Setting up a VNC server on AWS EC2

Wikipedia provides a useful definition of Virtual Network Computing (VNC):

Virtual Network Computing (VNC) is a graphical desktop-sharing system that uses the Remote Frame Buffer protocol (RFB) to remotely control another computer. It transmits the keyboard and mouse input from one computer to another, relaying the graphical-screen updates, over a network.

What this means is that you can have access to a Graphical User Interface (GUI) on an AWS EC2 instance. I use and prefer the Command Line Interface (CLI) the majority of the times but a GUI is useful for certain tasks like visualisation. X11 forwarding is another option for accessing an application's GUI but that can be slow.

In this post, we will set up a VNC server on an EC2 instance and use it to access the GNOME Display Manager (GDM) on our local machine. We will use TigerVNC, which is a high-performance, platform-neutral implementation of VNC. TigerVNC provides the levels of performance necessary to run 3D and video applications, and it attempts to maintain a common look and feel and re-use components, where possible, across the various platforms that it supports. TigerVNC also provides extensions for advanced authentication methods and TLS encryption.

I prefer using Ubuntu as the operating system for my EC2 instances and setting up a VNC server on AWS EC2 is very easy.

There are many useful guides for starting an EC2 instance and connecting to it, so if you haven't done it before, please refer to one of them. Please use the latest version for Ubuntu when selecting an image. You will need to open port 5901 because that's the port we will use to connect to the VNC server.

Once you started an EC2 instance and SSH'ed into it, update the package manager and install the following packages (takes around 6-7 minutes) and restart the instance. I am using a t2.medium instance. (You can remove Firefox from the install line, if you are not going to use it.)

sudo apt update

time sudo apt install -y tigervnc-standalone-server tigervnc-xorg-extension tigervnc-viewer firefox ubuntu-gnome-desktop
# real    6m47.380s
# user    0m0.113s
# sys     0m0.243s

sudo shutdown -r now

Log into the instance again after it has finished restarting. Next, we will use systemctl to start the GNOME Display Manager. Make sure the status returns active and running. I have also included a command that disables the lock screen because I can't enter my password on the lock screen (even if I set a password for the ubuntu user using sudo).

sudo systemctl start gdm
sudo systemctl status gdm

# disable lock screen
gsettings set org.gnome.desktop.lockdown disable-lock-screen true

Finally, set a password for the VNC server (enter no for a view-only password), start the VNC server, and logout again.

vncpasswd

# Would you like to enter a view-only password (y/n)? n
# A view-only password is not used

vncserver
logout

On your local machine you will need a "VNC viewer", which you can think of as a VNC client. You can use VNC Viewer or install TigerVNC on your local machine and use vncviewer.

Once you finished setting that up, we will start an SSH tunnel from the EC2 instance to your local machine.

The parameters used with ssh to start the tunnel are:

  • -N - Do not execute a remote command. This is useful for just forwarding ports
  • -Y - Enables trusted X11 forwarding
  • -f - Requests SSH to go to background just before command execution
  • -L - Specifies that connections to the given TCP port or Unix socket on the local (client) host are to be forwarded to the given host and port

Replace amazon.pem with your actual SSH key and ipaddr should be the IP address of your EC2 instance.

ssh -N -Y -f -i amazon.pem -L 5901:localhost:5901 ubuntu@ipaddr

I am using TigerVNC on my local machine and I can connect to the VNC Server using vncserver. You will be prompted for a password after entering the command; enter the password you setup using vncpasswd.

vncviewer localhost:5901

That's it!

Print Friendly, PDF & Email



Creative Commons License
This work is licensed under a Creative Commons
Attribution 4.0 International License
.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.