How do I use VNC to access a remote Linux desktop?
Virtual Network Computing (VNC) allows you to use GUI applications in a desktop environment over a remote connection.
If you don't need a full desktop environment, consider using X11 forwarding, which is simpler and more reliable.
The instructions below are for connecting to Eniac, Biglab and Speclab using VNC.
Initial VNC Server Configuration
Before using VNC on SEAS Linux machines for the first time, you must
configure an initial VNC password. If you perform this step in your account on
eniac.seas.upenn.edu
using ssh, the
password will be available on other SEAS Linux machines, including Biglab and
Speclab.
Linux, macOS and some Windows environments already include an SSH client. Some Windows users may need to install an application like MobaXterm (which also includes VNC and tools for creating SSH tunnels). Adapt the instructions below as needed for your environment.
Penn VPN software is required for all SSH connections from networks that are outside of PennNet.
Before connecting to a machine on PennNet via SSH from an external network, you must install and run the University Client VPN software:
Start the University Client VPN if your computer is not currently connected to the PennNet network.
Open a terminal on your local machine and type the following command to connect to the remote machine, replacing username with your account name:
ssh username@eniac.seas.upenn.edu
After logging into your account on ENIAC, type this command:
vncpasswd
Please set a strong password that is not the same as your PennKey password. Your session should look something like this:
$ vncpasswd Password: Verify: Would you like to enter a view-only password (y/n)? n
The remaining steps can be performed on your local computer, so it's safe to
log out of your remote session now by typing the exit
command:
$ exit logout Connection to eniac.seas.upenn.edu closed.
VNC is now configured for your SEAS account on any SEAS machine that mounts your home directory (ENIAC, Biglab, Speclab, and other linux machines managed by CETS). You can reset your VNC password at any time by repeating these steps.
Running VNC
Start the VNC Server on the Remote Machine
Now that you have configured VNC for your SEAS account, use ssh to remotely
run the vncserver
command, which will immediately return you to
your local terminal.
To start the VNC server on the remote machine, run this command in a terminal on your local computer, replacing username with your account name:
To start the VNC server on Eniac:
ssh username@eniac.seas.upenn.edu 'vncserver'
To start the VNC server on Biglab:
ssh username@biglab.seas.upenn.edu 'vncserver'
To start the VNC server on Speclab:
ssh username@speclab.seas.upenn.edu 'vncserver'
Your session should look something like this (but with the actual hostname, account name and display number):
$ ssh bfranklin@biglab.seas.upenn.edu 'vncserver' New 'big03:5 (bfranklin)' desktop is big03:5 Starting applications specified in /home1/b/bfranklin/.vnc/xstartup Log file is /home1/b/bfranklin/.vnc/big03:5.log
This shows the actual hostname (important for Biglab and Speclab)
and the display number, which you will use for your connection in the following
steps. The display number is added to 5900 to get the actual port. In this
example, the display number is 5, so vncserver
is now listening on
port 5905 (because 5900 + 5 = 5905) of the host
big03.seas.upenn.edu
(or big03.seas.upenn.edu:5905
).
Create SSH Tunnel
Direct connections to the VNC server are blocked by the SEAS firewall, so it is necessary to tunnel VNC over SSH for a secure connection. Using the example above, run this command on your local machine (the computer you're connecting from) replacing username with your account name:
ssh -L 5905:localhost:5905 -N -f username@big03.seas.upenn.edu
This creates a secure persistent connection between your computer and the remote computer.
Connect VNC Client
Now you can connect to the already running instance of VNC that you started on the server by using the local side of the SSH tunnel you created by running this command on your local machine:
vncviewer localhost:5905
Or, on MacOS, use the native VNC client (which may result in a suboptimal experience):
open vnc://localhost:5905
When prompted, provide the password you set in your initial VNC configuration. A new window containing your remote desktop will appear, allowing you to run applications on the remote machine.
End VNC Session
Important: Ensure that you end the VNC session after using it.
When are you are finished, log out of the remote desktop. Run this command
on your local machine to shut down vncserver
(replacing
username with your account name and using the hostname and display
number from your actual session):
ssh username@big03.seas.upenn.edu 'vncserver -kill :5'
Verify that you haven't left any vncserver
processes running
with this command:
ssh username@big03.seas.upenn.edu 'vncserver -list'
Close SSH Tunnel
The SSH tunnel will remain in place until it is reset or closed. To manually close the tunnel, first find its PID number by running this command on your local machine:
ps -e -o pid,user,command | grep :localhost:
Here is an example of the output:
$ ps -e -o pid,user,command | grep :localhost: 12214 bfranklin ssh -L 5905:localhost:5905 -N -f big03.seas.upenn.edu 12307 bfranklin grep :localhost:
Use the PID number of the SSH tunnel to close it with the kill
command:
kill 12214