Q: I am coming from the Windows world where I am used to using Remote Desktop to access my systems on the network. I recently set up a new CentOS system. I have done some reading and understand I need to use VNC for this. How can I install and configure a VNC server on my CentOS 7 system so I can “Remote Desktop” into it?
A: This can be done easily with the some basic software. In CentOS 7 (or RHEL 7) the default VNC server is tigervnc. Let’s install and configure VNC for a single user, then we will cover how to install VNC for multiple users.
Install TigerVNC and It's Dependencies
Use yum to install tigervnc-server package:
yum install tigervnc-server
Copy Sample Configuration and Edit
When you install tigervnc it creates a sample configuration file in /lib/systemd/system that is called [email protected]. It is best to copy this file and edit it to meet your needs.
cp /lib/systemd/system/[email protected] /etc/systemd/system/[email protected]
Now we have to edit the /etc/systemd/system/[email protected] file and at minimum must change the USER name who will be connecting to the VNC server.
Example File:
[Unit]
Description=Remote desktop service (VNC)
After=syslog.target network.target
[Service]
Type=forking
# Clean any existing files in /tmp/.X11-unix environment
ExecStartPre=/bin/sh -c ‘/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :’
ExecStart=/sbin/runuser -l <USER> -c “/usr/bin/vncserver %i”
PIDFile=/home/<USER>/.vnc/%H%i.pid
ExecStop=/bin/sh -c ‘/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :’
[Install]
WantedBy=multi-user.target
NOTE: Change <USER> to the username of the account who will be logging into the system.
To make the changes to the configuration file take effect, run the following command:
systemctl daemon-reload
Setup User with vncpasswd
Now you have to set the VNC password for the user you specified in the file above. This command MUST be run by the user, so let’s switch to the user account and set the password like so:
[root@putor ~]# su - vncuser
[vncuser@putor ~]$ vncpasswd
Password:
Verify:
Start and Enable the Service
Before we log into the system with VNC, we have to start the service.
systemctl start vncserver@:1.service
If you want the service to start at boot:
systemctl enable vncserver@:1.service
Configure Firewall For VNC
You must allow or open the firewall to allow vnc connections.
VNC Servers listen on ports specific to their display number. For example, we started the service above with the display number 1. This will listen on port 5901. If we started it with display number 2, it would listen on 5902.
Firewall configuration are very specific to the system. Here are some example that should work on default configurations.
Open VNC Port using firewalld:
firewall-cmd --add-rich-rule='rule family="ipv4" service name=vnc-server accept'
Open VNC port using iptables:
How to Configure VNC for Multiple Users
If you want to setup VNC server for multiple users the directions are basically the same. The only difference is you MUST create multiple service files, set both users VNC passwords, and open additional ports in the firewall.
For example, you could create two service files like so:
cp /lib/systemd/system/[email protected] /etc/systemd/system/[email protected]
cp /lib/systemd/system/[email protected] /etc/systemd/system/[email protected]
You would edit each file the same way we did in the single user setup, this time you would change <USER> to the specific username that file is for.
NOTES:
- VNC listens on 5900+diplay# when using a VNC client.
- If you are depending on the server to give you a java applet, you also need 5800+display#, and 6000+display# for the X Server Port. If you are using a client, typically only 5900+display# is needed.
if you are going to start user1 on display 1, and user2 on display 2, then you have to open both tcp ports 5901 and 5902 on the firewall.
Example:
Start user1 VNC server on display 1, and user2 on display 2:
systemctl start vncserver-user1@:1.service
systemctl start vncserver-user2@:2.service
Now let’s use netstat to check what ports VNC is listening on.
# netstat -tulp | grep vnc
tcp 0 0 0.0.0.0:5901 0.0.0.0:* LISTEN 8062/Xvnc
tcp 0 0 0.0.0.0:5902 0.0.0.0:* LISTEN 8507/Xvnc
tcp 0 0 0.0.0.0:6001 0.0.0.0:* LISTEN 8062/Xvnc
tcp 0 0 0.0.0.0:6002 0.0.0.0:* LISTEN 8507/Xvnc
Open the necessary ports on the firewall:
iptables -I INPUT -p tcp --dport 5901 -j ACCEPT
iptables -I INPUT -p tcp --dport 5902 -j ACCEPT
Conclusion
The VNC service is a finicky beast, but if you take your time and configure it correctly you should be ok. We learned how to install vnc, setup the a basic configuration, add users, and even how to open ports on the firewall for vnc. This is the base information you need to get started. See the resources below for more information.
thanks! very clear explanation.
init 6 and then it worked, who knows why...
Nice and Simple
you are the best. Thanks u very much
How can i access the server by VNC at System Level, like windows RDP, showing login screen ?
I am not sure what you are talking about. The tutorial above shows you how to setup VNC on the server.
Not sure if this will work, but it's worth looking at
https://www.ibm.com/developerworks/library/os-multiuserloginsvnc/