Setting up a VNC Server on CentOS 7.x and secure ssh-tunnel


Server Configurations


Installing needed packages through yum

# yum groupinstall "GNOME Desktop"
# yum install tigervnc-server

Copying the default configuration/service file

# cp /lib/systemd/system/vncserver@.service /etc/systemd/system/vncserver@:<PORT>.service

<PORT> schould be set to the portnumber you want to use. Eg: 32 for port 5902

Modify the copied file to your needs

Description=Remote desktop service (VNC)

ExecStartPre=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'
ExecStart=/usr/sbin/runuser -l <USER> -c "/usr/bin/vncserver %i -geometry 1280x1024 -nolisten tcp -localhost"
PIDFile=<USER DIR>/.vnc/
ExecStop=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'


-geometry 1280x1024 -> assigns the resolution for the vnc-client.

-nolisten tcp -> disables login via tcp.

-localhost -> allows only login via localhost.

Replace <USER> and <USER DIR> with the user/user dir you want to login with

Open the port in the firewall

# firewall-cmd --permanent --zone=public --add-port=5902/tcp
# firewall-cmd --reload

Assign the port to your chosen one.

Login as the selected user and assign the vnc-password

# vncserver

The chosen password doesn't have to (and should not) be the regular login password.

Login in as root and start the service

# systemctl daemon-reload
# systemctl start vncserver@:2.service
# systemctl enable vncserver@:2.service

Again change the port accordingly.

Client Configuration


Using the CLI for the ssh-tunnel

# ssh -N -L 5902:localhost:5902 <USER>@<server>

This opens a tunnel to the vnc-server.

The port localhost:5902 on the client will tunnel to the port localhost:5902 on the server.

Substitute port, user and server accordingly.

Using PuTTy for the ssh-tunnel

Set the hostname, port and protocol under "Session" to SERVER ADRESS, 22 (for ssh) and ssh.

Under "Connection -> SSH -> Tunnels set the source port to 5902 (this is the port on the client) and as destination localhost:5902 (this is the port on the server).

Download a VNC-Viewer

There are several viable VNC-Viewer. Choose one to your liking and connect to localhost:5902