How do I run GUI apps remotely with VNC?

Virtual Network Computing (VNC) allows you to use GUI applications over a remote connection. If you only have one application to run, consider using X11 forwarding, instead.

The instructions below are for connecting to Eniac, Biglab and Speclab using VNC.

Initial VNC Server Configuration

Before using VNC on SEAS servers for the first time, you must configure an initial VNC password. Connect to using ssh.

Penn VPN software is required for all SSH connections from networks that are outside of PennNet.

Before connecting to a machine on PennNet via SSH from an external network, you must install and run the University Client VPN software:

Windows users will need a VNC client and a capable SSH application like Putty or MobaXterm (which also includes VNC and tools for creating SSH tunnels). Adapt the instructions below as needed for your environment.

On Linux or MacOS, open a terminal and type:


In your session on ENIAC, type this command:


Please set a strong password that is not the same as your PennKey password. Your session should look something like this (but with the actual account name and display number):

$ vncpasswd
Would you like to enter a view-only password (y/n)? n

$ exit
Connection to closed.

VNC is now configured for your SEAS account on any SEAS machine that mounts your home directory (ENIAC, Biglab, Speclab, and other linux machines managed by CETS). You can reset your VNC password at any time by repeating these steps.

Running VNC

Start the VNC Server on the Remote Machine

Now that you have configured VNC for your SEAS account, start vncserver on the desired machine by running the command remotely with ssh, which will return you to your local terminal. The -autokill option will ensure that vncserver closes when you log out of your remote desktop session.

To start the VNC server on Eniac:

ssh vncserver -autokill

To start the VNC server on Biglab:

ssh vncserver -autokill

To start the VNC server on Speclab:

ssh vncserver -autokill

Your session should look something like this (but with the actual hostname, account name and display number):

$ ssh vncserver -autokill

New 'big03:5 (bfranklin)' desktop is big03:5

Starting applications specified in /home1/b/bfranklin/.vnc/xstartup
Log file is /home1/b/bfranklin/.vnc/big03:5.log

This shows the actual hostname (important for Biglab and Speclab) and the display number, which you will use for your connection in the following steps. The display number is added to 5900 to get the actual port. In this example, the display number is 5, so vncserver is now listening on port 5905 of the host (or

Create SSH Tunnel

Direct connections to the VNC server are blocked by the SEAS firewall, so it is necessary to tunnel VNC over SSH for a secure connection. Using the example above, run this command on your local machine (the computer you're connecting from):

ssh -L 5905:localhost:5905 -N -f

This creates a secure persistent connection between your computer and the remote computer.

Connect VNC Client

Now you can connect to the already running instance of VNC that you started on the server by using the local side of the SSH tunnel you created:

vncviewer localhost:5905

Or, on MacOS, use the native VNC client (which may result in a suboptimal experience):

open vnc://localhost:5905

When prompted, provide the password you set in your initial VNC configuration. A new window will appear, allowing you to run GUI programs on the remote machine.

End VNC Session

When are you are finished, log out of the remote desktop. If you started vncserver with the -autokill option, it should stop running on the remote machine. Otherwise, run this command in your local terminal to shut down vncserver (using the hostname and display number from your actual session):

ssh "vncserver -kill :5"

You can verify that you haven't left vncserver running with this command:

ssh "vncserver -list"

Close SSH Tunnel

The SSH tunnel will remain in place until it is reset or closed. To manually close the tunnel, first find its pid number using this command on your local machine:

ps -e -o pid,user,command | grep :localhost:

Here is an example of the output:

$ ps -e -o pid,user,command | grep :localhost:
12214 bfranklin            ssh -L 5905:localhost:5905 -N -f
12307 bfranklin            grep :localhost:

To close the SSH tunnel, kill the process using the pid number discovered in the previous step:

kill 12214

Related Articles

© Computing and Educational Technology Services