Leaderboard ad

4.10.2015

How To Install VNC Server in Red Hat 7 / CentOS 7

Question sent in by Anonymous.

Q: I am coming from the Windows world where I am used to using Remote Desktop to access my systems on the network.  I recently set up a new CentOS system.  I have done some reading and understand I need to use VNC for this. How can I install and configure a VNC server on my CentOS 7 system so I can "Remote Desktop" into it?

A: This can be done easily with the some basic software.  In CentOS 7 (or RHEL 7) the default VNC server is tigervnc. Let's install and configure VNC for a single user, then we will cover how to install VNC for multiple users.

Install TigerVNC software and it's dependencies:

yum install tigervnc-server
When you install tigervnc it creates a sample configuration file in /lib/systemd/system that is called vncserver@.service.  It is best to copy this file and edit it to meet your needs.

cp /lib/systemd/system/vncserver@.service /etc/systemd/system/vncserver@.service
NOTE: The above command should be one line.

Now we have to edit the /etc/systemd/system/vncserver@.service file and at minimum must change the USER name who will be connecting to the VNC server.

Example File:

[Unit]
Description=Remote desktop service (VNC)
After=syslog.target network.target

[Service]
Type=forking
# Clean any existing files in /tmp/.X11-unix environment
ExecStartPre=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'
ExecStart=/sbin/runuser -l <USER> -c "/usr/bin/vncserver %i"
PIDFile=/home/<USER>/.vnc/%H%i.pid
ExecStop=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'

[Install]
WantedBy=multi-user.target

NOTE: Change <USER> to the username of the account who will be logging into the system.

To make the changes to the configuration file take effect, run the following command:

systemctl daemon-reload
Now you have to set the VNC password for the user you specified in the file above.  This command MUST be run by the user, so let's switch to the user account and set the password like so:

[root@putor ~]# su - vncuser
[vncuser@putor ~]$ vncpasswd
Password:
Verify:


Before we log into the system with VNC, we have to start the service. 

systemctl start vncserver@:1.service
If you want to have the service start at boot:

systemctl enable vncserver@:1.service
One last thing that people always forget... You must allow or open the firewall to allow vnc connections.

VNC Servers listen on ports specific to their display number.  For example, we started the service above with the display number 1.  This will listen on port 5901.  If we started it with display number 2, it would listen on 5902.

Firewall configuration are very specific to the system. Here are some example that should work on default configurations.

Open VNC port using firewalld:

firewall-cmd --add-rich-rule='rule family="ipv4" service name=vnc-server accept'
Open VNC port using iptables:
iptables -I INPUT -p tcp --dport 5901 -j ACCEPT

How to setup VNC server for multiple users.

 If you want to setup VNC server for multiple users the directions are basically the same.  The only difference is you MUST create multiple service files, set both users VNC passwords,  and open additional ports in the firewall.

For example, you could create two service files like so:

cp /lib/systemd/system/vncserver@.service /etc/systemd/system/vncserver-user1@.service

cp /lib/systemd/system/vncserver@.service /etc/systemd/system/vncserver-user2@.service
You would edit each file the same way we did in the single user setup, this time you would change <USER> to the specific username that file is for.

Also you have to set the VNC password for each user, just like we did above, and open a firewall rule for each display you plan to use.

VNC listens on 5900+diplay# when using a VNC client. 
NOTE: If you are depending on the server to give you a java applet, you also need 5800+display#, and 6000+display# for the X Server Port.  If you are using a client, typically only 5900+display# is needed.

For example if you are going to start user1 on display 1, and user2 on display 2, then you have to open both tcp ports 5901 and 5902.

Here is an example:

Start user1 VNC server on display 1, and user2 on display 2:

systemctl start vncserver-user1@:1.service
systemctl start vncserver-user2@:2.service

Now let's use netstat to check what ports VNC is listening on.

[root@putor ~]# netstat -tulp | grep vnc
tcp        0      0 0.0.0.0:5901            0.0.0.0:*               LISTEN      8062/Xvnc          
tcp        0      0 0.0.0.0:5902            0.0.0.0:*               LISTEN      8507/Xvnc          
tcp        0      0 0.0.0.0:6001            0.0.0.0:*               LISTEN      8062/Xvnc          
tcp        0      0 0.0.0.0:6002            0.0.0.0:*               LISTEN      8507/Xvnc


7 comments:

  1. init 6 and then it worked, who knows why...

    ReplyDelete
  2. you are the best. Thanks u very much

    ReplyDelete
  3. How can i access the server by VNC at System Level, like windows RDP, showing login screen ?

    ReplyDelete
    Replies
    1. I am not sure what you are talking about. The tutorial above shows you how to setup VNC on the server.

      Delete
    2. Not sure if this will work, but it's worth looking at
      https://www.ibm.com/developerworks/library/os-multiuserloginsvnc/

      Delete