This guide will take you through how to install and configure VNC Server on CentOS 8. VNC is an acronym for Virtual Network Computing. It makes it easy to share the graphical desktop of a system for remote control of the system.
Install and Configure VNC Server on CentOS 8
In this guide, we are using TigerVNC to setup VNC Server on CentOS 8. TigerVNC works in a client-server architecture with
vncserver being the utility that provides access to remote desktop and
vncviewer being the client used to connect to VNC server.
Install VNC Server on CentOS 8
VNC server is provided by the
tigervnc-server package which is available on the default CentOS 8 AppStream repos. Therefore, update your system and install VNC server by running the commands below;
sudo dnf update
sudo dnf install tigervnc-server
Configure VNC Server on CentOS 8
Create VNC Connection User Account
Once the installation completes, proceed to configure VNC server to define the users that are allowed to access remote desktop.
NOTE: The user must already be existing on the system.
You can however create a user account for VNC logins.
By default, CentOS 8 uses Wayland s the default X server. For the VNC logins to work, you need to force the login screen to use Xorg server by uncommenting the line
#WaylandEnable=false, on the
/etc/gdm/custom.conf configuration file.
sed -i 's/#WaylandEnable/WaylandEnable/' /etc/gdm/custom.conf
Reboot the System
Reboot your CentOS 8 system to apply the changes.
Once the system boots, login as the user with which you will be using for remote VNC desktop logins, in this case, johndoe.
Create VNC Systemd Service Unit file
Next, create a per user VNC systemd unit file under the home directory of every user you want to allow to connect to your remote desktop via VNC server.
For example, if you want to configure VNC server to provide a display for user,
johndoe, create the VNC systemd configuration file for this user under
As a user in question and create the service unit directory above;
[[email protected] ~]$ whoami
mkdir -p ~/.config/systemd/user
Create user vnc service as follows.
cat > ~/.config/systemd/user/[email protected] << 'EOL' [Unit] Description=Remote desktop service (VNC) After=syslog.target network.target [Service] Type=forking ExecStartPre=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :' ExecStart=/usr/bin/vncserver %i -geometry 1912x988 ExecStop=/usr/bin/vncserver -kill %i Restart=on-success RestartSec=15 [Install] WantedBy=default.target EOL
You can also restrict connection to the VNC server only through localhost (Loopback) interface by adding the keyword,
-localhost to the
ExecStart=/usr/bin/vncserver -localhost %i
Then when run, it only opens connection on localhost.
You can as well copy the
/usr/lib/systemd/system/[email protected] file to the user systemd service directory created above.
cp /usr/lib/systemd/user/[email protected] ~/.config/systemd/user
And modify it to suite your settings. For example, you can adjust the screen size geometry.
Reload systemd configurations to effect the changes made above.
systemctl --user daemon-reload
NOTE: If you get the error, Failed to connect to bus: No such file or directory, then you need to set your
XDG_RUNTIME_DIR environment variable properly (This is usually done automatically when you login via GUI). Setting this environment variable manually,
export XDG_RUNTIME_DIR=/run/user/$(id -u), doesn’t fix this.
To fix this, you MUST LOG OUT of your system and LOGIN as the user you will use for remote VNC logins, in this case
Once you login, you can confirm your environment variables, using
systemctl --user show-environment command.
[[email protected] ~]$ systemctl --user show-environment
DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1001/bus DESKTOP_SESSION=gnome DISPLAY=:0 GDMSESSION=gnome GDM_LANG=en_US.UTF-8 ... XDG_MENU_PREFIX=gnome- XDG_RUNTIME_DIR=/run/user/1001 ...
Create VNC Connection Password
Next, create the VNC password for the user whose VNC display has been configured. The password can set using the
When prompted to set the read-only password, you can choose to not to set it
The VNC passwords are stored under
Once you have set the password, logout by pressing
Ctrl+d or just type
Running VNC Server
VNC server can be run as a normal systemd service. However, to run it, you need to assign a display number to the service. Systemd will automatically substitute the
%i with the specified display number.
Start and enable VNC server on a specific display number, by running run the command below.
NOTE that am running this commands as remote VNC login user, johndoe in this case and starting VNC server on display number N.
Ensure that the display number you are using is not being used;
Start VNC on display number not being used currently.
systemctl --user enable [email protected]:2 --now
To ensure the service runs persistently, even when the user logs out, enable lingering;
To check the status;
systemctl status --user [email protected]:2
● [email protected]:2.service - Remote desktop service (VNC) Loaded: loaded (/home/johndoe/.config/systemd/user/[email protected]; enabled; vendor preset: enabled) Active: active (running) since Thu 2020-06-25 15:52:49 EDT; 13s ago Process: 10858 ExecStart=/usr/bin/vncserver :2 -geometry 1912x988 (code=exited, status=0/SUCCESS) Process: 10852 ExecStartPre=/bin/sh -c /usr/bin/vncserver -kill :2 > /dev/null 2>&1 || : (code=exited, status=0/SUCCESS) CGroup: /user.slice/user-1001.slice/[email protected]/vncserver.slice/[email protected]:2.service ├─10866 /usr/bin/Xvnc :2 -auth /run/user/1001/gdm/Xauthority -desktop centos8.kifarunix-demo.com:2 (johndoe) -fp catalogue:/etc/X11/fontpath.d -geometry 1912x988 -pn -rfbauth /home/johndoe/.vnc/passw> ├─10871 /bin/sh /home/johndoe/.vnc/xstartup ├─10878 /usr/libexec/gnome-session-binary ├─10887 dbus-launch --sh-syntax --exit-with-session ├─10888 /usr/bin/dbus-daemon --syslog --fork --print-pid 6 --print-address 8 --session ├─10930 /usr/libexec/at-spi-bus-launcher ├─10935 /usr/bin/dbus-daemon --config-file=/usr/share/defaults/at-spi2/accessibility.conf --nofork --print-address 3 ├─10939 /usr/libexec/at-spi2-registryd --use-gnome-session ├─10966 /usr/bin/gnome-shell ├─10976 /usr/libexec/gvfsd ├─11016 ibus-daemon --xim --panel disable ├─11018 /usr/libexec/xdg-permission-store ├─11025 /usr/libexec/ibus-dconf ├─11026 /usr/libexec/ibus-extension-gtk3 ├─11030 /usr/libexec/ibus-x11 --kill-daemon
You can as well stop the VNC server session by running;
systemctl --user stop [email protected]:2
Allow VNC Server Access on FirewallD
VNC server listens on TCP port 590N. Where N is the VNC display number. This port is incremented based on the VNC display number. For example, for a display number 2, the VCN listens on port 5902.
ss -alt | grep 590
LISTEN 0 5 0.0.0.0:5902 0.0.0.0:* LISTEN 0 5 [::]:5902 [::]:*
If firewalld is running, you need to open each VNC display port. For example to open port 5902 for display 2 on your active firewalld zone, execute;
ACTIVE_ZONE accordingly in the command below;
sudo firewall-cmd --add-port=5902/tcp --zone=ACTIVE_ZONE --permanent
sudo firewall-cmd --reload
Test VNC Server Connection
So how do you connect to your CentOS 8 desktop via the VNC server?
vncviewer is the commonly used VNC client for connection to remote desktops via VNC server.
Install TigerVNC package on CentOS 8, which provides
dnf install tigervnc
Once the installation is done, you can test VNC server connection to your CentOS 8 system from another host;
Where centos8.kifarunix-demo.com is the resolvable hostname for my CentOS 8 desktop with VNC server running. It can be an IP address.
If all is well, you will be prompted to enter the VNC authentication password.
Connected to RFB server, using protocol version 3.8 Performing standard VNC authentication Password: PASSWORD_SET_WITH_vncpasswd
After a successful authentication, you should now land on CentOS 8 desktop environment.
You have successfully connected to your remote CentOS 8 desktop via VNC server and that marks the end of our guide is all on how to install and configure VNC Server on CentOS 8.
You can use a more secure way of logging into to a remote desktop via VNC using SSH by following the link below.