Enabling remote desktop sharing (VNC) on Ubuntu 20.04 Desktop

If you’ve ever wanted to access your Ubuntu 20.04 Desktop remotely (and securely!) you may have come to the conclusion that it isn’t as simple as it maybe once was. This is for a variety of reasons but I’m going to skip over all of that and get right into how to make it work!

Initial Setup

If you’re like me, when you start searching for a solution to enabling VNC on Ubuntu 20.04 desktop you’ll find that most answers are actually written with the assumption that you are running the server version of the distro instead. Due to that they’ll often have you start by installing a desktop environment like xfce. This step is completely unnecessary if you are already running a desktop version of Ubuntu.

However, one step that is needed is to change the default login manager. Apparently the default gdm3 login manager has problems with VNC and so a solution is to change it out for an alternative called lightdm.

sudo apt install lightdm

During the installation you will be prompted to choose which login manager you want to use. Select lightdm and continue the install. Once lightdm is installed go ahead and restart your computer and log back in.

Installing VNC Server

Next we’ll need to install the VNC server itself. For this you have a few options but I’ve found x11vnc to be quite quick and easy to use so I’ll go with that one.

sudo apt install x11vnc

After that finishes we can set a VNC password by running:

sudo x11vnc -storepasswd

At this point we should have everything we need to test it out by starting the server with:

sudo /usr/bin/x11vnc -auth guess -forever -loop -noxdamage -repeat -rfbauth /home/{put your username here}/.vnc/passwd -rfbport 5900 -shared

Assuming you don’t have any firewalls blocking traffic you should be able to now remotely connect to your computer using the password you set. Of course it would be really nice if we didn’t have to start the VNC server manually every time so we’re going to create a system.d service to kick things off.

Create a x11vnc.service file using your text editor of choice:

sudo nano /lib/systemd/system/x11vnc.service

Inside that file put the following content:

[Unit]
Description=Start x11vnc at startup.
After=multi-user.target

[Service]
Type=simple
ExecStart=/usr/bin/x11vnc -auth guess -forever -loop -noxdamage -repeat -rfbauth /home/{put your user name here}/.vnc/passwd -rfbport 5900 -shared

[Install]
WantedBy=multi-user.target

Then to enable the service you want to run:

sudo systemctl daemon-reload
sudo systemctl enable x11vnc.service

With that you should be able to restart your computer and confirm that you can connect once it starts back up.

Securing It and Other Options

There are a few extra options you may want to consider for your VNC setup. The first is around performance. x11vnc has an option called -ncache which tells clients (that support it) to use client side caching to help speed things up. The recommended flag is: -ncache 10 which you can add to your ExecStart line in the x11vnc.service file above.

Additionally if you have no need for IPv6 support you can disable that with the –no6 or -noipv6 flags.

Finally VNC has a long history of security concerns. If you are only ever connected from within a secure network where the risk of someone snooping your traffic is minimal this may be less of an issue, however it is still probably best practice to connect securely via SSH anyway. To do this we want to restrict VNC to only listening to clients coming from itself. This may seem counterintuitive at first but the approach is basically to securely connect to your desktop using SSH and then make a local connection to VNC through that.

To restrict x11vnc to only listen to local connections simply add the -localhost flag. Restart your computer and when it comes back online you should be able to connect via SSH, port forwarding the VNC port 5900 to whichever source port you want. As an example this will forward port 59000 running on my remote machine to 5900 (the VNC port) running on the desktop I want to view.

ssh -L 59000:localhost:5900 -C -N -l {username} {desktop IP address}

The SSH flag -L indicates which local port to forward (in this case 59000 -> 5900). -C tells VNC to compress all data going over it which can sometimes help with VNC performance. The flag -N restricts the SSH connection to only port forwarding and not sending any commands. Finally -l is the login information to use for SSH.

With all of this in place you should now be able to VNC to localhost:59000 and that will connect you, through SSH, to the desktop to view.



1 Trackback / Pingback

  1. Enabling remote desktop sharing (VNC) on Linux Mint 19 – The Linux Experiment

Leave a Reply

Your email address will not be published.


*