Remote X Desktop with VNC

Serge Y. Stroobandt

Copyright 2013–2015, licensed under Creative Commons BY-NC-SA

Introduction

Yes, I admit: I am such a sucker who, already since a young age, fixes his old man’s computer and then gets blamed for all future problems… The end result is an old man who hardly minds to learn how to use his desktop environment.

About VNC

Virtual Network Computing (VNC) is a graphical desktop sharing system that uses the Remote Frame Buffer protocol (RFB) to remotely control another computer. It transmits the keyboard and mouse events from one computer to another, relaying the graphical screen updates back in the other direction, over a network.

A VNC system consists of a client, a server, and a communication protocol

• The VNC server is the program on the machine that shares its screen. The server passively allows the client to take control of it.
• The VNC client (or viewer) is the program that watches, controls, and interacts with the server. The client controls the server.
• The VNC protocol (RFB) is very simple, based on one graphic primitive from server to client (“Put a rectangle of pixel data at the specified X,Y position”) and event messages from client to server.

Note that the machine the VNC server is running on does not need to have a physical display.

RFB is not secure

By default, RFB is not a secure protocol. While passwords are not sent in plain-text (as in telnet), cracking could prove successful if both the encryption key and encoded password are sniffed from a network. For this reason it is recommended to use a password of exactly eight characters, since eight characters is also the upper limit on certain VNC versions. If a password is sent exceeding eight characters, the excess characters are removed and the truncated string is compared to the password.

VNC may be tunnelled over an SSH connection which would add an extra security layer with stronger encryption.

This is why I will refrain from

TCP port 5900+N

VNC by default uses TCP port 5900+N,[6][7] where N is the display number (usually :0 for a physical display). Using VNC over the Internet works well if the user has a broadband connection at both ends. However, it may require advanced NAT, firewall and router configuration such as port forwarding in order for the connection to go through.

x11vnc server

Firstly, the system administrator installs the x11vnc package on the machine that will act as the VNC server. For Debian-based systems, this goes like:

admin@vncserver $ sudo apt-get update
admin@vncserver $ sudo apt-get install x11vnc

Then, switch over to the helpless user and create a password for accessing the x11vnc server.

admin@vncserver $ sudo su helpless
helpless@vncserver $ x11vnc -storepasswd

Use a password no longer than eight characters and different from the password of the system login account. This is done for security reasons. As explained above, the RFB protocol is not entirely secure.

Enter VNC password:
Verify password:
Write password to /home/helpless/.vnc/passwd?  [y]/n 
Password written to: /home/helpless/.vnc/passwd

Equally out of RFB security concerns, it is not advisable to start the x11vnc server automatically at desktop login. It is much better to create a custom startvnc command.

helpless@vncserver ~ $ echo 'export PATH="$HOME/bin:$PATH"' >> .bashrc
helpless@vncserver ~ $ mkdir bin
helpless@vncserver ~ $ cd bin
helpless@vncserver ~/bin $ nano startvnc

    #!/bin/bash
    x11vnc -once -usepw -httpport 5900 -ncache 10

helpless@vncserver ~/bin $ chmod +x startvnc

helpless@vncserver ~ $ startvnc

xvnc4viewer client

Over at the VNC client machine, install xvnc4viewer:

guru@vncclient $ sudo apt-get update
guru@vncclient $ sudo apt-get install xvnc4viewer

To access your desktop just use any vncviewer directing to your IP or domain name and type the VNC password.

guru@vncclient $ xvnc4viewer vncserver.domain.net:0

References

5

Keep this site on-line

This work is licensed under a Creative Commons Attribution‑NonCommercial‑ShareAlike 4.0 International License.
Other licensing available on request.

Unless otherwise stated, all originally authored software on this site is licensed under the terms of GNU GPL version 3.

This static web site has no backend database.
Hence, no personal data is collected and GDPR compliance is met.
Moreover, this domain does not set any first party cookies.

All Google ads shown on this web site are, irrespective of your location,
restricted in data processing to meet compliance with the CCPA and GDPR.
However, Google AdSense may set third party cookies for traffic analysis and
use JavaScript to obtain a unique set of browser data.
Your browser can be configured to block third party cookies.
Furthermore, installing an ad blocker like EFF's Privacy Badger
will block the JavaScript of ads.
Google's ad policies can be found here.

This page employs a server‑side script.

This page includes an open-source client-side script, written in and
transcoded by to make it run as secure JavaScript in the browser.

Static XHTML generated from Markdown by and
the make, sed and gpp commands.

math markup rendered with .
references are best read with .

Unattended CSS typesetting with .

This work is published at https://hamwaves.com/vnc/en/.

Use my OpenPGP public key to encrypt messages for:

echo c2VyZ2VAc3Ryb29iYW5kdC5jb20K |base64 -d

Last update: Wednesday, September 1, 2021.