Virtual Network Computing (VNC) is a desktop sharing protocol that allows you to control a computer remotely using the VNC client software. VNC is working on GUI (Graphical User Interface) environments, it transmits movements of your mouse and keyboard input over the network using the Remote Frame Buffer (RFB) protocol.
Commonly, VNC is used for technicians to control client desktops or used by someone that needs to access their Desktop in the office from their home. VNC can be used securely through the VPN network or using the SSH tunneling connection.
In this tutorial, you will learn how to install a VNC server on the Debian 11 Bullseye. This tutorial uses TigerVNC packages to enable the VNC server, and you will also learn how to install Desktop Environment (DE) such as Gnome, XFCE, Mate desktops. Finally, you’ll learn how to connect to your VNC Server through a secure SSH tunneling connection.
Before you get started, ensure you have got the following requirements in place:
- An server Debian 11 Bullseye with at least 1 GB of RAM. If you’re planning to use modern DE for your VNC server, then you’ll need more than 1 GB of RAM. You can use a more lightweight DE if you have a server with only 1 GB of RAM.
- A non-root user with root privileges. Or you can use the root user.
Installing Desktop Environment
To get started with the VNC server, you’ll need to install Desktop Environment (DE) on your system. On Linux, there are various DE’s available, you can install DE as your preferred. You can install lightweight DE such as XFCE or Mate Desktop on a server with small resources, or you can install modern DE such as Gnome on a server with high resources.
In this section, you’ll install DE on the Debian 11 system. Choose between the following DE: Gnome, XFCE, or Mate desktop as your preferred DE.
1. To install the desktop environment, first, refresh your package index by running the ‘apt’ command below.
sudo apt update
2. Now, install your preferred DE by running the following command.
Install XFCE Desktop using the following command.
sudo apt install task-xfce-desktop dbus-x11
If you prefer Mate desktop, install it using the following command.
sudo apt install task-mate-desktop dbus-x11
And for the GNOME desktop, you can use the command below.
sudo apt install task-gnome-desktop dbus-x11
Now you have installed DE on your system, the next step in this tutorial is to create a new user and install TigerVNC packages.
Creating New Linux User
Although you can use the root user for your VNC server, for security reasons, it’s recommended to use a non-root user. In this section, you’ll create a new user and add it to the ‘sudo‘ group. This allows the user to get the root privileges using the command sudo.
1. Run the following command to add a new user and set up the password. In this example, we will create a new user ‘johndoe‘.
sudo useradd -m -s /bin/bash johndoe passwd johndoe
The option -m will automatically create a home directory for the new user. the option ‘-s /bin/bash‘ is used to specify the shell for the new user, type the full path of the binary shell.
This command will prompt you for a password. Input your strong password and repeat it.
2. Now, add your new user to the ‘sudo‘ group by running the following command. This allows the user to get the root privileges and execute the application using the root privileges.
sudo usermod -aG sudo johndoe
3. Next, log in as your new user and verify the sudo root privileges using the command below.
su - johndoe sudo su
You’ll be prompted for the password. Input your password and press ENTER. And as a result, your prompt will become ‘[email protected]‘, which means you’ve become root.
Installing TigerVNC Server Debian 11
In this section, you’ll install TigerVNC packages and set up VNC Server on your Debian 11 system. This includes setting up a VNC server for a specific user with its authentication and setting up the default DE. The VNC Server works as per-user, each user has its specific display, DE configuration, and systemd service.
1. To install TigerVNC packages, run the ‘apt‘ command below.
sudo apt install tigervnc-standalone-server tigervnc-common -y
2. You have now installed TigerVNC packages. Next, log in as your non-root user, then initialize the VNC Server by running the following command.
su - johndoe vncserver
3. You’ll be prompted to create a new password for your VNC Server. Input your password and repeat it. The password must be no more than 8 characters, or it will be declined.
You will require a password to access your desktops. Password: Verify:
4. Now you’ll be asked to create a view-only password. This is useful when you want to share your VNC Server but gives only ‘view-only’ access. As for now, we don’t need it, type ‘n‘ for no and press ENTER.
Would you like to enter a view-only password (y/n)? n
5. After initialization is completed, you’ll receive the following output. You may highlight this output ‘bullseye64:1 (johndoe)‘, which means the VNC server is running on the server ‘bullseye64‘ with the display ‘:1‘ as the user ‘johndoe‘.
New Xtigervnc server 'bullseye64:1 (johndoe)' on port 5901 for display :1. User xtigervncviewer -SecurityTypes VncAuth -passwd /home/johndoe/.vnc/passwd :1 to connecto to the VNC server.
Configuring XFCE as the Default Desktop Environment
At this point, you have initialized the VNC server for your user. All configurations related VNC server is generated under the directory ‘~/.vnc’. Next, you’ll set up the default DE for your VNC server.
1. Before you start, terminate the VNC server display ‘:1‘ by running the following command.
vncserver -kill bullseye64:1
You will get the output as below.
Killing Xtigervnc process ID 1635... success!
2. To set up default DE for the VNC server, you’ll need to modify/re-create the file ‘xstartup’ on the directory ‘~/.vnc’. This script will be automatically executed when the VNC server is running.
mv ~/.vnc/xstartup ~/.vnc/xstartup.bak nano ~/.vnc/xstartup
3. Input the following script to the file. And make sure to change the ‘startxfce4’ with the command to start your DE. This example uses the XFCE as the default DE.
bash #!/bin/bash xrdb $HOME/.Xresources startxfce4 &
Save and close the file.
4. Now, make the script ‘xstartup‘ executable by running the following command.
chmod +x ~/.vnc/xstartup
Now you have completed the configuration of the default DE for your VNC server.
Adding User to TigerVNC and Start Service
To make the TigerVNC server works, you’ll need to add your user and the display number to the file ‘/etc/tigervnc/vncserver.users’, then start and enable the TigerVNC service.
1. Modify the file ‘vncserver.users‘ using nano or your preferred editor.
sudo nano /etc/tigervnc/vncserver.users
Define the display number followed by the user as below. This example uses the display number ‘:1‘ for the user ‘johndoe‘.
Save and exit the file.
2. Next, run the following command to start and enable the TigerVNC service for display number ‘:1’. If you’ve multiple users and VNC servers, change the display number for each user such as ‘:2‘, ‘:3‘, and go on.
sudo systemctl enable --now [email protected]:1.service
3. Now, verify the TigerVNC service status by running the following command.
sudo systemctl status [email protected]:1.service
You’ll receive the output like the screenshot below. The TigerVNC service for display ‘:1‘ is ‘active (running)’, and it is running with the XFCE desktop.
Connecting to VNC Server Securely with SSH Tunneling
At this, you have completed the installation of the VNC server on the Debian 11 Bullseye with TigerVNC packages. In this section, you’ll connect to your VNC server securely through SSH tunneling.
1. Before you get started, ensure you have installed the VNC Viewer on your local computer/laptop. You can use RealVNC Viewer, which is can be installed on Linux, Windows, and macOS systems.
2. Now, to start the SSH Tunneling, run the ssh command below on your local computer. And make sure to change the ‘username’ and IP address ‘192.168.1.10′ with your VNC server IP address.
ssh -L 5901:127.0.0.1:5901 -N -f -l username t 192.168.1.10
Options you must know:
- The option ‘-L 5901:127.0.0.1:5901’ creates the tunneling process.
- -N prevents users from executing the remote command to the SSH server.
- -f makes the ssh go to the background.
- -l username specify your username for ssh.
This command will create tunneling on the localhost with port 5901 to the server ‘192.168.1.10‘ on port ‘5901‘. Now, you can connect to your VNC server using the localhost with port ‘5901‘.
3. Open your VNC viewer application and connect to the ‘localhost:5901‘ as below. You’ll be prompted with the password for your VNC server. Input your correct password.
4. Once you are connected to the VNC server, you’ll see the desktop of your VNC server. Below is the screenshot of the XFCE desktop.
In this section, you have successfully connected to the VNC server securely through the SSH tunneling.
In this tutorial, you’ve learned the installation of the VNC server on the Debian 11 Bullseye using the TigerVNC. Also, you’ve learned the installation of various Desktop Environment on the Debian system, and how to set up default DE and set up TigerVNC as your VNC server application.
In the end, you’ve learned how to connect to your VNC server securely through the SSH tunneling from your local computer to the VNC server.