Set up the VNC Server in Fedora

43 Comments

This article describes in brief how to configure VNC server instances for one or multiple users on a remote machine, how to use VNC to start graphical applications on boot and finally how to enhance security by connecting to the server through encrypted SSH tunnels.

"Virtual Network Computing (VNC) is a desktop protocol to remotely control another computer. It transmits the keyboard presses and mouse clicks from one computer to another relaying the screen updates back in the other direction, over a network." -WikiPedia-

This article describes in brief how to configure VNC server instances for one or multiple users on a remote machine, how to use VNC to start graphical applications on boot and finally how to enhance security by connecting to the server through encrypted SSH tunnels.

Prerequisites

A user account should exist on the remote machine.
The RPM packages vnc-server and vnc should be installed on the remote machine and your workstation respectively.

Setting up the server

I assume that we have setup a remote user account, named "leopard" and we want to start an X session through VNC for this user.

In Fedora Core or Red Hat based distros in general, all we have to do is define the VNC server instances in /etc/sysconfig/vncservers. These will be started by the vncserver initscript. This has to be done as root. Edit this file so that it contains the following:

VNCSERVERS="3:leopard"
VNCSERVERARGS[3]="-geometry 1024x768 -depth 16"

With these we define that a vnc server instance should be started as user leopard on display 3 and we also set some options for this server such as resolution and color depth. Each VNC server instance listens on port 5900 plus the display number on which the server runs. In our case, leopard’s vnc server would listen on port 5903.

For multiple vnc instances /etc/sysconfig/vncservers would look like this:

VNCSERVERS="1:tiger 2:albatros 3:leopard"
VNCSERVERARGS[1]="-geometry 1024x768 -depth 16"
VNCSERVERARGS[2]="-geometry 800x600 -depth 8"
VNCSERVERARGS[3]="-geometry 1024x768 -depth 16"

These would listen on ports 5901, 5902, 5903 respectively.

User Configuration

There is one more thing that needs to be done on the remote machine. User leopard’s vnc password needs to be set. So, as user leopard give the command:

# vncpasswd

We are prompted for a password. This is the password that we will use when we connect to leopard’s vnc server instance. This password is saved in /home/leopard/.vnc/passwd.

Start the VNC server

After the initial configuration is done we restart the vnc service. As root:

# service vncserver restart

To make VNC server to start on boot:

# chkconfig vncserver on

More User Configuration

After the VNC service is started, some new files are created in /home/leopard/.vnc/ directory. These include leopard’s vnc server log file, pid file and an X startup script. As user leopard we edit the script in order to customize some settings. The default /home/leopard/.vnc/xstartup script contains some commands that are executed when the VNC server is started. These include:

xsetroot -solid grey
vncconfig -iconic &
xterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
twm &

xsetroot in this case sets the background color.
vncconfig is a supplementary program that can be used to control the vnc server. Apart from this, when run without arguments it acts as a helper application and its main purpose is to provide support for clipboard transfers between the client (vncviewer) and the vnc server.
xterm starts an xterm terminal.
twm starts the X server’s default window manager. We probably want to change that to a more user friendly window manager, eg fluxbox.

The VNC server, apart from letting us control a remote machine using a graphical interface, it serves as a way to start graphical applications on boot. For example, I want my favourite p2p program, amule, to start on boot. So, I add this to the /home/leopard/.vnc/xstartup script. This is how my xstartup file looks like:

xsetroot -solid grey
vncconfig -iconic &
xterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" -e ./menu &
amule &
fluxbox & 

menu is a script of mine that is executed when xterm is started.
Remember to put the "&" symbol after each command, so that it goes to the background and the xstartup script continues on.

Restart the VNC service for the changes to take effect. As root:

# service vncserver restart

Connect to the VNC server

In our example, leopard’s vnc server listens for connections on port 5903. So, open this port in the remote machine’s firewall.

We connect to the remote machine using a vnc viewer. Having installed the vnc package, connect to to the server with the following command:

# vncviewer 192.168.0.1:5903:3

The general usage is :

vncviewer [Server's IP]:[Port]:[Display]

We are prompted for the password and eventually connect to the server. Closing the vncviewer’s window, does not affect the server or the programs we run on it. If we reconnect everything will be there.

Special Note: There is no need, actually it’s pointless and could give you some trouble, to logoff from your remote X session. If this happens, generally you need to restart the VNC service on the remote machine to get your remote desktop back. If you want to stop working on your remote desktop, just close the vncviewer’s window and you are done.

Security

The VNC protocol is not a secure communication protocol. The use of a vnc password provides security at the level of server access (it’s vulnerable to brute-force attacks though), but the whole VNC session is transmitted in the clear, without encryption. The easiest, but most effective, way to secure our connection to the VNC server is to connect through an encrypted SSH tunnel. This way the whole session will be encrypted.

The rest assume that you have the SSH server up and running on your remote machine (server.example.com) and you know what SSH tunnels are.

So, what we are going to do is to create an encrypted tunnel, and connect to our VNC server through it. We also want this tunnel to be automatically closed as soon as we shut down vncviewer. All this is done with the following command:

# ssh -f -L 25903:127.0.0.1:5903 leopard@server.example.com sleep 10; vncviewer 127.0.0.1:25903:3

This is what it does:

  • -L 25903:127.0.0.1:5903 forwards our local port 25903 to port 5903 on the remote machine. In other words, it creates the tunnel.
  • -f forks the SSH session to the background, while sleep is being executed on the remote machine. This ssh option is needed because we want to execute the following command (vncviewer) in the same local machine’s terminal.
  • vncviewer connects to the forwarded local port 25903 in order to connect to the VNC server through the encrypted tunnel.

The sleep command is of major importance in the above line as it keeps the encrypted tunnel open for 10 seconds. If no application uses it during this period of time, then it’s closed. Contrariwise, if an application uses it during the 10 sec period, then the tunnel remains open until this application is shut down. This way the tunnel is automatically closed at the time we close vncviewer’s window, without leaving any SSH processes running on our workstation. This is pure convenience! More information can be found at the Auto-closing SSH Tunnels article.

Using SSH tunnels to conect to your VNC server has two advantages:

  1. The whole session is encrypted.
  2. Keeping port 5903 open on your remote machine is no longer needed, since all take place through the SSH tunnel. So, noone will know that you run a VNC server on the remote machine.

Further Reading

I recommend that you read the man pages. Everything is in there:

# man vncserver
# man Xvnc
# man vncconfig
# man vncviewer
# man ssh

Set up the VNC Server in Fedora by George Notaras is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
Copyright © 2005 - Some Rights Reserved

43 responses on “Set up the VNC Server in Fedora

  1. Norman Rasmussen Permalink →

    If you want a ‘Terminal Services’ like login interface. I suggest you try out VNC Session Manager. It supports creating new sessions, and disconnecting from them (and later reconnecting), etc.

  2. George Notaras Post authorPermalink →

    polarizer:
    Probably, I should have included those links in my post, but I’m glad you posted them. I have tried these VNC implementations myself, they work very well and they certainly have advantages over the original VNC. I wrote this small article because VNC is what comes with the Fedora installation media, so this is the new user’s first acquaintance with remote computing.

    Norman Rasmussen:
    Your VNC Session Manager sounds very nice! I’ll give it a try in the next days.

    Bogdan Mustiata:
    Right! I too believe that the NX technology is the future in remote computing. Less consumed bandwidth, native encryption support etc.

  3. brunson Permalink →

    Creating an ssh tunnel is an unnecessary step. Read the vncview man page section on the ‘via’ option. Running ‘vncviewer -via machine.running.vncserver localhost:2’ will have vncviewer create the ssh tunnel for you. I find it particularly useful for accessing my sessions through a firewall since I can do ‘vncviewer -via mybastion.host mydesktop:2’

    I’m also suprised you don’t mention that vnc support is built into gnome. If you go into your menu items: Desktop -> Preferences -> Remote Desktop you can gain remote access to your gnome session running on the console. Not exactly the same as what you’re describing, but useful, nonetheless.

    I’m interested in having my vncserver session run my default gnome desktop. Has anyone sussed out the details on making that happen?

  4. George Notaras Post authorPermalink →

    brunson:
    You are right. Maybe I should have mentioned this one too. Anyway, the method to create the ssh tunnel and execute vncviewer I describe in this post is what probably happens behind the scenes when using the -via option. I wanted to emphasize it, as it can be used with other applications, which do not have native ability to start an ssh tunnel. The goal is to have the ssh tunnel automatically closed at the time the application, which uses it, is closed, so that the user does not have to kill the ssh process manually. Both these ways do this. The method you mentioned is quicker though, as it requires less typing :-)

    Describing how to use GNOME’s VNC server implementation (Vino) was not the point of this post. Although it’s very convenient, it requires that a resource-hungry GNOME session is running on the remote machine. I also think that using vnc-server instead of vino provides more flexibility.

    To start a gnome session through vnc you could try adding the following in the ~/.vnc/xstartup file:
    exec /usr/bin/gnome-session &
    But, I think you should try a lightweight WM like fluxbox. I’m sure you will like it.

  5. Dietrich Permalink →

    VNC really handy and if you are going thru a dial-up authentication server to DHCP you can tunnel (port forward) your session from ‘locahost’ and set compression ‘on’ with ssh for example:

    $ssh -C -o CompressionLevel=9 -L 5900:locahost:5900 username@remotehost.com

    Then, invoking vncviewer with locahost:5900 tunnel encrypts (and compresses!) the connection, which makes a BIG difference over POTS.

    But here’s something even BETTER.

    http://www.novell.com/coolsolutions/feature/16247.html

    What’s funny is the ‘Warning’ on the website: “Once you’ve used NX you’ll NEVER GO BACK to VNC…”

    I am using the FreeNX nxserver on SuSE 10.0 with an nxclient for Linux and Windows and it is AWESOME in terms of screen writes, you can’t tell the difference from a local screen session and it passes thru sound to your remote client too! Nothing comes close to it. Best thing since ‘sliced bread’.

    Try NX! (But don’t throw away VNC) ;)

  6. Dietrich Permalink →

    P.S.
    I’ve used Fedora Core since version 1. So don’t flame the Novell SuSE reference!!

  7. George Notaras Post authorPermalink →

    Thanks for your comment, Dietrich.

    I’m not the type of person that would start a flame about two major distributions :-) I had downloaded OpenSUSE 10 at the time it was released, but didn’t have the time to check it out. The same goes with Ubuntu 5.10. They are great pieces of work, but I’m stuck with Fedora Core.

    Sure, compression is a great feature and it limits bandwidth usage, very useful with dial-up connections. The -C option enables compression for protocols 1 and 2. However, the -o CompressionLevel=9 option applies only for connections using the SSH-1 protocol. At least, this is what the man page says. I’m not aware of how the compression level is handled with SSH-2.

    The Novel guide for setting up a FreeNX server, with the outstanding warning :-), looks very good, but I don’t have a SUSE installation to try this out. For Fedora users there is a great article at FedoraNews.org:
    http://fedoranews.org/contributors/rick_stout/freenx/
    I haven’t tried this either due to lack of free time.

  8. Jorge Permalink →

    Hi,

    Nice tutorial. Thanks for writing it. I have a question on using the sleep command while putting the ssh session on the background (-f). I don’t really understand this part. Shouldn’t the ssh session be running “sleep 10” on the background? That is, isn’t SLEEP counting 10 seconds on the background? and as soon as it reaches 10 it will resume and thus the tunnel will brake? I used your line and it works great…it’s just that I really don’t quite get it.

    I’ll apprecaite your comments!
    Thanks again,
    Jorge

  9. George Notaras Post authorPermalink →

    Thanks, Jorge.
    I’ll begin with the forking of the SSH session to the background, because this is what it’s all about.

    If the -f option is not used:

    # ssh -L 25903:127.0.0.1:5903 leopard@server.example.com

    We actually create the tunnel, but at the same time we login to the remote shell. In this case, it’s necessary to open another local terminal in order to execute vncviewer. This is unconvenient.

    By using the -f option we avoid logging into our remote machine’s shell, so we remain at our local terminal and can execute commands locally. But the use of this option needs one of the following things:
    – we have to execute a command on the remote machine, otherwise -f does not work
    – or we have to use the -N option together with -f. This way there is no need to execute any commands on the remote machine. This has one major disadvantage which I’ll explain later.

    So, the question is "which command should we execute on the remote machine when using the -f option?". We do not need to start any particular process, we just want to start an SSH tunnel. This is where the sleep command comes really handy, because:
    – It does nothing
    – It can be set to give us enough time to start another process at our local machine which will use the SSH tunnel.

    So, we start the tunnel with the following command:

    # ssh -f -L 25903:127.0.0.1:5903 leopard@server.example.com sleep 10

    Executing the following command before the 10 seconds pass,

    # ps ax | grep ssh | grep -v grep

    we see that an SSH process runs in the background. After the 10 seconds pass, the last command shows no output. This means that sleep was executed on the remote machine for 10 seconds and then the SSH process ended, closing the tunnel at the same time.

    If we execute vncviewer in a way that it connects to the server through the SSH tunnel before the 10 seconds pass, then the SSH process we had previously started does not end after the 10 secs, because the tunnel it had created is being used by another process, vncviewer in this case.

    If we close vncviewer, then the tunnel is not being used any more. The SSH process we had previously started does not have any more jobs to do. It has completed its task, the execution of the sleep command, so it now ends together with vncviewer.

    The following command on the local machine confirms that:

    # ps ax | grep ssh | grep -v grep

    I had mentioned the -N option before. This makes it possible to use the -f option without executing any commands on the remote machine. So, we could have started the tunnel with this:

    # ssh -f -N -L 25903:127.0.0.1:5903 leopard@server.example.com

    The only advantage of its use is that we can start an SSH tunnel without leaving our current local terminal, so we can execute other commands from our local machine. However, the drawback is that this SSH process runs forever. It would never close automatically, meaning the the user has to kill it. That’s why it’s not convenient.

    It had taken me some time to figure all this out. Recently I discovered that this way of starting an SSH tunnel is documented in the OpenSSH FAQ. I must have been blind not noticing it when I was trying to figure these things out.

    I wrote this very fast. I hope this helps.

  10. Jorge Permalink →

    Thanks for that excellent explanation George. I got it now :)

    Jorge

  11. Andy E Permalink →

    Gotta crack holes in iptables for this? Seems that way… anybody have a guide?

  12. leenus Permalink →

    It is an excellent guide

  13. James M Permalink →

    Wanted to include a note for any newbs out there that firewall setup under Fedora Core 4 requires the use of the “iptables” function… which I believe is enabled by default and blocks port 5900-5903. I realize this is a duplicate of Andy E’s earlier comment, but hopefully this will save others from my painful road of discovery.

    I’d recommend reading more at http://netfilter.org/documentation/index.html . The commands that worked for me are included below: (I can now use “vncviewer” to access my FC4 vncserver from anywhere in my 192.168.x.x subnet)

    DISCLAIMER: I have a private 192.168.x.x subnet so I’m not paranoid about security. I would **NOT** recommend exposing 5900-5903 to the internet; that’s just asking for trouble. (use the SSH techniques described above instead)

    $ su root
    # /sbin/iptables -I INPUT -p tcp --destination-port 5900:5903 -j ACCEPT
    # mv /etc/sysconfig/iptables /etc/sysconfig/iptables.backup
    # /sbin/iptables-save > /etc/sysconfig/iptables

  14. Kyle Permalink →

    After about an hour of messing with VNC settings, I read somewhere that the $home/.vnc/xstartup needs to be executable by the server (744 or 755). That fixed my problem. But other than that, AWESOME walkthrough. Thanks a lot!!!

  15. George Notaras Post authorPermalink →

    Yes, since xstartup is a script, it should have the executable bit enabled, but I think you are right and this should be clarified in the article. Thanks for your feedback.

  16. kumar Permalink →

    Excellent article. Well written. Thanks.

    Is there a way to disable vncviewer creating persistant desktop. i.e I want to
    close the vnc desktop when I logout.

    Currently If I close the window & reconnect again I do get the screen with no gnome menus.

    I have to restart the vncserver to see the screen correctly.

    Kumar

  17. George Notaras Post authorPermalink →

    Logging out of a VNC session has no point. To completely shut down the VNC session, you need to stop the vncserver service. Please read the Special Note in the above document.

    There are other configurations of the VNC server, so that, when you connect with your vncviewer, the display manager login screen is displayed, so you can login and log out of your remote desktop session. Maybe you should try this implementation if it suits your needs, but this is not described in the above document. Thanks for your comment.

  18. Chris Wornell Permalink →

    Great article! I had a question about the following:

    Keeping port 5903 open on your remote machine is no longer needed, since all take place through the SSH tunnel. So, noone will know that you run a VNC server on the remote machine.

    When you state 5903 is no longer needed, do you mean that port 5903 on the remote machine no longer needs to accept requests from remote machines? I assume the port has to still be open since SSH needs to forward the data to the VNC daemon somehow, but since that part of the forwarding is done locally, the port can be closed to all remote hosts?

  19. George Notaras Post authorPermalink →

    Hi Chris,
    Opening ports on the firewall of the machine that runs VNC server instances is only needed when you connect directly to those server instances with a vncviewer from the client machines. When the connections take place through an SSH tunnel, the only port that needs to be open on the server machine’s firewall is port 22 (TCP) or whatever port your SSH server listens on. Client machines do not need to have any open ports in either case.

    When you state 5903 is no longer needed, do you mean that port 5903 on the remote machine no longer needs to accept requests from remote machines?

    Actually, this means that port 5903 does not need to directly accept requests from the client machines. It still accepts requests, but this happens behind the server machine’s firewall, so that port does not need to be open. All take place through the SSH tunnel.

  20. Evad Permalink →

    Thanks for the article! Although, couldn’t get VNC client to connect, even after punching a hole for it through the firewall (and yes, the vncserver service is running :-( I think must be a problem with the client though….

    I noticed that this version of the server also allows connections via HTTP on port 5802. So, I set IPTABLES to accept traffic on this port ( /sbin/iptables -I INPUT -p tcp --destination-port 5802 -j ACCEPT ) and now find that going to http://IP_ADDRESS:5802/ with a web browser on the client machine downloads & launches a VNC client in Java! (which seems to connect to the VNC service just fine) This rocks!! :-D

  21. George Notaras Post authorPermalink →

    Evad, indeed the VNC server accepts connections through HTTP on the 58xx series of ports and the communication takes place through a java applet. This functionality has not been mentioned in the above article because there is a significant decrease in performance this way. But, I’ll add this info to the article for completeness, when I find some time to revise it. Thanks for your feedback.

    On the other hand, I cannot find a reason of not being able to connect to your VNC service through the standard 59xx port (5902 I assume in your case). IIRC, there was a faulty version of the VNC server some months ago on Fedora, which had such a problem, but this had been fixed rather quickly. Maybe you should try upgrading if you haven’t done so. Apart from that and taking into account that the remote user’s VNC service has been configured properly, I cannot think of any other reason for not being able to connect.

  22. Chris Permalink →

    I want to let someone else VNC into my RedHat box, and be able to watch them moving the mouse and typing on my screen.

    How do I do this??

    In other words: I do *not* want to fire up a new X-session: I just want VNC to connect to my existing physical desktop – the same as Windows does.

  23. George Notaras Post authorPermalink →

    In order to connect to your currently running desktop on the remote machine, all you need to do is to share your desktop through vino, GNOME’s VNC server implementation.

    If you want a VNC session to be shared, the -Shared and/or -ViewOnly vncviewer options are what you should be looking for. These options are pretty useful. I will probably mention them within the article when I revise it.

    Thanks for your feedback.

  24. Vinod Permalink →

    Hi,
    Good article. Well explained. Thanks.

    Now, I have a problem here. I could configure my vncserver to use only with root user and password. Can I get a solution to make work with other users?(Multiple users simultaneously). I am able to connect from WindowsXP using VNCviewer.

    If I add any normal user in /etc/sysconfig/vncservers, at the time of restarting the vncserver service , I am getting a error message “vncserver is failed to restart”. Can you give a solution for this. Where do I need to configure my other users.

    Message appear, while restarting vncserver
    ————————-Message——————–
    Shutting down VNC server: 5:vinod
    Can’t find file /home/vinod/.vnc/vinod.aptechutc.com:5.pid
    You’ll have to kill the Xvnc process manually

    [FAILED]
    Starting VNC server: 5:vinod [FAILED]

    ————————————————–
    vinod is a norrmal user.

    Thanks

    Vinod Chandran

  25. George Notaras Post authorPermalink →

    Hello Vinod, This error message appears because you have probably deleted the VNC instance’s PID file (/home/vinod/.vnc/vinod.aptechutc.com:5.pid) by hand while the VNC service was running, so, when you try to shut down the service, it does not know which process to kill (missing PID file), so it outputs the error.

    Run the following:

    ps ax | grep vnc | grep -v grep

    It will show the vnc process ID (PID) numbers. Issue a kill for each process, eg:

    kill 2433

    Repeat the above step for every Xvnc or vncconfig process.

    Check if there are any *.pid files inside the /home/vinod/.vnc/ directory. If there are, delete them.

    Next, follow the above instructions and configure only one user to test it, assign a vnc password to that user as described above and finally start the vnc service with service vncserver start

    Finally, running graphical applications either locally or remotely via VNC as root is not recommended. Please try to use unprivileged users for this task for the sake of security.

    Hope these help.

  26. Răzvan Sandu Permalink →

    Hello all,

    And thanks a lot, GNot, for your great work !

    Now, just a single question: how does one see the remote Fedora machine using TightVNC (or other client) from a *Windows* machine ? A typical Windows user will expect that program performs in PCAnywhere’s style: you can connect from the Windows machine (even if no local user is logged in on the Fedora box), type in the password for a local account and work in it as if you were in front of remote machine’s console…

    Can you please add this in your tutorial?

    Many thanks !
    Răzvan

  27. George Notaras Post authorPermalink →

    Hello Răzvan,
    I have never used TightVNC before, but I assume that you can connect to the VNC server, that runs on the remote Fedora machine, with any VNC client (either from Windows or any other operating system), provided that you use the correct info (as I have described in the tutorial above). For example:

    vncviewer 192.168.0.1:5901:1

    You wrote:

    you can connect from the Windows machine (even if no local user is logged in on the Fedora box), type in the password for a local account and work in it as if you were in front of remote machine’s console

    You want to connect to the remote fedora machine with a vnc client and you want the login-screen to be displayed, so to enter a remote user’s username/password in order to connect to the remote desktop? If this is what you want, you will need to configure the VNC server in a different way, so that the GDM display manager is shown whenever you connect to the VNC service. This method is a completely different approach and I don’t think that it could fit in the above tutorial. Please have a look at this tutorial I found on the fedora forums. Hope it helps you out.

    Thanks for your feedback.
    Best Regards :)

  28. penguin Permalink →

    Two questions:

    1. Can you point me to or provide some good information on securely connecting to the vnc-server at the “graphical greeter” login screen. (I’m using Fedora)

    2. Can you disable others from viewing the remote screen while you are connected to it from a remote location. I mean people that would actually be in front of the server while you are connected to it.

  29. George Notaras Post authorPermalink →

    Answers:

    1. I am sure I had seen such information at the Fedora Forums. You can securely connect to the VNC server (either remote desktop or graphical greeter) through an SSH tunnel, as described in this article.

    2. You can use the gdmsetup utility to configure these setting from a graphical interface.

  30. P. K. Permalink →

    I can configure my server (on FC-5 Linux) and it starts fine but when I attempt to connect to it
    from a client on windows machine, I get this error:
    { when I debug it using TCPDUMP }

    server-name > client-name unreachable – admin prohibited, length 56

    On the server I have:

    VNCSERVERARGS=”2:username” (actual user name here)
    VNCSERVERARGS[2]=”-geomatry 800×600″

    Can someone tell what is going on my server which is maing it refuse connection?
    I can start local VNC viewer on the sever machine, but remote connection is prohibited.

    Thanks in advance.

  31. George Notaras Post authorPermalink →

    Smells like a network misconfiguration or a firewall that prohibits connection to the vnc service.

  32. BKing1138 Permalink →

    P.K.,

    Was the “-geomatry 800×600” a typo? If not, then should that not be “-geometry 800×600”?

    If your /etc/sysconfig/vncservers files is actually correct, then I would agree it is likely that your firewall is not allowing the connection.

  33. George Notaras Post authorPermalink →

    @BKing1138: Thanks for your feedback.
    Right, I didn’t notice that mistake… In that case the vnc instance most probably does not start correctly. The logfile inside the ~/.vnc/ directory should be checked and of course the “geometry” statement should be written properly.

  34. Yusuf Permalink →

    Thiis is a very detailed article. After reading several others and failing, I felt like this gave the best explanation. However I am still having issues. Here is what happens:

    1.

    [root@fel1 ~]# service vncserver restart
    Redirecting to /bin/systemctl restart vncserver.service
    Failed to issue method call: Unit vncserver.service failed to load: No such file or directory. See system logs and ‘systemctl status vncserver.service’ for details.

    2. So I say, let’s continue to try if service does not work. So as root I simply isssue command:
    [root@fel1 ~]# vncserver

    New ‘fel1:1 (root)’ desktop is fel1:1

    Starting applications specified in /root/.vnc/xstartup
    Log file is /root/.vnc/fel1:1.log

    3. Then I go to my windows machine and start the vcn viewer and in the ip address field I put it
    192.168.1.78:5901:1

    But I get the message:

    unable to connect to host: A socket operation was attempted to an unreachable host (10065)

    I have setup my windows firewall to open port 5901 and set up my router to forward port 5901.

    What is the meaning of the message from service command and then from the viewer?

  35. AlicVG Permalink →

    Setup VNC server.

    # yum install tigervnc-server

    Make new configuretion for display N.

    For display :2
    # cp /lib/systemd/system/vncserver@.service /lib/systemd/system/vncserver@:2.service

    Replace parametr “”:

    #ExecStart=/sbin/runuser -l -c “/usr/bin/vncserver %i”
    ExecStart=/sbin/runuser -l myuser -c “/usr/bin/vncserver %i -geometry 1366×768″
    #ExecStop=/sbin/runuser -l -c “/usr/bin/vncserver -kill %i”
    ExecStop=/sbin/runuser -l myuser -c “/usr/bin/vncserver -kill %i-geometry 1366×768″

    Restart.

    # systemctl daemon-reload

    Set password VNC for user myuser

    # su – myuser
    $ vncpasswd
    Password:
    Verify:
    $ exit
    logout
    #

    Enable & run vnc service.

    # systemctl enable vncserver@:2.service
    # systemctl start vncserver@:2.service

    Set firewall
    -A INPUT -m state –state NEW -m tcp -p tcp –dport 590 -j ACCEPT

  36. Alex Ogheri Permalink →

    simply wanted to say thank you.
    I did it as you describe, and it worked perfectly!