Remotely administering machines graphically, with VNC

Posted by Steve on Sat 7 May 2005 at 17:08

Tags: , ,

99% of all remote administration jobs can be carried out with only shell access via SSH. But some jobs require you to interact with a graphical application, those jobs can be handled with VNC.

VNC is a standard protocol meaning 'virtual network computer' it allows you to share a desktop environment across a network and connect to it from another machine.

VNC comes in two halves; a server which shares a desktop and a client which allows you to connect. These different programs are available for a wide range of platforms, include Microsoft Windows, GNU/Linux, Macintosh, and more.

Debian contains several different VNC-related packages allowing you to share your desktop, or connect to others with ease.

There are several servers packaged for the Debian distribution. To understand why it might be useful to know some of the history of the VNC software.

Initially VNC was a research project which was available from its old homepage. Over time development forked into two different versions:

None of that matters too much, except to explain some of the names you might come across. Each of the available clients works with each of the available servers - just some features might not be available such as file transfers.

To get started with VNC you'll obviously need to install a server and a client, which server to install depends on what you want to do.

If you wish to login to a machine and make it's display available to another machine for when you leave you'll want to install the x11vnc package.

If instead you wish to have each incoming connection get a new desktop which is not related to anything on the active X11 desktop you'll need to install the vncserver package.

Using x11vnc

x11vnc is a very simple program to use, it's a program which will make your currently running desktop available accross the network without any security by default.

If you're logged into X on a machine, and you wish to go work at another desktop, or from a different room and security isn't a concern then it's perfect.

Before you leave you just need to run:

x11vnc -many &

The -many parameter means that when a connection is terminated it starts listening again for many more incoming connections - note that only one connect at a time is supported.

If you have a group of machines on a LAN then you might wish to consider starting the program when you login to X.

If you wish to use password protection you can do that too, by storing the password in a file as follows:

x11vnc -storepasswd 'my-password' ~/.x11vncpasswd

Once the password has been stored (in a scrambled fashion) you can tell the server to use it as follows:

x11vnc -rfbauth ~/.x11vncpasswd
Using vncserver

This package allows you to setup a password protected server to which a client can connect and get a pristine desktop - this desktop isn't connected to any running X11 window system.

Typically this is the server that users want, partly because of the password protection, and partly because it's distinct from the desktop environment which the server might be running.

Install the server with the predictable:

apt-get install vncserver

Once the server is installed you need to do two things:

  • Setup a password to control access.
  • Optionally customize the server.
  • Start the server.

To setup the initial password you must run:


This will save a scrambled password in the file ~/.vnc/passwd.

Once that's been done you can create a new server by invoking:


This will start a new server and show you the "desktop" it is running upon. This is something that you'll need to know when connecting to the server.

Because more than one VNC server can be available at a time upon a host there's a notion of the "desktop number" which a given server is running on.

These desktop numbers start at 1, and increase.

The first server you'll start on the machine lappy will be called lappy:1, the next will be lappy:2, and so on.

(lappy and lappy:1 are synonymous - which is why when you connect with a client you can just use the hostname lappy, that means to connect to the first server).

If you wish to change the way the server runs you've got a couple of choices.

You can modify the global configuration by editting the file /etc/vnc.con, copying this file to your home directory and naming it .vncrc will affect just servers you start.

Another common option is to adjust the window manager that remote users will recieve.

For example if you have the GNOME desktop installed for your use you might wish incoming connections to use a more light-weight window manager such as IceWM. To do that you modify the file ~/.vnc/xstartup.

You can mandate a window manager by changing this file to read, for example:

exec icewm

Of course once you've started one of the servers you'll need a client. One popular client is xvncviewer.

Installation is simple:

apt-get install xvncviewer

Once it's installed you can connect to a running server by using:

xvncviewer hostname

If invoked with no arguments you'll be prompted for the host you wish to connect to, and if necessary a password.



Posted by Kellen (68.15.xx.xx) on Sat 7 May 2005 at 18:19
[ View Weblogs ]
You can of course tunnel your vnc connection, doing:
ssh -L 5901:localhost:5900 uer@servername
logging in and running:
Then on your local VNC viewer, connecting to
I use a putty, so the tunneling configuration is in the SSH > SSH > Tunnels section. You'll put 5901 in the "Source port", localhost:5900 in the "Destination" and select "Local" from the radio buttons, then click "Add".

[ Parent | Reply to this comment ]

Posted by Kellen (68.15.xx.xx) on Sat 7 May 2005 at 18:23
[ View Weblogs ]

Yay for typos:

  • "uer" should of course be "user"
  • "I use putty,"
  • and the putty configuration is in: Connection > SSH > Tunnels

Is there a way to edit comments?

[ Parent | Reply to this comment ]

Posted by Steve (82.41.xx.xx) on Sat 7 May 2005 at 18:29
[ View Steve's Scratchpad | View Weblogs ]

If you login to a remote machine via SSH, even with X11Forwarding setup you'll not be able to start a new x11vnc session.

Or am I missing what you really meant?


[ Parent | Reply to this comment ]

Posted by Kellen (68.15.xx.xx) on Sat 7 May 2005 at 18:44
[ View Weblogs ]

You are correct, I was thinking about attatching to an existing desktop.

If you don't already have a running desktop (but do have a GDM login, for example) you can still start one up, but it's a little more roundabout and requires you run as root temporarily.

Log in (with the aforementioned tunneling), su to root, then run:

x11vnc -display :0 -auth /var/gdm/:0.Xauth

(on Debian, it's not /var/gdm/ but somewhere slightly different, I don't recall offhand where)

Then you should be able to connect with your VNC client and log in. Typically the vnc session will then quit, and you should back down to your normal user and run x11vnc as that user.

I realize this doesn't solve the "x session which is completely disassociated with a screen display," but it is useful in many circumstances.

This is in the x11vnc faq here.

[ Parent | Reply to this comment ]

Posted by paulbm (88.96.xx.xx) on Mon 2 Jan 2006 at 15:50
Just run across that exact scenario. On debian its:
x11vnc -auth /var/lib/gdm/:0.Xauth
This will give you the gdm login screen, after logging you in it may kick you out, but that could be because I have vino installed and that took over vnc display:0.

[ Parent | Reply to this comment ]

Posted by Anonymous (24.212.xx.xx) on Sun 6 Jan 2013 at 20:54
Just to add to this, if you are using Linux Mint Debian Edition:

x11vnc -auth /var/lib/gdm/:0.Xauth

Same like everything mentioned above, except for the path name. Additionally, once you log on, please quit and run the x11vnc again with proper encryption and SSL tunnelling.



[ Parent | Reply to this comment ]

Posted by Anonymous (24.212.xx.xx) on Sun 6 Jan 2013 at 20:57
Oops I forgot to change the path name:

x11vnc -auth /var/lib/mdm/:0.Xauth

[ Parent | Reply to this comment ]

Posted by elivs (202.0.xx.xx) on Sat 7 May 2005 at 22:36
I would like to do exactly what your doing. From work I can ssh using putty to my home box where I usually run mutt. I would like to be able to ssh in with putty to tunnel, then run vnc to display kmail. I'd like to leave my currently running desktop at home alone. (I know kmail only allows one instance of itself, but it closes the other instances automatically)

I'm sure many others here have similar requirements of displaying 1 application on a remote windows machine. One option is to use cygwin+Xfree but vnc sound like a better solution.

my questions are:
1) are ports 5901 + 5900 standard/configurable or do they change with each instance of a vnc server you start?

2) From what I can tell above the "vncsever" pacakge is what I want on my home box. This way my already running desktop session at home won't close. Is this right?

2) What vnc server do you use on windows clients? Preferably I'd like to use one that I could carry on a usb-drive without installing locally each time. (similiar to portable firefox, putty + winscp)

3) will I need to run a window manager on my vnc session? If so I guess a light one like suggest in the article is best. eg. IceWM
Any other pointers would be greatlly appreciated.


[ Parent | Reply to this comment ]

Posted by Kellen (68.15.xx.xx) on Sun 8 May 2005 at 00:23
[ View Weblogs ]
Steve notes above that vncserver is for getting "a pristine desktop - this desktop isn't connected to any running X11 window system." This means that if you are running a normal X session on your home box (say, locked with xscreensaver) you can just use x11vnc (no need for vncserver) to attach to that existing X session.

1) I believe 5900 is the standard port for the first x11vnc connection. Beyond that, I'm unsure. I also believe that 5901 is used for the local port because it indicates the first "virtual" desktop, e.g. localhost:1 (whereas 5900 would be localhost:0).

2) You don't need vncserver just to attach to existing X sessions. If you want an X session independent of the actual screen, it would be useful, but I'm not sure how one would access that session locally.

2 number 2) I use realvnc free edition viewer. It runs about 300k.

3) Unlike a forwarded X session, vnc transfers what are essentially screenshots of what is happening on the remote computer. You don't need to change your WM, unless you want to =)

[ Parent | Reply to this comment ]

Posted by Anonymous (159.117.xx.xx) on Sun 8 May 2005 at 11:07
To reply to my own comment...

Spent some time reading and working out what suits my needs best. At home I leave my kde session running. When I use vnc I get another seperate session which defaults to icewm. That is, I'm running two seperate GUI sessions. One local and one remote. These sessions independent of each other.

Here is what I got working, that suits my needs.

1) I use vncserver package on the debian machine
2) I use ultravnc for the windows client. It has stand alone binaries that I can keep it on my key drive.
3) I tunnel using ssh, as described above. The normal ports are 5901, 5902...
4) On the server machine run vncserver to start a server, then connect using the vnc. I tested this from a windows box on my home network so I wouldn't have to worry about tunneling until I had everything working.
5) Optimise
a) copy /etc/vnc.conf to ~/.vncrc
b) edit ~/.vncrc for your own preferences. I change the Xsession file to:
$vncStartup = "$ENV{HOME}/.vnc/Xsession";
c) in this Xsession file I change all occurances of "$HOME/" to "$HOME/.vnc/" This means that all vnc errors, logs, setting etc can be set independly of normal X sessions.
d) I put "exec icewm-session" into the file "~/.vnc/xsession" (Note the lower case, its a different file from Xsession.

This way config and logs for normal X sessions are in $HOME while for vnc controlled X sessions its all $HOME/.vnc/

I'm amazed how flexable vnc is.


[ Parent | Reply to this comment ]

Posted by Steve (82.41.xx.xx) on Sun 8 May 2005 at 16:39
[ View Steve's Scratchpad | View Weblogs ]

It is very flexible, for example one thing that I didn't cover is that using x11vnc you don't necessarily need to share the whole desktop.

You can share a single application if you invoke it with :

x11vnc -id pick

This will let you click upon the window you wish to share, and when clients connect they will only see that application - not the rest of your desktop!


[ Parent | Reply to this comment ]

Posted by Anonymous (82.122.xx.xx) on Sun 8 May 2005 at 10:41
Is there any way to have direct rendering on a remote connection?

[ Parent | Reply to this comment ]

Posted by Anonymous (84.141.xx.xx) on Mon 9 May 2005 at 16:17
more typos: "xvncviwer hostname"

also on my Debian (sarge) the command is "vncserver". There is no "xvncserver". Also in all VNC-server documents the path to Xvnc in inted.conf is wrong and should be fixed to /usr/bin/Xvnc.

[ Parent | Reply to this comment ]

Posted by Steve (82.41.xx.xx) on Mon 9 May 2005 at 16:34
[ View Steve's Scratchpad | View Weblogs ]

Thanks for that - I've fixed the two typos now. (xvncviwer /xvncviewer; and xvncserver/vncserver).

As for your other comment regarding inetd.conf, that confuses me. The vncserver package doesn't touch inetd....


[ Parent | Reply to this comment ]

Posted by Anonymous (62.254.xx.xx) on Mon 9 May 2005 at 16:53
great article, i have been wondering about an alternative to realvnc / tightvnc. The reason i use a vnc package is i need to connect to windows machines as well as *nix so really need an app that will support pretty much anything. Id prefer something free as realvnc costs £ :]


[ Parent | Reply to this comment ]

Posted by Anonymous (130.231.xx.xx) on Thu 12 May 2005 at 10:33
Vnc is a bit tedious and go^W old network-transparent X almost works quite often, especially over ssh with X forwarding on.

It's a shame that the plan9 model is not available on a more useful system.

[ Parent | Reply to this comment ]

Posted by Steve (82.41.xx.xx) on Thu 12 May 2005 at 10:42
[ View Steve's Scratchpad | View Weblogs ]

True network transparancy and X is great - but there are many circumstance where it doesn't work.

Without something like xmove you can't detatch and move running programs to another host - which VNC easily allows.

VNC also has the massive upside that it is cross-platform. I can connect from my Windows XP desktop at work to a Solaris Server, then connect again from my Debian machine at home.


[ Parent | Reply to this comment ]

Posted by Anonymous (140.247.xx.xx) on Fri 20 May 2005 at 15:22
freenx is some proxys and stuff for doing X over a network better. It's built on nx by (who have a win client)

It's better than VNC provided you don't want to serve windows desktops to *nix

[ Parent | Reply to this comment ]

Posted by Anonymous (62.2.xx.xx) on Wed 20 Jul 2005 at 10:38
I'm sorry, but that's not true.
I use daily nxviewer to connect to Win vnc server and nxdesktop to start a remote session on a Windows machine. The NX clients replace all the vnc client transparently and they work much faster.
Essentially, when you have an NX client suite you connect to whatever VNC, tightVNC NXserver, rdesktop....

[ Parent | Reply to this comment ]

Posted by Anonymous (80.185.xx.xx) on Sat 26 Nov 2005 at 22:18
I am sure that the following setup can be done with VNC but not with FreeNX. If it were possible that would be great.

Linux "multiplexing" server with VNC allows Windows clients to connect to display their desktop without manual intervention on the server side while also allowing other Windows clients to connect to see that desktop. This allows for ad-hoc shared screens even if all clients are behind NAT and have no control over the router.

Please tell me if this can be done with FreeNX. I'd love the bandwidth savings.

Rolf -

[ Parent | Reply to this comment ]

Posted by Anonymous (210.55.xx.xx) on Thu 12 May 2005 at 22:49
just in case anyone is interested gemsvnc is an alternative which has worked well for me in the past.


[ Parent | Reply to this comment ]

Posted by Anonymous (194.66.xx.xx) on Mon 23 May 2005 at 12:33
Another way of installing a vnc server is via your XF86Config-4 file by adding the following to the relevant sections:

Section "Module"
Load "vnc"

Section "Screen"
Option "passwordFile" "/root/.vnc/passwd"

[ Parent | Reply to this comment ]

Posted by suspended user oasis (24.75.xx.xx) on Tue 14 Jun 2005 at 16:07
I need to remotely administrate some PCs on the far side of a freewswan firewall. Currently, I've been using ssh/putty to connect to the firewall then telneting to the PCs and using CLI and PSTools. But it's way too limited. The situation I would like to end up with is just as though I had a VNC client on my windows laptop and a vnc server on each of the PCs - and a direct connection, so I would have graphical control. This thread deals with a lot of these elements, but I've never used vnc in a linux environement before. What do you guys think? Is this scenario I'm looking for doable by connecting to the firewall with putty then running a linux-based vnc client to connect to the PCs?

[ Parent | Reply to this comment ]

Posted by Anonymous (85.16.xx.xx) on Tue 12 Jul 2005 at 22:03
This will work if you have a big, fat and fast connection between your pc and the firewall.

But a direct connection between your vnc client and the vnc server is better because exporting X produces much more overhead than transmitting only vnc.

[ Parent | Reply to this comment ]

Posted by Anonymous (193.251.xx.xx) on Wed 27 Jul 2005 at 15:01
I have start vncserver on a ssh session
but when i want to connect with vncviewver, i have a small screen !
When i start vncserver on the linux desktop, i have a normal screen, but with this user, i can't start any program on my desktop, only with vncviewver

Can you explan me what's append ?

[ Parent | Reply to this comment ]

Posted by Anonymous (129.241.xx.xx) on Fri 30 Dec 2005 at 01:32
Good Article!

[ Parent | Reply to this comment ]

Posted by suspended user sxm20 (24.6.xx.xx) on Sat 18 Mar 2006 at 16:43
I am trying apt-get install x11vnc and here is the error that I get.
localhost:/etc# apt-get install x11vnc
Reading Package Lists... Done
Building Dependency Tree... Done
The following extra packages will be installed: debianutils e2fslibs e2fsprogs initscripts libc6 libc6-dev libxdamage1 libxfixes3 libxinerama1 locales lsb-base
Suggested packages: gpart parted e2fsck-static glibc-doc
The following packages will be REMOVED: base-config
The following NEW packages will be installed: libxdamage1 libxfixes3 libxinerama1 lsb-base x11vnc
The following packages will be upgraded: debianutils e2fslibs e2fsprogs initscripts libc6 libc6-dev locales
7 upgraded, 5 newly installed, 1 to remove and 692 not upgraded.
Need to get 920kB/13.5MB of archives.
After unpacking 4440kB of additional disk space will be used.
Do you want to continue? [Y/n] Y
Get:1 testing/main libxdamage1 6.9.0.dfsg.1-4 [192kB]
Get:2 testing/main libxfixes3 6.9.0.dfsg.1-4 [195kB]
Get:3 testing/main libxinerama1 6.9.0.dfsg.1-4 [192kB]
Get:4 testing/main x11vnc 0.7.1-5 [341kB]
Fetched 920kB in 0s (1109kB/s)
E: This installation run will require temporarily removing the essential package e2fsprogs due to a Conflicts/Pre-Depends loop. This is often bad, but if you really want to do it, activate the APT::Force-LoopBreak option. E: Internal Error, Could not early remove e2fsprogs

I am getting similar error when I tried vncserver. Anybody has any idea? Will it be sage to use "APT::Force-LoopBreak" option. I am running on testing/unstable.

[ Parent | Reply to this comment ]

Posted by Steve (82.41.xx.xx) on Sat 18 Mar 2006 at 16:59
[ View Steve's Scratchpad | View Weblogs ]

This problem isn't related to X11vnc, but to a messed up Apt state.

I'd try running:

apt-get update
apt-get upgrade

That might help .. but i'm concerned that you say you're running "testing/unstable". Mixing distributions is going to cause you pain sooner or later, I'd suggest you pick one and use only that one.


[ Parent | Reply to this comment ]

Posted by suspended user sxm20 (24.6.xx.xx) on Mon 20 Mar 2006 at 03:13
thanks Steve,
I finally got it to work by running
apt-get -o APT::Force-LoopBreak install e2fsprogs
and then I installed vncserver and it worked fine.

what is the best way to move to single distribution. what would be your recommended approach.


[ Parent | Reply to this comment ]

Posted by hq4ever (87.69.xx.xx) on Wed 5 Jul 2006 at 20:04
To all of you who used to getting stock on a single console because your main tty session is there: You can continue it elsewhere with a nice utility called linuxvnc
Also Check vncommand

[ Parent | Reply to this comment ]

Posted by Anonymous (118.174.xx.xx) on Sun 18 May 2008 at 12:13
Your articles is very useful for my Debian Laptop. But with my colo-server
Hardware : Intel board S3000AH, Cpu Xeon,2 GB ram,SATAII 500*4 GB
OS configuration
- Debian 4.0r3 install only base system then add another package later.
- apt-get install xserver-xorg
- apt-get install vnc4server
- apt-get install nautilus //then come up with a lot MB
- set passwd for normal user and run vnc4server :13
Here is my log file

debcolo:/home/spawn/.vnc# cat debcolo\:1.log

Xvnc Free Edition 4.1.1 - built Feb 26 2007 22:44:55
Copyright (C) 2002-2005 RealVNC Ltd.
See for information on VNC.
Underlying X server release 40300000, The XFree86 Project, Inc

Sun May 18 17:21:50 2008
vncext: VNC extension running!
vncext: Listening for VNC connections on port 5901
vncext: created VNC server for screen 0
Could not init font path element /usr/X11R6/lib/X11/fonts/misc, removing from list! ... (My laptop's log file has font missing like this but can remote via vnc so ignored it)

Fatal server error:
could not open default font 'fixed'
xsetroot: unable to open display 'debcolo:1'
vncconfig: unable to open display "debcolo:1"

(x-window-manager:9452): Gtk-WARNING **: cannot open display:

(gnome-terminal:9451): Gtk-WARNING **: cannot open display:

Problem is Fatal serve error, I had serached over the Internet but still cannot solve this.

My Debian laptop different from myserver are
- Installation choice. I use desktop environment too.
- RC0 .(colo-server use RC3)

Both of my debian (laptop and colo-server) can get gnome-desktop by xstart of Xmanager Enterprise via ssh port. But so slow.

My next phase will going to reinstall colo-server with installation choice Desktop environment in order to vnc but I have to remove unused package like OpenOffice and more.


[ Parent | Reply to this comment ]

Posted by Anonymous (122.170.xx.xx) on Tue 18 Jun 2013 at 11:52
Good article regarding VNC remote support tool. VNC is a quality remote support tool. Additionally, one can even deploy on premise remote support appliance such as RHUB or Bomgar appliances in order to remotely access computers.

[ Parent | Reply to this comment ]

Sign In







Current Poll

Will you stick to systemd as the default in Debian?

( 899 votes ~ 35 comments )