View Full Version : connecting to remote desktop display :0

20th December 2016, 12:36 AM
OK, since no one fedoraforum was able to help me sorting out a remote vnc connection , I suppose it's worth a quick guide.

The following assumes both ends are running Fedora 24 for simplicity's sake.

On the remote system which it is desired to control install the vnc server package:

dnf install tigervnc-server

On the local ( controlling end ) system install the vnc client:

dnf install tigervnc

display :0 is the physical display on the remote system, the one a real user gets when logging in to the machine from the keyboard. This is the one you will want to connect to to provide direct interaction in order to support a remote user: viewing and sharing the same thing he / she / it is seeing.

Since VNC is not a secure protocol it is best to run the connection via an SSH tunnel.

The following assumes that sshd is running and that port is open on the fedora firewall ( and on the adsl route's firewall if that is applicable ). This will be already be the case for out of the box Fedora.

If you wish to change the ssh port edit /etc/ssh/sshd_config , restart the sshd service and modify the firewall accordingly.

Since the vnc ports will now be passing through the SSH tunnel , there is no need to worry about firewall settings for those.

In the following <remote_user> and <remoteIP> should be replaced by the relevant values for the system being controlled.

The default VNC port for display :0 is 5900 , so setup a tunnel for this from a terminal window as a regular user. The port is set explicitly here but can be omitted if using port 22. The following line binds the local port 5900 to the remote port 5900 via a secure encrypted ssh tunnel:

ssh -p 22 <remote_user>@<remoteIP> -L 5900:localhost:5900

The remote system will ask for the remote user's password.
The first time it connects there will be prompt to accept the key for that system, type yes to accept.

Leave this terminal running and open a second terminal window on the local ( the controlling ) system:

ssh -p 22 <remote_user>@<remoteIP> -L 5901:localhost:5901
Again the remote system will ask for the remote user's password. Once logged in, start the vnc server. Since the link is secure there is little need to use a vnc password and this saves setting up and typing yet another pass word.

x0vncserver -display :0 -SecurityTypes None

This should respond with something like:

Mon Dec 19 23:03:14 2016
Geometry: Desktop geometry is set to 1366x768+0+0
Main: XTest extension present - version 2.2
Main: Listening on port 5900

Now the vnc viewer can be run from a third terminal window, as a regular user on the controlling system :

vncviewer DotWhenNoCursor=1 localhost:0

Here the viewer is told to connect to a vncserver on port 5900 of the same machine, but since this port is getting redirected it will, in fact, be connecting to the remote system.

This should result in something like the following in the terminal window and a graphic window showing a duplicate of everything as it appears to the remove user;

TigerVNC Viewer 64-bit v1.7.0
Built on: 2016-11-30 06:14
Copyright (C) 1999-2016 TigerVNC Team and many others (see README.txt)
See http://www.tigervnc.org for information on TigerVNC.

Mon Dec 19 23:18:44 2016
DecodeManager: Detected 2 CPU core(s)
DecodeManager: Creating 2 decoder thread(s)
CConn: connected to host localhost port 5900
CConnection: Server supports RFB protocol version 3.8
CConnection: Using RFB protocol version 3.8
CConnection: Choosing security type None(1)

Mon Dec 19 23:18:45 2016
X11PixelBuffer: Using default colormap and visual, TrueColor, depth 24.
CConn: Using pixel format depth 24 (32bpp) little-endian rgb888
CConn: Using Tight encoding

Mon Dec 19 23:18:50 2016
CConn: Throughput 519 kbit/s - changing to quality 6
CConn: Enabling continuous updates

Mon Dec 19 23:19:01 2016
CConn: Using Tight encoding

Pressing F8 in the remote window will produce a menu, allowing a few options including "Exit" to exit the vnc viewer.

The two remote logins can be dropped by typing exit command or by closing the terminal from which they were run.


This is not fully secured set up but should be enough to safely connect one single user home system to another one. If you have untrusted users on the same LAN at either end you may wish to read more about the security implications of that and add a vnc password or other measures.