Deploying LXDE with VNC desktop

From eddynetweb's cesspit
Jump to: navigation, search

Verification

This article has been tested with the following distributions, and seems to function properly:

  • Debian GNU/Linux
    • Wheezy (7), Jessie (8), Stretch (9)

You can help out by adding distributions which support this entry. Thank you!

Prerequisites

- This installation assumes you have access to root or sudo privileges. The installation of packages in this entry requires some form of global directory access, and therefore requires superuser privileges.

If you're not already root, or don't have access to superuser privileges via sudo, login to root using the command below:

su -

- If you're running a public server, make sure to open your firewall to port 5901 (by default), or if you change the default port (see "Security precautions"), set it to your corresponding port.

Installation

1. Make sure your packages are all up-to-date:

apt-get update & apt-get upgrade -y

2. Fetch the necessary LXDE files + TightVNC.

apt-get install xorg tightvncserver lxde-core lxde-icon-theme -y

3. Run TightVNC for the first time. This will create any necessary configuration files.

Note: TightVNC will ask you to put an 8 character password for first time use. It'll also ask you if you'd like to enable view-only mode. This mode will not allow the transmission of mouse and keyboard strokes to the server. If you want functionality, you should select "N" or "No" when it asks you.

tightvncserver :1 && tightvncserver -kill :1

4. Now open the following file with your text editor. We'll be using nano in this instance.

nano  ~/.vnc/xstartup

5. Adding the following parameters to the end of the file:

Note: Depending on your needs, you may want to adjust some settings from this file as well. For example, you can set "--geometry=100x50" to set you screen resolution.

lxterminal & /usr/bin/lxsession -s LXDE &

6. Now simply run the TightVNC server!

tightvncserver :1

7. Now you can login to your remote (or local) server via a VNC client (such as RealVNC, ChickenVNC, or TightVNC). You'll need to connect from port 5901 (default), although I highly recommend changing this (see below).

[IP or domain.tld]:5901

Security precautions

Always try to run a VNC session within an SSH tunnel! VNC by default offers no form of encryption, and is therefore susceptible to deep packet inspection and man-in-the-middle attacks. To run an SSH tunnel from a compatible SSH client, simply run below (assumes you're using the default port):

ssh -p [normally port 22] -L 5901:localhost:5901 user@hostname.tld

Also, a port change should be done for additional security. You can do by open the following file with your favorite text editor (we're using nano in this example):

nano /usr/bin/vncserver

...and change the 5900 to whatever you please. Keep in mind you will need to append additional numbers based on sessions (for example, if you choose port 15000 as a random port, you would connect to 15001 as the first generated VNC session). Don't forget to open any ports on firewalls (if any!).

$vncPort = 5900 + $displayNumber;

Running at startup

Adding this soon! Will be using systemd,