Setup TigerVNC over SSH tunnel on Ubuntu 22.04

By using VNC over an SSH tunnel you have all the security you require and there is no need to fiddle with SSL certificates etc.

Install the Ubuntu Desktop environment:

apt install ubuntu-desktop

Some might prefer to use a lighter display manager, but we’ve found this works just fine.

Add a user who will be logging in with VNC:

useradd -m -s /bin/bash ENTER-USER-HERE

Set the password for this user:


Add the created user to sudoers:

usermod -aG sudo ENTER-USER-HERE

Install TigerVNC and required packages:

apt install tigervnc-standalone-server tigervnc-common tigervnc-tools

Switch to the user:


Run the vncserver command and answer required questions:


Input the password of your choice and confirm this password again. No need to create a view only user.

Create xstartup file to allow VNC to run upon startup:

nano ~/.vnc/xstartup

Paste the following in this file:

# Start up the standard system desktop
[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
x-window-manager &

Give the xstartup file executable permissions:

chmod +x ~/.vnc/xstartup

The next few commands are going to be run as root, so run the following to drop back to root shell:


Assign the user created above to a VNC display:

nano /etc/tigervnc/vncserver.users

Paste the following in this file:


Remember to replace ENTER-USER-HERE with the actual user created above 🙂

Start the VNC service:

systemctl start tigervncserver@:1.service

Enable VNC service to be run upon startup:

systemctl enable tigervncserver@:1.service

Reboot the server:


You are now ready to create an SSH tunnel and VNC into the server. We suggest using Putty to create the SSH tunnel. Of course this can also be done straight on the terminal if you’re comfortable, but for the purposes of this tutorial let’s use Putty so that we still play nice with our Windows and Mac friends 🙂

Installing putty on Ubuntu should be as simple as running the following:

apt install putty

The Putty configuration is as follows:

-- On Session tab

- Enter the public IP in the hostname field
- Enter "YOUR-USER" in saved sessions text box and then click on save

Of course replace YOUR-USER with the user created above.

-- On SSH -> Tunnels

- Enter source port: 59000
- Enter destination: localhost:5901

You’re now good to go! In Putty click on Open and enter YOUR-USER as the username and then press enter. Enter the password created above. If successful you should see you’re logged in on the Putty terminal.

The final step is to install tigervnc-viewer which is the VNC client which will enable you to connect via VNC:

apt install tigervnc-viewer

Open TigerVNC Viewer and for the VNC server you should input the following:


When prompted simply input the password you entered when you ran the vncserver command above.

And there you go, you can now VNC into your server over a secure SSH tunnel!