Local Cloud

Client to Server

VNC Home Server

2019.10.18

Nathan Thompson

Alright, now we have a home server, running Linux, allowing SSH connections to run rsync backups and even media sharing via Plex server and Calibre. Secure shell is great for command line connections, but what if we want to see the XFCE desktop on EndeavourOS? Great question audience! Let us now configure VNC for the home server.

As mentioned, if your Linux distro uses GDM as a greeter, you will have difficulties enabling VNC{1}, but LightDM works perfectly well for this setup. All commands are working with the understanding we are configuring Arch or an Arch based linux distro, but can easily adapt to other distros.

{1} Not impossible, but enabling a VNC connection for the system itself and one per user is obnoxious.

VNC

What is VNC?

VNC stands for Virtual Network Computing. The idea is simple enough, using the RFB (remote framebuffer) protocol, it sends over pixels from the remote system to the local system. VNC is not just used to peak, view, the remote display, it can also be used for control. It transmits keyboard and mouse controls back to the remote display.

VNC was originally developed in the United Kingdom by developers at The Olivetti & Oracle Research Lab in the late 1990s, first specification of the RFB protocol seems to have been released January 1998. While not as optimized as other protocols, the flexibility of the technology (extensible but interoperable at a base level) and open source nature of the code has allowed versions to proliferate to many different platforms.

I have personally used various viewer and server packages on many different platforms, from Mac OS, Mac OS X, Linux distros, and Windows to mobile platforms like Android and iOS.

Server Config

On the Server:

Install X11vnc
1. sudo pacman -S x11vnc
Make x11vnc systemd unit
1. sudo nano /lib/systemd/system/x11vnc.service

[Unit]

Description=Start x11vnc at startup.

After=multi-user.target

[Service]

Type=simple

ExecStart=/usr/bin/x11vnc -auth guess -nevershared -forever -loop -noxdamage -repeat -rfbauth /home/User1/.vnc/passwd -rfbport 5900 -localhost

[Install]

WantedBy=multi-user.target

My command is telling the VNC server to open up a connection on port 5900, to allow localhost connections, and my password for VNC is stored in the .vnc directory in User1's home folder. The goal is to connect to VNC over SSH on the client's VNC viewer, but a password, while not much protection by itself, cannot hurt in conjunction with other steps to secure the connection. Likewise, never type your bare password into a script because anyone on the system will likely have access to it. Instead, invoke the password from a file or environmental variable. Remember, unless you either enable SSL connections (can be tricky depending on the server and client software used) or pipe VNC over SSH (my preferred method), your connection and even password are all sent in the clear.

We will create the password in the User1 account (again, this password is stored in ~/.vnc/passwd). After logging into the User1 account:
1. x11vnc -usepw
2. Type in desired password.
To load the systemd unit, enable at boot, and start the unit{2}.
1. sudo systemctl daemon-reload
2. sudo systemctl enable x11vnc.service
3. sudo systemctl start x11vnc.service

{2} If you are still in a non sudo enabled account for this step and using a modern GUI for your desktop, your user can still enable systemd units by simply not typing sudo before these commands. You should get a prompt asking for your admin user password to continue at each of the three steps.

Client Config

Okay, server is configured, but how does the client connect to our vnc server? There are a few different clients, at least, but my preference is to use TigerVNC.

Install TigerVNC
- sudo pacman -S tigervnc
To connect from client to server.
1. In a terminal, establish an SSH connection:
  - ssh -L 5900:localhost:5900 user1@serveripaddress
2. To open a VNC connection, in a second terminal tab/window:
  - vncviewer 0
3. If you are using a VNC password, as I have suggested in the previous server configuration section, a password prompt should appear.

I can only presume "This connection is not secure" is related to the absence of SSL, which we can cheerfully ignore as we as tunneling over SSH.

More Info

I gleaned pretty much everything I need to get this setup working from:

Arch Wiki on VNC
Karl J. Runge's excellent guide to x11vnc
Griffon's IT Library discussing VNC on recent versions of Ubuntu using GDM.

VNC is a go!

Assuming you have already configured SSH per our earlier guide, everything is ready to go. VNC is perhaps not as performant as RDC or other propriety graphical remote connection solutions, but there are ways to further tweak performance on VNC. As I find performance perfectly acceptable from my laptop connected over 802.11ac WIFi to server connected over Gigabit Ethernet on the same LAN, I have left the setup as is.