XRDP has been my tool of choice for remote access to my Linux workstation. Recently I have become aware that it has been assessed to have a vulnerabilty at the network level. After some research I decided to replace it with TigerVNC which, at this time, is assessed to be more secure. Knowing my fellow developers will also need to install it I will be documenting my experiences of installing it on my XFCE Fedora Core 23 workstation.
I followed the directions found in the Fedora Project Documentation. I found the directions somewhat confusing and lacking when it came to the client. Normally I would expect the service file to automatically be installed when the server is installed. It isn’t and the next bit touches on why. The Systemd service file for TigerVNC looks different than other service files. As shown below Tiger VNC’s service file has an “@” symbol in its name. Without going into the details, the result is that you start can multiple instances of Tiger VNC by passing different display numbers to the service file during startup.
Let’s get started on setting up Tiger VNC. First step is to use YUM or DNF to install “vnc-server”
sudo dnf install vnc-server
Next we copy over a service file from the libraries to our Systemd service directory.
copy service file
Now we need to edit the vncserver@.service file to add your our name. I have provided a before and after look of the file. In my case I edit the file replacing with my login name "chris".
This file is owned by the root user and you will want to “sudo vim vncserver@.service” when editing the file. Or use whatever editor you prefer in place of vim.
Now we want to set a vnc password for our user. The following commands need to be run as the user which you added to the vncserver@.service file.
set vnc password
Next we want to reload the Systemd configuration. This is in case you already had Tiger VNC
configured. This command has Systemd reread its configurations.
Reload Systemd configuration
Set the password and set a view only password if you want one. The next step is to refresh Systemd, enable the Tiger VNC service and to start the service.
Restart Tiger VNC
The last step of the server setup is to open up your firewall. If you are using firewalld you can run firewall-config and select “vnc-server” under services in the runtime and permanent configurations. If you are using a different firewall you will probably want to open up ports 5900 to 6000.
The next step is to download the Tiger VNC Client from their GitHub site. From there you can follow the links to the latest download site. The client is a straight binary executable without an install program. Drop it in a folder and run it. The last tricky bit is you will need to add a “:1” to the end of your DNS/IP address to tell the client which display number to connect to.