All HowTo's Cyber-Security Linux Redhat, Fedora and CentOS Linux

Installing and using VNCServer with only SSH open

This tutorial demonstrations how to install and use VNC without direct access to the VNC server. In this article we only have SSH access to the server. This means we have no option but to use VNC in a secure manner – via SSH.

Install VNCServer and the desktop environment on the remote server:

yum clean all
yum groupinstall 'Server with GUI'
yum install tigervnc-server

I haven’t configured X to start on boot though as this is a server and rarely will be accessed using the GUI. Start X from the command line prior to connecting:

startx

We still need to configure the VNC server and our VNC access. CentOS and Redhat 7 have a new way of configuring VNC. The file you should start with is “/etc/sysconfig/vncserver” which will refer you to “/lib/systemd/system/[email protected]”. Open that file (/lib/systemd/system/[email protected]). You need to make two changes to that file which is simply replaving USER with your real username. Here’s an example with my username “myuser”:

[Service]
Type=forking
# Clean any existing files in /tmp/.X11-unix environment
ExecStartPre=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'
ExecStart=/sbin/runuser -l mysuer -c "/usr/bin/vncserver %i"
PIDFile=/home/myuser/.vnc/%H%i.pid
ExecStop=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'

Now we need to run the following commands:

cp /lib/systemd/system/[email protected] /etc/systemd/system/vncserver@:1.service
systemctl daemon-reload
systemctl enable vncserver@:1.service
systemctl start vncserver@:1.service

For subsequent users, change the 1 to the next increment (2 and then 3 and so on).

Create your VNC password:

# as the user we're going to connect as
vncpasswd

Create the secure SSH tunnel:

ssh -L 5901:localhost:5901 [email protected]

And how you can connect to the VNC server from your workstation as follows:

vnc://localhost:5901

Leave a Reply

Your email address will not be published. Required fields are marked *