By using VNC over an SSH tunnel you have all the security you require and there is no need to fiddle with SSL certificates etc.
Install the Ubuntu Desktop environment:
apt install ubuntu-desktop
Some might prefer to use a lighter display manager, but we’ve found this works just fine.
Add a user who will be logging in with VNC:
useradd -m -s /bin/bash ENTER-USER-HERE
Set the password for this user:
passwd ENTER-USER-HERE
Add the created user to sudoers:
usermod -aG sudo ENTER-USER-HERE
Install TigerVNC and required packages:
apt install tigervnc-standalone-server tigervnc-common tigervnc-tools
Switch to the user:
su ENTER-USER-HERE
Run the vncserver command and answer required questions:
vncserver
Input the password of your choice and confirm this password again. No need to create a view only user.
Create xstartup file to allow VNC to run upon startup:
nano ~/.vnc/xstartup
Paste the following in this file:
#!/bin/sh
# Start up the standard system desktop
unset SESSION_MANAGER
unset DBUS_SESSION_BUS_ADDRESS
/usr/bin/gnome-session
[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
x-window-manager &
Give the xstartup file executable permissions:
chmod +x ~/.vnc/xstartup
The next few commands are going to be run as root, so run the following to drop back to root shell:
exit
Assign the user created above to a VNC display:
nano /etc/tigervnc/vncserver.users
Paste the following in this file:
:1=ENTER-USER-HERE
Remember to replace ENTER-USER-HERE with the actual user created above 🙂
Start the VNC service:
systemctl start tigervncserver@:1.service
Enable VNC service to be run upon startup:
systemctl enable tigervncserver@:1.service
Reboot the server:
reboot
You are now ready to create an SSH tunnel and VNC into the server. We suggest using Putty to create the SSH tunnel. Of course this can also be done straight on the terminal if you’re comfortable, but for the purposes of this tutorial let’s use Putty so that we still play nice with our Windows and Mac friends 🙂
Installing putty on Ubuntu should be as simple as running the following:
apt install putty
The Putty configuration is as follows:
-- On Session tab
- Enter the public IP in the hostname field
- Enter "YOUR-USER" in saved sessions text box and then click on save
Of course replace YOUR-USER with the user created above.
-- On SSH -> Tunnels
- Enter source port: 59000
- Enter destination: localhost:5901
You’re now good to go! In Putty click on Open and enter YOUR-USER as the username and then press enter. Enter the password created above. If successful you should see you’re logged in on the Putty terminal.
The final step is to install tigervnc-viewer which is the VNC client which will enable you to connect via VNC:
apt install tigervnc-viewer
Open TigerVNC Viewer and for the VNC server you should input the following:
localhost:59000
When prompted simply input the password you entered when you ran the vncserver command above.
And there you go, you can now VNC into your server over a secure SSH tunnel!