This article will guide you through the installation and configuration of remote desktop software and a desktop environment on your Linux Ubuntu instance.

Virtual Network Computing (VNC) is a remote desktop sharing system that allows a user to remotely control another computer over a network connection. In this guide, you will learn how to set up a VNC Server on Ubuntu and securely connect to it using an SSH tunnel. We will use TightVNC, a lightweight and efficient remote control package, for this purpose.


  1. Create the instance

  2. Download and Install a VNC client on your local computer that supports VNC connections over SSH tunnels. Please use the below link according to your local computer’s OS.

  3. Log into the instance

Installing the Desktop Environment and VNC Server

  • Update list of packages

    sudo apt update

  • Install newer versions of the packages that are already installed

    sudo apt upgrade -y

  • Install the XFCE Desktop Environment

    sudo apt install xfce4 xfce4-goodies

  • Install the TightVNC server

    sudo apt install tightvncserver

  • To complete the VNC server’s initial configuration after installation, set up a secure password and create the initial configuration files


  • You will be prompted to enter and verify a password to access the instance remotely (Please note: that the password must be between six and eight characters in length. Any passwords exceeding the maximum limit of eight characters will be automatically truncated).

  • Once the password is confirmed, you have the option to set up a view-only password. If someone logs in using the view-only password, they won't be able to control the VNC instance through their mouse or keyboard. This feature can be useful if you want to show something to others using your VNC server, but it is not required.

  • So, simply choose 'n'.

  • The process then creates the necessary default configuration files and connection information for the server.

Configuring the VNC Server

  • The VNC server needs to know which commands to execute when it starts up. Specifically, VNC needs to know which graphical desktop it should connect to.

  • These commands are located in a configuration file called xstartup in the .vnc folder under your home directory. The startup script was created when you ran the vncserver in the previous step, but we will create our own to launch the XFCE Desktop.

  • When VNC is first set up, it launches a default server instance on port 5901. This port is called a display port, and is referred to by VNC as :1. VNC can launch multiple instances on other display ports, like :2, :3, and so on.

  • Because we will change how the VNC server is configured, first stop the VNC server instance that is running on port 5901 with the following command

    vncserver -kill :1

  • The output should look like this, although you will see a different PID:

  • Before you modify the xstartup file, back up the original

    mv ~/.vnc/xstartup ~/.vnc/xstartup.bak

  • Now create a new xstartup file and open it in your text editor

    vim ~/.vnc/xstartup

  • Commands in this file are executed automatically whenever you start or restart the VNC server. We need VNC to start our desktop environment if it is not already started. Add the below lines to the above file. 

    • To add the below lines into the above file, press 'i' to go into insert mode, then copy & paste them into the file.


      xrdb $HOME/.Xresources

      startxfce4 &

  • The first command in the file, xrdb $HOME/.Xresources, tells VNC’s GUI framework to read the server user’s .Xresources file. .Xresources is where a user can make changes to certain settings of the graphical desktop, like terminal colors, cursor themes, and font rendering. 

  • The second command tells the server to launch XFCE, which is where you will find all of the graphical software that you need to comfortably manage the instance.

  • Save and close the file. 

    • Press ‘Esc' to exit insert mode & then type ':wq!

  • To ensure that the VNC server will be able to use this new startup file properly, we will need to make it executable.

    sudo chmod +x ~/.vnc/xstartup

  • Now, restart the VNC server.


  • You will see output similar to this:

  • With the configuration in place, let’s connect to the server from our local machine.

Connecting the VNC Desktop Securely

VNC itself does not use secure protocols when connecting. We will use an SSH tunnel to connect securely to our server, and then tell our VNC Client to use that tunnel rather than making a direct connection.

For Linux / macOS

  • Create an SSH connection on your local computer that securely forwards to the localhost connection for VNC. You can do this via the terminal on Linux or macOS with the following command:

    ssh -L 5901:localhost:5901 ubuntu@instance_public_ip

  • The -L switch specifies the port bindings. In this case we are binding port 5901 of the remote connection to port 5901 on your local machine.

    • Remember to replace instance_public_ip

For Windows

  • If you are using a Graphical SSH client PuTTY on Windows. Right click on title bar in the current PuTTY session of your instance, click on ‘Change Settings'.

  • Navigate to Connection > SSH > Tunnels. Type ‘5901’ in the Source port field and type ‘localhost:5901’ in the Destination field.

  • Click on ‘Add' and click on 'Apply’.

  • Once the tunnel is running, open a VNC Client from your local system to connect to localhost:5901. You will be prompted to authenticate using the password which you set while configuring VNC Server initially.

  • Once you are connected, you will see the default XFCE Desktop like in the image below.

  • You can access files in your home directory with the file manager or from the command line.

  • Press ‘CTRL+C’ in your terminal to stop the SSH tunnel and return to your prompt. This will disconnect your VNC session as well.