Set up secure vnc remote desktop from debian server

Set up secure vnc remote desktop from debian server

This article is a summary of the excellent article written on the digital ocean website and that you can consult fully on https://www.digitalocean.com/community/tutorials/how-to-set-up-vnc-server-on-debian-8.

Install the window manager

sudo apt install xfce4 xfce4-goodies

We will install all we need to have a remote desktop

First of all, we will need to find a way to connect to the host remotely. There are a number of ways to do so but my preferred way is to use VNC.

Install VNC

Server

Install vnc

sudo aptitude install tightvncserver

Create a vnc user (optional)

sudo adduser vnc
sudo adduser vnc sudo
su - vnc

Start vnc

vncserver

You will be asked to two passwords. The first one will be used to access your desktop the second one (optional) would be used to provide a view-only session to your users.

On my machine, I had the following error:

Couldn't start Xtightvnc; trying default font path.
 Please set correct fontPath in the vncserver script.
 Couldn't start Xtightvnc process.

This was due to the fact that vnc was looking for fonts in /usr/share/fonts/X11 which are not installed. To fix this issue, simply install the missing fonts by typing :

sudo aptitude install xfonts-100dpi xfonts-75dpi xfonts-base

To stop the server:

vncserver -kill :1

To change the display setting:

vncserver -geometry 1600x1200

Secure the vnc connection

By default, the VNC protocol only encrypts the password/login request, all the subsequent traffic is exchanged without any protection. In order to protect the connection, we will use a ssh connection to connect to the vnc server.

Kill your current vnc session ()

Restart a session that will only accept incoming connections from localhost

vncserver -localhost

From your PC, start a ssh connection with the following arguments :

ssh [user]@[your vps] -L 5901:localhost:5901

On linus, start your vnc client and connect to the host with the following address:

localhost:5901

 


Leave a Reply

Your email address will not be published. Required fields are marked *