisticated window managers out there, like xfce, but that is out of the scope of this tutorial.

  1. First, we need to install the required packages for the server application:
    # dnf install tigervnc-server xterm
    
  2. Next we need to open the firewall for the service. To check what services are permitted currently, we list enabled services:
    # firewall-cmd --list-services
    cockpit dhcpv6-client ssh
    

    Open the vnc-server service:

    # firewall-cmd --permanent --zone=public --add-service vnc-server
    success
    

    Apply the configuration change:

    # firewall-cmd --reload
    

    And list services again to verify:



    # firewall-cmd --list-services
    cockpit dhcpv6-client ssh vnc-server
    
    WARNING
    Do not open your computer’s VNC service to the public! The firewall rule above is executed in a confined environment, and is for demonstration purposes only. Be sure to understand the risks before you open anything on an Internet-facing server, or even desktop.
  3. We need to setup the environment where the server will be running. In this example our goal is to run the server with a specified user testuser who does not have root privileges. Note that this step is done with the user that will run the server, not root. We set up a password that will allow connection (that has nothing to do with the user’s password used with ssh):
    $ vncpasswd 
    Password:
    Verify:
    Would you like to enter a view-only password (y/n)? n
    

    We don’t need to have view-only logins in this example. Next we edit the /home/testuser/.vnc/xstartup text file with a text editor like nano. The file should be empty after install, and we’ll add only a minimal content to start xterm session on connection. We add the following line to the empty file:

    xterm -geometry 1044x810+10+10 &
    

    Adjust the geometry parameters to fit into your screen. Now we can start the server:

    $ vncserver 
    
    New 'rhel8beta.lab:1 (testuser)' desktop is rhel8beta.home.hu:1
    
    Starting applications specified in /home/testuser/.vnc/xstartup
    Log file is /home/testuser/.vnc/rhel8beta.lab:1.log
    

    As the output suggests, we can follow the logs provided by the server in the logfiles under

    /home/<username>/.vnc/<hostname>:1.log

    , this filename will change if more than one VNC servers are running (as will the port you need to connect). The logfile also tells what port the server is listening on:

    vncext:      Listening for VNC connections on all interface(s), port 5901
    

    Which is the default VNC port.

  4. We can use many VNC clients to connect to the now started server. Remmina is a client shipped with recent Gnome desktops by default, and can handle SSH, RDP and VNC sessions. We need to provide the hostname or IP address of the host running the VNC server, as well as the port. The below example uses 192.168.1.14 as address, and the default port 5901 we found in the logfile of the server in the previous step. We need to select “VNC” as protocol next to the address field, and type the password we specified with vncpasswd earlier.

    Connecting to tigervnc with Remmina

    Connecting to tigervnc with Remmina


    If everything works as expected, we are connected to the VNC server, and running xterm, accepting and providing clipboard content, protected from network failure. The top example below will run uninterrupted if we disconnect from the session, and reconnect later.

    Running top uninterrupted remotely

    Running top uninterrupted remotely
  5. While these steps basically show how to set up the VNC server and connect to it, it does not make much sense to run top on a remote xterm session, as we could do it with much less effort with ssh, and a session server like screen. To see the power of such a simple xterm setup, simply type gedit on the remote xterm console (assuming a Gnome desktop is installed).

Running graphical programs within xterm

Running graphical programs within xterm

An empty document shows up in gedit, just as any graphical program would when started from command line. Note that the document that is being edited remotely, and the program that is holding it open is also protected by the VNC session. A network outage will not affect it, we can simply reconnect and continue work on the text, even if our client machine experiences unrecoverable error, and we forgot to save our work for the last few hours. Naturally the VNC server will not protect from the failure of the machine it is running on.

Troubleshooting

If you get a “connection refused” error, it’s most likely an issue with your firewall settings. Ensure you have configured access for VNC with the following commands:

# firewall-cmd --permanent --zone=public --add-service vnc-server
# firewall-cmd --reload


Otherwise, it could be a device between the two systems that is blocking the connection, or just a routing issue with the network.

If you try to connect to the VNC server and end up with only a black screen, it’s likely because there is no window manager for VNC. In the instructions above, we show how to configure xterm for this purpose. You can also use a full-featured window manager like GNOME or XFCE, but you have to set something. Ensure that xterm is configured as the VNC window manager per the instructions above.