How do I use VNC to access a remote Linux desktop?

Virtual Network Computing (VNC) allows you to use GUI applications in a desktop environment over a remote connection.

If you don't need a full desktop environment, consider using X11 forwarding, which is simpler and more reliable.

The instructions below are for connecting to Eniac, Biglab and Speclab using VNC.

Initial VNC Server Configuration

Before using VNC on SEAS Linux machines for the first time, you must configure an initial VNC password. If you perform this step in your account on eniac.seas.upenn.edu using ssh, the password will be available on other SEAS Linux machines, including Biglab and Speclab.

Linux, macOS and some Windows environments already include an SSH client. Some Windows users may need to install an application like MobaXterm (which also includes VNC and tools for creating SSH tunnels). Adapt the instructions below as needed for your environment.

Penn VPN software is required for all SSH connections from networks that are outside of PennNet.

Before connecting to a machine on PennNet via SSH from an external network, you must install and run the University Client VPN software:

University VPN Getting Started Guide

Start the University Client VPN if your computer is not currently connected to the PennNet network.

Open a terminal on your local machine and type the following command to connect to the remote machine, replacing username with your account name:

ssh username@eniac.seas.upenn.edu

After logging into your account on ENIAC, type this command:

vncpasswd

Please set a strong password that is not the same as your PennKey password. Your session should look something like this:


$ vncpasswd
Password:
Verify:
Would you like to enter a view-only password (y/n)? n

The remaining steps can be performed on your local computer, so it's safe to log out of your remote session now by typing the exit command: 


$ exit
logout
Connection to eniac.seas.upenn.edu closed.

VNC is now configured for your SEAS account on any SEAS machine that mounts your home directory (ENIAC, Biglab, Speclab, and other linux machines managed by CETS). You can reset your VNC password at any time by repeating these steps.

Running VNC

Start the VNC Server on the Remote Machine

Now that you have configured VNC for your SEAS account, use ssh to remotely run the vncserver command, which will immediately return you to your local terminal.

To start the VNC server on the remote machine, run this command in a terminal on your local computer, replacing username with your account name:

To start the VNC server on Eniac:

ssh username@eniac.seas.upenn.edu 'vncserver'

To start the VNC server on Biglab:

ssh username@biglab.seas.upenn.edu 'vncserver'

To start the VNC server on Speclab:

ssh username@speclab.seas.upenn.edu 'vncserver'

Your session should look something like this (but with the actual hostname, account name and display number):


$ ssh bfranklin@biglab.seas.upenn.edu 'vncserver'

New 'big03:5 (bfranklin)' desktop is big03:5

Starting applications specified in /home1/b/bfranklin/.vnc/xstartup
Log file is /home1/b/bfranklin/.vnc/big03:5.log

This shows the actual hostname (important for Biglab and Speclab) and the display number, which you will use for your connection in the following steps. The display number is added to 5900 to get the actual port. In this example, the display number is 5, so vncserver is now listening on port 5905 (because 5900 + 5 = 5905) of the host big03.seas.upenn.edu (or big03.seas.upenn.edu:5905).

Create SSH Tunnel

Direct connections to the VNC server are blocked by the SEAS firewall, so it is necessary to tunnel VNC over SSH for a secure connection. Using the example above, run this command on your local machine (the computer you're connecting from) replacing username with your account name:

ssh -L 5905:localhost:5905 -N -f username@big03.seas.upenn.edu

This creates a secure persistent connection between your computer and the remote computer.

Connect VNC Client

Now you can connect to the already running instance of VNC that you started on the server by using the local side of the SSH tunnel you created by running this command on your local machine:

vncviewer localhost:5905

Or, on MacOS, use the native VNC client (which may result in a suboptimal experience):

open vnc://localhost:5905

When prompted, provide the password you set in your initial VNC configuration. A new window containing your remote desktop will appear, allowing you to run applications on the remote machine.

End VNC Session

Important: Ensure that you end the VNC session after using it.

When are you are finished, log out of the remote desktop. Run this command on your local machine to shut down vncserver (replacing username with your account name and using the hostname and display number from your actual session):

ssh username@big03.seas.upenn.edu 'vncserver -kill :5'

Verify that you haven't left any vncserver processes running with this command:

ssh username@big03.seas.upenn.edu 'vncserver -list'

Close SSH Tunnel

The SSH tunnel will remain in place until it is reset or closed. To manually close the tunnel, first find its PID number by running this command on your local machine:

ps -e -o pid,user,command | grep :localhost:

Here is an example of the output:


$ ps -e -o pid,user,command | grep :localhost:
12214 bfranklin            ssh -L 5905:localhost:5905 -N -f big03.seas.upenn.edu
12307 bfranklin            grep :localhost:

Use the PID number of the SSH tunnel to close it with the kill command:

kill 12214

Related Articles

© Computing and Educational Technology Services