How to Install and Configure a VNC Server on CentOS 7 for Remote Access
In this guide, we will walk you through the process of installing and configuring a VNC server on CentOS 7.x, enabling secure remote access from popular VNC clients such as TightVNC, RealVNC, and UltraVNC. We will specifically use TigerVNC Server, a free and reliable solution that creates stand-alone virtual desktops for each user session. By the end of this guide, you’ll have a fully functional VNC setup, allowing multiple users to connect to isolated desktop environments and manage your server or workstation remotely with ease.
Introduction
VNC (Virtual Network Computing) is a client-server protocol that allows a client computer (running a VNC client) to connect and control a remote computer (running on a VNC server). The software was developed by the Olivetti & Oracle research lab in Cambridge, UK, and its source code is still up to date and available under the General Public License (GNU).
Depending on the server software, the VNC client will connect to the active desktop (for example, as TeamViewer or AnyDesk programs) or a standalone virtual desktop (like the Windows RDP remote desktop protocol). The latter, perhaps more powerful and secure, especially if you need to manage the server computer because each session will be a unique environment, configured with the permissions and rights of the connected user. That's why we choose TigerVNC, which runs parallel sessions of the desktop environment of the computer (GNOME, KDE, or another GUI): this means that a virtual desktop will be created for each connection - this is exactly what we want.
Installing TigerVNC
Now let's see how we can install and configure TigerVNC on CentOS. The first thing to do is to install the TigerVNC Server program by opening a terminal session and entering the following command with root privileges:
Immediately after that, you need to create a separate VNC user from which the connection will be made (with a dedicated password). To do this, enter the following:
Important: never do this as a root user - this will pose a serious threat to the security of your system. The best solution would be to leave the root user without access to VNC and set up a dedicated account with limited rights.
After you create vncuser and set a password for logging in, you also need to set a unique VNC password for this user. The command to do this is:
(the first line may be omitted if we are already logged in as vncuser in advance).
The next thing to do is create a VNC configuration file for vncuser. The quickest way to do this is to copy the shared VNC template file located in the /lib/systemd/system/ folder, and then change it:
The number 1 that we added to the new file name is the display number that will be used for this particular instance of the service. This is important to know because it will also determine the TCP port that will be used by our VNC server, equal to 5900 + display number. The first will be 5901, then 5902 and so on.
Immediately after copying you need to edit the new file using Vi, Nano or another text editor, and replace [USER] with the name of the user created recently (in our case, vncuser). This is how the file should look after the update (except for the long commented part at the beginning):
Description=Remote desktop service (VNC)
After=syslog.target network.target
[Service]Type=forking
# Clean any existing files in /tmp/.X11-unix environment
ExecStartPre=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'
ExecStart=/usr/sbin/runuser -l vncuser -c "/usr/bin/vncserver %i -geometry 1280x720"
PIDFile=/home/vncuser/.vnc/%H%i.pid
ExecStop=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'
[Install]
WantedBy=multi-user.target
Once you do this, you can reload the VNC daemon and run vncserver @ 1 with the following commands:
Before proceeding, verify that the service is running by entering the systemctl status command:
and create a symbolic link so that it always runs at system startup using the following command:
Another test that you can perform before trying to connect to the server is to look at the active network sockets using thesscommand: if everything works correctly, you should see that the VNC server is working and uses TCP port 5901. Execute the command:
The result should be as follows:
tcp LISTEN 0 128 *:6001 *:* users:(("Xvnc",pid=38344,fd=6))
tcp LISTEN 0 5 :::5901 :::* users:(("Xvnc",pid=38344,fd=10))
tcp LISTEN 0 128 :::6001 :::* users:(("Xvnc",pid=38344,fd=5))
If you see this, then everything is set up correctly.
Firewall setup
Since our VNC service is listening on TCP port 5901, you must be sure that such a port is open and accessible to external clients. Therefore, if you have a firewall installed, you must create an appropriate rule that allows VNC clients to connect.
How many ports to open will depend on how many VNC server instances you need. In our scenario, we did only 1, so you only need to open the first dedicated VNC port: TCP 5901, as we already said. The command to open this port on Firewalld:
It will not be superfluous to mention that you can also restrict this port to certain groups, IP addresses, network cards, or other simple or complex firewall rules.
Installing the graphical user interface (GUI)
If you already have GNOME, KDE, or other installed desktop environments, you can skip this step. Otherwise, you need to install one of them: the TigerVNC server will start a parallel instance of this desktop environment for each login session, which means that we must have at least one GUI.
GNOME
If you want a great, but heavyweight GNOME interface, enter the following:
Xfce
If you need a lightweight alternative, we can offer Xfce, a free, open-source environment for Unix-like platforms that works great with TigerVNC. GNOME also works great, but it quite resources intensive: if you want to save resources on your server machine, Xfce might be the best choice. To install it, enter the following:
Additional settings for Xfce
If you decide to use Xfce, you will also need to modify the file that was executed when the VNC session started. To do this, edit the file /home/<user>/.vnc/xstartup and change the exec entry (usually line 4) from etc/X11/xinit/xinitrc to startxfce4, as shown below:
unset SESSION_MANAGER
unset DBUS_SESSION_BUS_ADDRESS
exec startxfce4
vncserver -kill $DISPLAY
VNC client connection
Now that everything is set up, we can try to connect to our VNC service using a VNC client, such as TightVNC, UltraVNC or RealVNC, and see what happens. Remember to specify TCP port 5901 (if you followed our guide).
Possible problems
If your client cannot establish a working VNC connection, you need to check the following:
1. Connection problems - Firewall configuration: if you see pop-up errors that the client cannot connect to the remote host, you need to check your network and firewall configuration to make sure there are no blocking problems that could prevent the client from connecting to TCP server port 5901.
2. Black screen with the mouse - updating YUM or reinstalling the GUI: if you see a black screen with a working mouse cursor, it probably means that your VNC connection is working fine, but there is something that prevents the GUI from starting correctly desktop. For correction:
- Run yum update to install the latest versions of TigerVNC and the GUI itself. Be sure to keep track of any problems that occur during the installation phase.
- Uninstall and reinstall the GUI using the command yum remove / yum group remove and yum groupinstall again. If still nothing works, you can try installing a different GUI.
FAQ: Installing and Configuring VNC Server on CentOS 7
- Q: What is a VNC server and why use it on CentOS 7?
A: A VNC (Virtual Network Computing) server allows remote access to a graphical desktop environment on your CentOS 7 server. It is ideal for managing servers or desktops from anywhere using VNC clients like TightVNC, RealVNC, or UltraVNC. - Q: Which VNC server software is recommended?
A: In this guide, we use TigerVNC, a free and reliable VNC server that supports virtual desktop sessions for multiple users, ensuring each connection gets an isolated environment. - Q: How do I install TigerVNC on CentOS 7?
A: Install TigerVNC using the command:sudo yum install tigervnc-serverAfter installation, create a dedicated user for VNC connections and configure its password and VNC password.
- Q: How do I start and enable the VNC server?
A: After configuring the service file for your VNC user, reload the daemon and start the server with:systemctl daemon-reloadsystemctl start vncserver@:1systemctl enable vncserver@:1Verify the status with:
systemctl status vncserver@:1 - Q: Which ports should I open for VNC?
A: Each VNC instance uses TCP port 5900 + display number. For display :1, open port 5901 in your firewall using:firewall-cmd --add-port=5901/tcp --permanentfirewall-cmd --reload - Q: Can I use different desktop environments with TigerVNC?
A: Yes. You can use GNOME, KDE, or a lightweight alternative like Xfce. For Xfce, edit the ~/.vnc/xstartup file to start xfce4 instead of the default desktop. - Q: What should I do if I see a black screen or cannot connect?
A: Common issues include:
Firewall or network blocking the VNC port - verify firewall rules and connectivity.
GUI not starting correctly - try updating or reinstalling the GUI environment (yum update or reinstalling GNOME/Xfce). - Q: Can multiple users connect simultaneously?
A: Yes, TigerVNC supports multiple isolated sessions. Each user can have a separate virtual desktop configured with its own permissions.