Running on runlevel 5 is not a good idea for a server, I try to run servers on runlevel 3 with as minimal packages as needed. But sometimes you need a graphical application or a browser for some reason or another. You can use VNC to connect to the server and do it over SSH to make sure the communication is encrypted.

This guide is to enable VNC over SSH on a Linux Server. I will use CentOS 5.2 server for this guide.

I will allow only user john to be able to VNC/SSH to the server. Since I will be testing GUI based stuff, I will need a graphical environment installed. I do not need to run my server in graphical mode, but I need to have the proper packages installed.

1) Install the X Window System group

[root@server ~]# yum groupinstall “X Window System”

2) Install the vncserver

[root@server ~]# yum install vnc-server

3) As the user that will use VNC, create VNC password

[john@server ~]$ vncpasswd

4) Modify VNC configuration to allow X (/home/john/.vnc/xstartup)

 #!/bin/sh

# Uncomment the following two lines for normal desktop:
unset SESSION_MANAGER
exec /etc/X11/xinit/xinitrc

[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey
vncconfig -iconic &
xterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
twm &

5) Start the vncserver as the user who will have access, use a display number that you will remember, here I am using 2. Also use the following arguments to make sure it ONLY listens to the localhost.

[john@server ~]$ vncserver :2 -geometry 1024×768 -nolisten tcp -nohttpd -localhost

6) Check that the VNC service is only listening locally

[john@server ~]$ netstat -ntlp

tcp 0 0 127.0.0.1:5902 0.0.0.0:* LISTEN 7927/Xvnc

7) Ok, now lets connect using VNC over SSH
From a remote station you will start an SSH session and forward an arbitrary port(e.g. 5544) to the vnc server’s localhost address on port 5092. (It ends with 2 because you started the vnc server with :2)
That means that whenever you are on Server2 and you send packets to localhost on port 5544, those packets will be forwarded through the SSH tunnel to the vnc Server localhost on port 5902.

[alex@server2 ~]$ ssh -L5544:localhost:5902 john@server.example.com

8 ) Now on Server2 start a VNC client/viewer and on the server address, enter:

localhost:5544

9) Enjoy your secure VNC session!

VNC over SSH

VNC over SSH