If you’ve ever wanted to access your Ubuntu 20.04 Desktop remotely (and securely!) you may have come to the conclusion that it isn’t as simple as it maybe once was. This is for a variety of reasons but I’m going to skip over all of that and get right into how to make it work!
Initial Setup
If you’re like me, when you start searching for a solution to enabling VNC on Ubuntu 20.04 desktop you’ll find that most answers are actually written with the assumption that you are running the server version of the distro instead. Due to that they’ll often have you start by installing a desktop environment like xfce. This step is completely unnecessary if you are already running a desktop version of Ubuntu.
However, one step that is needed is to change the default login manager. Apparently the default gdm3
login manager has problems with VNC and so a solution is to change it out for an alternative called lightdm
.
sudo apt install lightdm
During the installation you will be prompted to choose which login manager you want to use. Select lightdm
and continue the install. Once lightdm
is installed go ahead and restart your computer and log back in.
Installing VNC Server
Next we’ll need to install the VNC server itself. For this you have a few options but I’ve found x11vnc
to be quite quick and easy to use so I’ll go with that one.
sudo apt install x11vnc
After that finishes we can set a VNC password by running:
sudo x11vnc -storepasswd
At this point we should have everything we need to test it out by starting the server with:
sudo /usr/bin/x11vnc -auth guess -forever -loop -noxdamage -repeat -rfbauth /home/{put your username here}/.vnc/passwd -rfbport 5900 -shared
Assuming you don’t have any firewalls blocking traffic you should be able to now remotely connect to your computer using the password you set. Of course it would be really nice if we didn’t have to start the VNC server manually every time so we’re going to create a system.d service to kick things off.
Create a x11vnc.service
file using your text editor of choice:
sudo nano /lib/systemd/system/x11vnc.service
Inside that file put the following content:
[Unit] Description=Start x11vnc at startup. After=multi-user.target [Service] Type=simple ExecStart=/usr/bin/x11vnc -auth guess -forever -loop -noxdamage -repeat -rfbauth /home/{put your user name here}/.vnc/passwd -rfbport 5900 -shared [Install] WantedBy=multi-user.target
Then to enable the service you want to run:
sudo systemctl daemon-reload
sudo systemctl enable x11vnc.service
With that you should be able to restart your computer and confirm that you can connect once it starts back up.
Securing It and Other Options
There are a few extra options you may want to consider for your VNC setup. The first is around performance. x11vnc
has an option called -ncache
which tells clients (that support it) to use client side caching to help speed things up. The recommended flag is: -ncache 10
which you can add to your ExecStart line in the x11vnc.service
file above.
Additionally if you have no need for IPv6 support you can disable that with the –no6
or -noipv6
flags.
Finally VNC has a long history of security concerns. If you are only ever connected from within a secure network where the risk of someone snooping your traffic is minimal this may be less of an issue, however it is still probably best practice to connect securely via SSH anyway. To do this we want to restrict VNC to only listening to clients coming from itself. This may seem counterintuitive at first but the approach is basically to securely connect to your desktop using SSH and then make a local connection to VNC through that.
To restrict x11vnc to only listen to local connections simply add the -localhost
flag. Restart your computer and when it comes back online you should be able to connect via SSH, port forwarding the VNC port 5900 to whichever source port you want. As an example this will forward port 59000 running on my remote machine to 5900 (the VNC port) running on the desktop I want to view.
ssh -L 59000:localhost:5900 -C -N -l {username} {desktop IP address}
The SSH flag -L
indicates which local port to forward (in this case 59000 -> 5900). -C
tells VNC to compress all data going over it which can sometimes help with VNC performance. The flag -N
restricts the SSH connection to only port forwarding and not sending any commands. Finally -l
is the login information to use for SSH.
With all of this in place you should now be able to VNC to localhost:59000 and that will connect you, through SSH, to the desktop to view.
x11vnc has worked very well for us. We currently have very few Mint 19.x systems running, but have a scripts to install and set up x11vnc for all of our newer installs of Mint 20.0 thru 20.3 (MATE desktop). We have over 250 Mint desktops in our business, and around 70+ Windows desktops. Remmina connects fine to everything, with RDP or VNC.
Hello Bruce,
First off, thanks for this post. I tried your suggestions and I end up with a gray screen in vnc client. I don’t see any gnome stuff or and window manager at all. Also going to want to change geometry from 1024×768 to 1920×1080. I don’t see where I would do that.
Thanks.
My .vnc/xtartup looks like this (also tried without it)
#!/bin/sh
export XKL_XMODMAP_DISABLE=1
unset SESSION_MANAGER
unset DBUS_SESSION_BUS_ADDRESS
[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
sleep 1
xsetroot -solid grey
vncconfig -iconic &
nautilus &
gnome-terminal &