Virtual Network Computing (VNC) works by capturing the display’s frame buffer and making it available across the network. This post shows you how to install TigerVNC and configure it to provide remote users access to their graphical desktop environment as if they were physically in front of the system.

For the example in this post we will use a CentOS 7 server as VNC server and a local computer with a VNC client to connect to it. It assumes that the remote system is running the OpenSSH SSH server and a graphical desktop environment such as GNOME or KDE. 


Installing VNC server


1. Make sure you have access to a local or remote yum repository to install the required packages.

# yum repolist


2. Install the GUI desktop package if not already installed to have a GUI access to VNC server.

# yum groupinstall "Server with GUI"


3. On the VNC server, install the TigerVNC server package:

# yum install tigervnc-server


Configuring VNC server


Copy the configuration file, /lib/systemd/system/vncserver@.service, to the directory /etc/systemd/system/following the naming of ‘vncserver_[username]@:[port].service‘. For example:

# cp /lib/systemd/system/vncserver@.service /etc/systemd/system/vncserver_root@:2.service
# cp /lib/systemd/system/vncserver@.service /etc/systemd/system/vncserver_oracle@:3.service


Note: It is common to create different configuration files for each user. As a best practice we can add the username to the configuration file as this will help to identify which file belongs to each user. This is not required.

3. Modify the configuration files that have been created for each user (In this example we are going to use root and oracle) :

A. Replace the &ltUSER&gt placeholder with “root” user that appears in the [Service] for file “vncserver_root@:2.service” and “oracle” for file “vncserver_oracle@:3.service” with vi.

# vi /etc/systemd/system/vncserver_root@:2.service
# vi /etc/systemd/system/vncserver_oracle@:3.service


You may also use “sed” to automatically make the username replacement:

# sed -i 's/<USER>/root/g' /etc/systemd/system/vncserver_root@:2.service
# sed -i 's/<USER>/oracle/g' /etc/systemd/system/vncserver_oracle@:3.service


B. Add the geometry to the configuration file as well for each user. In this example we are going to add “-geometry 800×800” to the configuration file. This will be at the end of the line starting with “ExecStart”.

# vi /etc/systemd/system/vncserver_root@:2.service
# vi /etc/systemd/system/vncserver_oracle@:3.service


4. After making the modifications in step A and B the line we have modified under the configuration file should look similar to these:

For file “vncserver_root@:2.service

Description=Remote desktop service (VNC)


# Clean any existing files in /tmp/.X11-unix environment
ExecStartPre=-/usr/bin/vncserver -kill %i
ExecStart=/sbin/runuser -l root -c "/usr/bin/vncserver %i -geometry 800x800"
ExecStop=-/usr/bin/vncserver -kill %i



For File “vncserver_oracle@:3.service

Description=Remote desktop service (VNC)

User=oracle # Clean any existing files in /tmp/.X11-unix environment ExecStartPre=-/usr/bin/vncserver -kill %i ExecStart=/sbin/runuser -l oracle -c "/usr/bin/vncserver %i -geometry 800x800" PIDFile=/home/oracle/.vnc/ ExecStop=-/usr/bin/vncserver -kill %i [Install]


The command specified in the ExecStart entry is invoked when we start the server using systemctl start; it uses runuser to run TigerVNC under the user’s account. The -l argument provides the username and -c specifies the command and its arguments that runuser will execute. The PIDFile entry specifies the directory in which the running process will keep track of its process ID.


Starting with RHEL7.4 the supported server options to pass to vncserver upon invocation has been moved to a new file named ‘config’ in ~/.vnc/ directory. So there will be no need to add those option in the ExecStart line.


Configure firewalld


1. Traffic for the display’s corresponding port should be allowed by the firewall. Display 0 uses port 5900, display 1 uses port 5901, display 2 uses port 5902, and so on. If you’re using FirewallD, the predefined vnc-server service opens ports 5900-5903:

# firewall-cmd --zone=public --permanent --add-service=vnc-server


If you need additional ports or if you don’t need to open the entire range, you can open just what you need using –add-port:

# firewall-cmd --zone=public --permanent --add-port=5901/tcp


2. Reload the firewall to make firewall rules effective.

# firewall-cmd  --reload


3. Reload the configuration:

#  systemctl daemon-reload


Start the Services and set password


1. We will now enable the vncserver service for each user on the selected port, this will also enable autostart on system boot, with the commands below:

# systemctl enable vncserver_root@:2.service
Created symlink from /etc/systemd/system/ to /etc/systemd/system/vncserver_root@:2.service.


# systemctl enable vncserver_oracle@:3.service
Created symlink from /etc/systemd/system/ to /etc/systemd/system/vncserver_oracle@:3.service.


2. Reload systemd’s configuration to make it aware of the new unit files:

# systemctl daemon-reload


3. Configure a password for each user to be used with vncserver.

# vncpasswd root
Would you like to enter a view-only password (y/n)? n


# vncpasswd oracle
Would you like to enter a view-only password (y/n)? n


4. You will need to execute “vncserver” in the command line while logged in as the user. This will automatically ask you to create a new password for the user.

# vncserver
You will require a password to access your desktops.

Would you like to enter a view-only password (y/n)? n
xauth:  file /root/.Xauthority does not exist

New 'ucartz:1 (root)' desktop is geeklab:1

Creating default startup script /root/.vnc/xstartup
Creating default config /root/.vnc/config
Starting applications specified in /root/.vnc/xstartup
Log file is /root/.vnc/geeklab:1.log


Accessing VNC server with VNC viewer


You can install any VNC viewer software on your client machine to access the VNC server. I am using realVNC software on my MAC to access the VNC server. You can use any of the below VNC viewer softwares according to the OS you are using.

. 1. TigerVNC: 2. TightVNC: 3. RealVNC:


Was this answer helpful? 0 Users Found This Useful (0 Votes)