How do I use VNC to access a remote Linux desktop?
Virtual Network Computing (VNC) allows you to use GUI applications in a desktop environment over a remote connection.
If you don't need a full desktop environment, consider using X11 forwarding, which is simpler and more reliable.
Initial VNC Server Configuration
Before using VNC on SEAS Linux machines for the first time, you must
configure an initial VNC password. If you perform this step in your account on
eniac.seas.upenn.edu using ssh, the
password will be available on other SEAS Linux machines, including Biglab and
Linux, macOS and some Windows environments already include an SSH client. Some Windows users may need to install an application like MobaXterm (which also includes VNC and tools for creating SSH tunnels). Adapt the instructions below as needed for your environment.
Penn VPN software is required for all SSH connections from networks that are outside of PennNet.
Before connecting to a machine on PennNet via SSH from an external network, you must install and run the University Client VPN software:
Start the University Client VPN if your computer is not currently connected to the PennNet network.
Open a terminal on your local machine and type the following command to connect to the remote machine, replacing username with your account name:
After logging into your account on ENIAC, type this command:
Please set a strong password that is not the same as your PennKey password. Your session should look something like this:
$ vncpasswd Password: Verify: Would you like to enter a view-only password (y/n)? n
The remaining steps can be performed on your local computer, so it's safe to
log out of your remote session now by typing the
$ exit logout Connection to eniac.seas.upenn.edu closed.
VNC is now configured for your SEAS account on any SEAS machine that mounts your home directory (ENIAC, Biglab, Speclab, and other linux machines managed by CETS). You can reset your VNC password at any time by repeating these steps.
Start the VNC Server on the Remote Machine
Now that you have configured VNC for your SEAS account, use ssh to remotely
vncserver command, which will immediately return you to
your local terminal.
To start the VNC server on the remote machine, run this command in a terminal on your local computer, replacing username with your account name:
To start the VNC server on Eniac:
ssh firstname.lastname@example.org 'vncserver'
To start the VNC server on Biglab:
ssh email@example.com 'vncserver'
To start the VNC server on Speclab:
ssh firstname.lastname@example.org 'vncserver'
Your session should look something like this (but with the actual hostname, account name and display number):
$ ssh email@example.com 'vncserver' New 'big03:5 (bfranklin)' desktop is big03:5 Starting applications specified in /home1/b/bfranklin/.vnc/xstartup Log file is /home1/b/bfranklin/.vnc/big03:5.log
This shows the actual hostname (important for Biglab and Speclab)
and the display number, which you will use for your connection in the following
steps. The display number is added to 5900 to get the actual port. In this
example, the display number is 5, so
vncserver is now listening on
port 5905 (because 5900 + 5 = 5905) of the host
Create SSH Tunnel
Direct connections to the VNC server are blocked by the SEAS firewall, so it is necessary to tunnel VNC over SSH for a secure connection. Using the example above, run this command on your local machine (the computer you're connecting from) replacing username with your account name:
ssh -L 5905:localhost:5905 -N -f firstname.lastname@example.org
This creates a secure persistent connection between your computer and the remote computer.
Connect VNC Client
Now you can connect to the already running instance of VNC that you started on the server by using the local side of the SSH tunnel you created by running this command on your local machine:
Or, on MacOS, use the native VNC client (which may result in a suboptimal experience):
When prompted, provide the password you set in your initial VNC configuration. A new window containing your remote desktop will appear, allowing you to run applications on the remote machine.
End VNC Session
Important: Ensure that you end the VNC session after using it.
When are you are finished, log out of the remote desktop. Run this command
on your local machine to shut down
username with your account name and using the hostname and display
number from your actual session):
ssh email@example.com 'vncserver -kill :5'
Verify that you haven't left any
vncserver processes running
with this command:
ssh firstname.lastname@example.org 'vncserver -list'
Close SSH Tunnel
The SSH tunnel will remain in place until it is reset or closed. To manually close the tunnel, first find its PID number by running this command on your local machine:
ps -e -o pid,user,command | grep :localhost:
Here is an example of the output:
$ ps -e -o pid,user,command | grep :localhost: 12214 bfranklin ssh -L 5905:localhost:5905 -N -f big03.seas.upenn.edu 12307 bfranklin grep :localhost:
Use the PID number of the SSH tunnel to close it with the