VNC Server on RHEL

On a 64-bit CentOS 5.8 box.

Install necessary packages

yum -y install vnc vnc-server

Set up VNC users

useradd vncuser  
su vncuser  

Enter the password you’ll use to connect. This creates a .vnc file in
the user’s homedir. Now edit ~/.vnc/xstartup to uncomment the lines
pertaining to a normal desktop:

exec /etc/X11/xinit/xinitrc

Set up the VNC configuration

I added this to /etc/sysconfig/vncservers:

# No SSH tunneling  
VNCSERVERARGS[2]="-geometry 800x600 -nolisten tcp -nohttpd"

Set firewall rules

Look at the 2:support above. The number is added to ports 5800, 5900
and 6000 for connections.

Port Function
5800+n For Java-based VNC viewers (e.g. through a webstart application)
5900+n VNC Client port
6000+n X Server port

At a bare minimum, port 5902 must be open. If you want other fancy
stuff, open ports 5802, 5902 and 6002 (do this securely; see
section below).

Start the VNC Service

service vncserver start

Test, test, test!

Using VNC Securely

To tunnel your VNC connection through SSH, add -localhost to
VNCSERVERARGS in /etc/sysconfig/vncservers. In the example above,

VNCSERVERARGS[2]="-geometry 800x600 -nolisten tcp -nohttpd -localhost"

Restart the VNC service. We’re now listening on port 5902 for local
connections to that port only

Client-side connection

Easy peasy:

ssh -L 5902:localhost:5902 -N

Tunnels all requests on port 5902 on your computer to port 5902 on the
server ("-L") and doesn’t execute any commands ("-N", port-forwarding
only.) You can add “-f” to push this into the background.


If you cannot start the VNC service (i.e. get a “FAILED”), make sure
that you do these in order:

  1. useradd vncuser
  2. su vncuser
  3. vncpasswd vncuser
  4. exit
  5. service vncserver restart

Step 2 is important! You need to be the user when setting your VNC
password. vncpasswd vncuser as root won’t work.