On a 64-bit CentOS 5.8 box.

## Install necessary packages

    yum -y install vnc vnc-server

## Set up VNC users

    useradd vncuser
    su vncuser
    vncpasswd

Enter the password you'll use to connect. This creates a `.vnc` file in the user's homedir. Now edit `~/.vnc/xstartup` to uncomment the lines pertaining to a normal desktop:

    unset SESSION_MANAGER
    exec /etc/X11/xinit/xinitrc

## Set up the VNC configuration

I added this to `/etc/sysconfig/vncservers`:

    # No SSH tunneling
    VNCSERVERS="2:support"
    VNCSERVERARGS[2]="-geometry 800x600 -nolisten tcp -nohttpd"

## Set firewall rules

Look at the `2:support` above. The number is added to ports 5800, 5900 and 6000 for connections.

|  Port  |                             Function                             |
|--------|------------------------------------------------------------------|
| 5800+n | For Java-based VNC viewers (e.g. through a webstart application) |
| 5900+n | VNC Client port                                                  |
| 6000+n | X Server port                                                    |

At a bare minimum, port 590**2** must be open. If you want other fancy stuff, open ports 580**2**, 590**2** and 600**2** (do this securely; see section below).

## Start the VNC Service

    service vncserver start

Test, test, test!

## Using VNC Securely

To tunnel your VNC connection through SSH, add `-localhost` to VNCSERVERARGS in `/etc/sysconfig/vncservers`. In the example above,

    VNCSERVERS="2:support"
    VNCSERVERARGS[2]="-geometry 800x600 -nolisten tcp -nohttpd -localhost"

Restart the VNC service. We're now listening on port 5902 for *local connections to that port only*.

### Client-side connection

Easy peasy:

    ssh -L 5902:localhost:5902 support@server.example.com -N

Tunnels all requests on port 5902 on your computer to port 5902 on the server ("-L") and doesn't execute any commands ("-N", port-forwarding only.) You can add "-f" to push this into the background.

## Troubleshooting

If you cannot start the VNC service (i.e. get a "FAILED"), make sure that you do these in order:

1.  `useradd vncuser`
2.  `su vncuser`
3.  `vncpasswd vncuser`
4.  `exit`
5.  `service vncserver restart`

Step 2 is important! You need to *be* the user when setting your VNC password. `vncpasswd vncuser` as root won't work.

## Sources

-   <http://wiki.centos.org/HowTos/VNC-Server>