Remote access to a Linux host's desktop with VNC

The following article explains how to access the desktop of a Linux host residing inside the ETH network from another host on the in- or outside by using Virtual Network Computing (VNC)1. Throughout his article, the following placeholders are used:

Quick Help for fast access

If you wanna have fast access by using VNC, do this. If you wanna get into more deeply, read next paragraphs.

 1. Establish a connection to ETH network with VPN

 2. SSH to your machine at ETH just like:
    $ ssh <username>@<machine>

 3. Start VNC server on <machine> in a konsole, just like:
    $ vncserver

 4. On your computer at home, connect to the VNC Session via vncviewer app:
    <my_ETH_machine>:<session_number>  e.g.

* In order to kill your VNC session you have to make a standard 'Logout' within your VNC operating system.
* If you close the VNC Window by clicking on X (above to the right), the session keeps running and you can login again by using the same <session_number>
* Every start of a new vncserver instance increases the <session_number> (= <display_number>) by one.
* All VNC personal settings are stored in '~/.vnc' directory. You can easily remove this dir (e.g. for cleanup reasons). It will be recreated after you execute a 'vncserver' command next time. 
* To see what VNC sessions are currently running on your ETH machine, type on a terminal:  $ ps -ef | grep vnc
* To kill a 'lost' (orphaned) VNC session do: vncserver -kill :1   (where ':1' is your session resp. display number depending on how many VNC instances you are running)

Connect to the ETH network

If current_host resides outside of the ETH network, you need to connect to it thorugh either a VPN connection or an SSH tunnel. Connecting through VPN is the preferred method as it uses a dedicated infrastructure. Both methods are explained in the following steps.
If current_host is alreay inside the ETH network, skip to Start a VNC server on internal_host.

Preferred method: Connect through a VPN connection

Know your ETH network password

If you're unsure about your eth_network_password, login on with your regular eth_password and change your former eth_network_password to a new password.

Install the VPN client on your current host

Initiate a VPN connection to internal_host

Now you are ready to connect the VPN client on current_host to the ETH network and continue with the following steps.

Alternative method: Connect through an SSH tunnel

SSH tunnel on Linux

The host is the entry point for an SSH connection. More information about SSH connections can be found in the article RemoteAccess: SSH -remote_terminal_session.

The default VNC port will only be known for sure after you start the VNC server on internal_host

SSH tunnel on Windows 10 with OpenSSH

SSH tunnel on Windows with PuTTY

A comfortable setup of PuTTY is described in Windows "direct" SSH access with PuTTY

Start a VNC server on internal_host

To start a VNC server instance on internal_host, you need to initiate a SSH connection to it.
If you previously opened a VPN connection, make sure it is still active

Initiate a SSH connection to internal_host

SSH connection on Linux

SSH connection on Windows 10 with OpenSSH

SSH connection on Windows with PuTTY

Follow the article Windows "direct" SSH access with PuTTY

Setup and start the VNC server

Configuration and start of a VNC server works with an ISG-provided wrapper script by issuing the command


in your shell connected to internal_host.

Setup and first startup

If this is the first time you start vncserver, you will be asked to provide a password to allow access to the VNC server instance you start now and in the future. It is possible to set the password to allow only observing or also interacting with the VNC session. Choose a strong password, as anyone on the ETH network can connect to your internal_host while a VNC server is running. The password should contain:

The setup followed by the startup process will look like this:

Creating directory /home/eth_username/.vnc......
Creating startup_file /home/eth_username/.vnc/xstartup.....

You will require a password to access your desktops.

Would you like to enter a view-only password (y/n)? n

New 'default' desktop is internal_host:R

Creating default config /home/eth_username/.vnc/config
Starting applications specified in /home/eth_username/.vnc/xstartup
Log file is /home/eth_username/.vnc/internal_host:R.log

Note the virtual display number R of your VNC server appearing after internal_host:. It is needed later to connect your VNC viewer on current_host to the VNC server instance on internal_host or to kill a vncserver process manually.
The default desktop started now is Xfce4. If you prefer a different desktop you have to kill the running vncserver process and start it again with the desktop of your choice.
Otherwise the vncserver process terminates after you log out of your desktop environment.

Terminating a running VNC server process

Issue the command

vncserver -kill :R

in a shell on internal_host.

Choose a non-default desktop

To start the VNC session with a non-default desktop, provide one of the options [xfce|gnome|kde|light|xterm]:

vncserver gnome

Use a VNC viewer to view and control the desktop on internal_host

VNC viewer software

The listed VNC software contains a viewer component and is available for both Linux and Windows:

The above list is not meant to be complete, feel free to install other solutions on your self-managed computer.

Connect your VNC viewer to the VNC server on internal_host

VNC connection from Linux

On Linux issue the command

vncviewer internal_host:590R

VNC connection from Windows or macOS

On Windows or macOS, open your VNC viewer and connect to internal_host:590R.
If you terminate your VNC viewer without logging out of your desktop environment, your VNC session will stay active and you can reconnect to it later on.

VNC connection from macOS alternative

On macOS the built-in VNC viewer may be started by pressing Command-K and entering the url vnc://internal_host:590R. No support is given for this way to connect to a VNC session.

Check (student) host availability

Check with the command htop if any other users are using internal_host 's resources right now. If they do, log out and log in to a different host.
A list of student hosts can be shown by issuing the command grep tardis /etc/hosts

VNC server configuration

The first start of vncserver creates the directory /home/eth_username/.vnc. It contains startup scripts for the different desktop options mentioned in Choose a non-default desktop. Logfiles of VNC sessions will also be stored there. If you experience problems, check the logfiles for hints what went wrong. As a last resort in troubleshooting, delete the directory and start again with Setup and start the VNC server.
If no specific desktop session is given then /etc/X11/Xsession which defaults to the Xfce4 desktop will be used. The desktop type light selects the light desktop Fluxbox. To use a desktop outside from Xfce4, GNOME, KDE, Fluxbox and Xterm please edit your xstartup file in /home/eth_username/.vnc according to your needs. The desktop type xterm starts a minimal desktop with a window manager and a xterm terminal window, applications are then started from the command line in the xterm.

The start of vncserver with no desktop parameter always looks for the xsession startup file ~/.vnc/xstartup in your home, if not found it's created with a desktop startup of the default xsession ( /etc/X11/Xsession ) which points to Xfce4. If you start vncserver with the optional desktop parameter a xstartup file ~/.vnc/xstartup.<desktop> is created in your home and used for subsequent startups with the same desktop parameter.

If you are using vncserver only for remote accessing some applications on the target machine please use the desktop type light or xterm but not the extremely heavyweight desktops GNOME or KDE. For "Work at home" you can use the heavyweight desktops (p.e. the default GNOME) but please logout from your computer in the office before you go home. We do not support the parallel usage of two heavyweight desktops (local and remote) from the same user on one machine.

For the GNOME desktop we use the TurboVNC server, all other desktops are provided by the TigerVNC server. TurboVNC's config file is ~/.vnc/config.turbo while TigerVNC uses ~/.vnc/config. To switch the configured default resolution of 1600x950 of the vncserver created display please comment out the geometry line in the configuration file and correct the resolution to your need.

  1. VNC on Wikipedia (1)

  2. The standard VNC implementation uses the password as a DES key, which is the reason it's truncated after 8 characters. The DES key size is limited to 56 bits plus 8 parity bits. Using ASCII characters made up of 7 bits it's possible to use an 8 character password, as the unused 8th bit of each byte is discarded. A password shorter than 8 characters is padded with zeroes. (2)

RemoteAccess/VNC (last edited 2021-12-10 12:32:25 by hgiger)