如何在Ubuntu 20.04上安装和配置VNC
介绍 (Introduction)
Virtual Network Computing, or VNC, is a connection system that allows you to use your keyboard and mouse to interact with a graphical desktop environment on a remote server. It makes managing files, software, and settings on a remote server easier for users who are not yet comfortable with the command line.
虚拟网络计算 (VNC)是一种连接系统,使您可以使用键盘和鼠标与远程服务器上的图形桌面环境进行交互。 对于尚不熟悉命令行的用户,它使在远程服务器上管理文件,软件和设置更加容易。
In this guide, you’ll set up a VNC server with TightVNC on an Ubuntu 20.04 server and connect to it securely through an SSH tunnel. Then, you’ll use a VNC client program on your local machine to interact with your server through a graphical desktop environment.
在本指南中,您将在Ubuntu 20.04服务器上使用TightVNC设置VNC服务器,并通过SSH隧道安全地连接到该服务器。 然后,您将使用本地计算机上的VNC客户端程序通过图形桌面环境与服务器进行交互。
先决条件 (Prerequisites)
To complete this tutorial, you’ll need:
要完成本教程,您需要:
One Ubuntu 20.04 server with a non-root administrative user and a firewall configured with UFW. To set this up, follow our initial server setup guide for Ubuntu 20.04.
一台Ubuntu 20.04服务器,具有非root用户和配置了UFW的防火墙。 要进行设置,请遵循我们针对Ubuntu 20.04的初始服务器设置指南 。
-
On Windows, you can use TightVNC, RealVNC, or UltraVNC.
在Windows上,可以使用TightVNC , RealVNC或UltraVNC 。
On macOS, you can use the built-in Screen Sharing program, or can use a cross-platform app like RealVNC.
在macOS上,您可以使用内置的屏幕共享程序,也可以使用RealVNC之类的跨平台应用程序。
On Linux, you can choose from many options, including
vinagre,krdc, RealVNC, or TightVNC.在Linux上,可以从许多选项中进行选择,包括
vinagre,krdc, RealVNC或TightVNC 。
步骤1 —安装桌面环境和VNC服务器 (Step 1 — Installing the Desktop Environment and VNC Server)
By default, an Ubuntu 20.04 server does not come with a graphical desktop environment or a VNC server installed, so you’ll begin by installing those.
默认情况下,Ubuntu 20.04服务器未安装图形桌面环境或VNC服务器,因此从安装它们开始。
You have many options when it comes to which VNC server and desktop environment you choose. In this tutorial, you will install packages for the latest Xfce desktop environment and the TightVNC package available from the official Ubuntu repository. Both Xfce and TightVNC are known for being lightweight and fast, which will help ensure that the VNC connection will be smooth and stable even on slower internet connections.
选择哪种VNC服务器和桌面环境时,您有很多选择。 在本教程中,您将安装适用于最新Xfce桌面环境的软件包以及官方Ubuntu存储库中提供的TightVNC软件包。 Xfce和TightVNC都以轻便,快速而著称,这将有助于确保即使在互联网连接速度较慢的情况下,VNC连接也将保持平稳。
After connecting to your server with SSH, update your list of packages:
使用SSH连接到服务器后,更新软件包列表:
- sudo apt update sudo apt更新
Now install Xfce along with the xfce4-goodies package, which contains a few enhancements for the desktop environment:
现在,将Xfce与xfce4-goodies软件包一起安装,其中包含针对桌面环境的一些增强功能:
- sudo apt install xfce4 xfce4-goodies sudo apt安装xfce4 xfce4-goodies
During installation, you may be prompted to choose a default display manager for Xfce. A display manager is a program that allows you to select and log in to a desktop environment through a graphical interface. You’ll only be using Xfce when you connect with a VNC client, and in these Xfce sessions you’ll already be logged in as your non-root Ubuntu user. So for the purposes of this tutorial, your choice of display manager isn’t pertinent. Select either one and press ENTER.
在安装过程中,系统可能会提示您选择Xfce的默认显示管理器。 显示管理器是一个程序,允许您通过图形界面选择并登录到桌面环境。 仅在与VNC客户端连接时使用Xfce,并且在这些Xfce会话中,您已经以非root用户Ubuntu用户身份登录。 因此,就本教程而言,与显示管理器的选择无关。 选择其中一个,然后按ENTER 。
Once that installation completes, install the TightVNC server:
安装完成后,安装TightVNC服务器:
- sudo apt install tightvncserver sudo apt安装tightvncserver
Next, run the vncserver command to set a VNC access password, create the initial configuration files, and start a VNC server instance:
接下来,运行vncserver命令以设置VNC访问密码,创建初始配置文件,并启动VNC服务器实例:
- vncserver vncserver
You’ll be prompted to enter and verify a password to access your machine remotely:
系统将提示您输入并验证密码以远程访问您的计算机:
Output
You will require a password to access your desktops.
Password:
Verify:
The password must be between six and eight characters long. Passwords more than 8 characters will be truncated automatically.
密码长度必须介于六到八个字符之间。 超过8个字符的密码将被自动截断。
Once you verify the password, you’ll have the option to create a view-only password. Users who log in with the view-only password will not be able to control the VNC instance with their mouse or keyboard. This is a helpful option if you want to demonstrate something to other people using your VNC server, but this isn’t required.
验证密码后,您可以选择创建仅查看密码。 使用仅查看密码登录的用户将无法使用其鼠标或键盘来控制VNC实例。 如果您想向使用VNC服务器的其他人演示某些内容,这是一个有用的选项,但这不是必需的。
The process then creates the necessary default configuration files and connection information for the server. Additionally, it launches a default server instance on port 5901. This port is called a display port, and is referred to by VNC as :1. VNC can launch multiple instances on other display ports, with :2 referring to port 5902, :3 referring to 5903, and so on:
然后,该过程将为服务器创建必要的默认配置文件和连接信息。 此外,它在端口5901上启动默认服务器实例。 此端口称为显示端口 ,VNC将该端口称为:1 。 VNC可以在其他显示端口上启动多个实例,其中:2表示端口5902 , :3表示端口5903 ,依此类推:
Output
Would you like to enter a view-only password (y/n)? n
xauth: file /home/sammy/.Xauthority does not exist
New 'X' desktop is your_hostname:1
Creating default startup script /home/sammy/.vnc/xstartup
Starting applications specified in /home/sammy/.vnc/xstartup
Log file is /home/sammy/.vnc/your_hostname:1.log
Note that if you ever want to change your password or add a view-only password, you can do so with the vncpasswd command:
请注意,如果您想更改密码或添加仅查看密码,可以使用vncpasswd命令执行此操作:
- vncpasswd vncpasswd
At this point, the VNC server is installed and running. Now let’s configure it to launch Xfce and give us access to the server through a graphical interface.
此时,VNC服务器已安装并正在运行。 现在,我们将其配置为启动Xfce,并通过图形界面使我们能够访问服务器。
步骤2 —配置VNC服务器 (Step 2 — Configuring the VNC Server)
The VNC server needs to know which commands to execute when it starts up. Specifically, VNC needs to know which graphical desktop environment it should connect to.
VNC服务器启动时需要知道要执行哪些命令。 具体来说,VNC需要知道应连接到哪个图形桌面环境。
The commands that the VNC server runs at startup are located in a configuration file called xstartup in the .vnc folder under your home directory. The startup script was created when you ran the vncserver command in the previous step, but you’ll create your own to launch the Xfce desktop.
VNC服务器在启动时运行的命令位于主目录下.vnc文件夹中名为xstartup的配置文件中。 在上一步中运行vncserver命令时创建了启动脚本,但是您将创建自己的脚本来启动Xfce桌面。
Because you are going to be changing how the VNC server is configured, first stop the VNC server instance that is running on port 5901 with the following command:
因为您将要更改VNC服务器的配置方式,所以首先使用以下命令停止在端口5901上运行的VNC服务器实例:
- vncserver -kill :1 vncserver -kill:1
The output will look like this, although you’ll see a different PID:
输出将如下所示,尽管您会看到不同的PID:
Output
Killing Xtightvnc process ID 17648
Before you modify the xstartup file, back up the original:
在修改xstartup文件之前,请备份原始文件:
- mv ~/.vnc/xstartup ~/.vnc/xstartup.bak mv〜/ .vnc / xstartup〜/ .vnc / xstartup.bak
Now create a new xstartup file and open it in a text editor, such as nano:
现在创建一个新的xstartup文件,并在文本编辑器(例如nano中将其打开:
- nano ~/.vnc/xstartup 纳米〜/ .vnc / xstartup
Then add the following lines to the file:
然后将以下行添加到文件中:
#!/bin/bash
xrdb $HOME/.Xresources
startxfce4 &The first line is a shebang. In executable plain-text files on *nix platforms, a shebang tells the system what interpreter to pass that file to for execution. In this case, you’re passing the file to the Bash interpreter. This will allow each successive line to be executed as commands, in order.
第一行是shebang 。 在* nix平台上的可执行纯文本文件中,shebang告诉系统使用什么解释器将该文件传递给执行器。 在这种情况下,您会将文件传递给Bash解释器。 这将允许每个连续的行按顺序作为命令执行。
The first command in the file, xrdb $HOME/.Xresources, tells VNC’s GUI framework to read the server user’s .Xresources file. .Xresources is where a user can make changes to certain settings of the graphical desktop, like terminal colors, cursor themes, and font rendering. The second command tells the server to launch Xfce. Whenever you start or restart the VNC server, these commands will execute automatically.
文件中的第一个命令xrdb $HOME/.Xresources告诉VNC的GUI框架读取服务器用户的.Xresources文件。 用户可以在.Xresources上更改图形桌面的某些设置,例如终端颜色,光标主题和字体渲染。 第二个命令告诉服务器启动Xfce。 无论何时启动或重新启动VNC服务器,这些命令都会自动执行。
Save and close the file after adding these lines. If you used nano, do so by pressing CTRL + X, Y, then ENTER.
添加这些行后,保存并关闭文件。 如果您使用过nano ,请按CTRL + X , Y ,然后按ENTER 。
To ensure that the VNC server will be able to use this new startup file properly, you’ll need to make it executable:
为了确保VNC服务器将能够正确使用此新启动文件,您需要使其成为可执行文件:
- chmod +x ~/.vnc/xstartup chmod + x〜/ .vnc / xstartup
Then restart the VNC server:
然后重新启动VNC服务器:
- vncserver -localhost vncserver-本地主机
Notice that this time the command includes the -localhost option, which binds the VNC server to your server’s loopback interface. This will cause VNC to only allow connections that originate from the server on which it’s installed.
请注意,这次命令包含-localhost选项,该选项将VNC服务器绑定到服务器的环回接口。 这将导致VNC仅允许来自其安装服务器的连接。
In the next step, you’ll establish an SSH tunnel between your local machine and your server, essentially tricking VNC into thinking that the connection from your local machine originated on your server. This strategy will add an extra layer of security around VNC, as the only users who will be able to access it are those that already have SSH access to your server.
在下一步中,您将在本地计算机和服务器之间建立SSH隧道,从本质上诱使VNC认为来自本地计算机的连接起源于服务器。 该策略将在VNC周围增加一层额外的安全保护,因为只有SSH可以访问您的服务器的用户才能访问它。
You’ll see output similar to this:
您将看到类似于以下的输出:
Output
New 'X' desktop is your_hostname:1
Starting applications specified in /home/sammy/.vnc/xstartup
Log file is /home/sammy/.vnc/your_hostname:1.log
With the configuration in place, you’re ready to connect to the VNC server from your local machine.
完成配置后,您就可以从本地计算机连接到VNC服务器了。
步骤3 —安全地连接到VNC桌面 (Step 3 — Connecting to the VNC Desktop Securely)
VNC itself doesn’t use secure protocols when connecting. To securely connect to your server, you’ll establish an SSH tunnel and then tell your VNC client to connect using that tunnel rather than making a direct connection.
连接时,VNC本身不使用安全协议。 为了安全地连接到服务器,您将建立SSH隧道,然后告诉您的VNC客户端使用该隧道进行连接,而不是直接建立连接。
Create an SSH connection on your local computer that securely forwards to the localhost connection for VNC. You can do this via the terminal on Linux or macOS with the following ssh command:
在本地计算机上创建一个SSH连接,该连接安全地转发到VNC的localhost连接。 您可以使用以下ssh命令通过Linux或macOS上的终端执行此操作:
ssh -L 59000:localhost:5901 -C -N -l sammy your_server_ip
ssh -L 59000 :localhost: 5901 -C -N -l sammy your_server_ip
Here’s what this ssh command’s options mean:
这是ssh命令的选项的含义:
-L 59000:localhost:5901: The-Lswitch specifies that the given port on the local computer (59000) is to be forwarded to the given host and port on the destination server (localhost:5901, meaning port5901on the destination server, defined asyour_server_ip). Note that the local port you specify is somewhat arbitrary; as long as the port isn’t already bound to another service, you can use it as the forwarding port for your tunnel.-L 59000 :localhost: 5901:-L开关指定将本地计算机上的给定端口(59000)转发到目标服务器上的给定主机和端口(localhost:5901,这意味着目标服务器上的端口5901,定义为your_server_ip)。 请注意,您指定的本地端口有些随意。 只要该端口尚未绑定到其他服务,就可以将其用作隧道的转发端口。-C: This flag enables compression which can help minimize resource consumption and speed things up.-C:此标志启用压缩,可以帮助最小化资源消耗并加快处理速度。-N: This option tellssshthat you don’t want to execute any remote commands. This setting is useful when you just want to forward ports.-N:此选项告诉ssh您不想执行任何远程命令。 当您只想转发端口时,此设置很有用。-l sammy your_server_ip: The-lswitch let’s you specify the user you want to log in as once you connect to the server. Make sure to replacesammyandyour_server_ipwith the name of your non-root user and your server’s IP address.-l sammy your_server_ip:-l开关让您指定要在连接到服务器后登录的用户。 确保用非root用户的名称和服务器的IP地址替换sammy和your_server_ip。
Note: This command establishes an SSH tunnel that forwards information from port 5901 on your VNC server to port 59000 on your local machine via port 22 on each machine, the default port for SSH. Assuming you followed the prerequisite Initial Server Setup guide for Ubuntu 20.04, you will have added a UFW rule to allow connections to your server over OpenSSH.
注意 :此命令建立SSH隧道,该隧道将信息从VNC服务器上的端口5901通过每台计算机上的端口22 (SSH的默认端口)转发到本地计算机上的端口59000 。 假设您已遵循针对Ubuntu 20.04的先决条件《 初始服务器设置指南》 ,则将添加UFW规则,以允许通过OpenSSH连接到服务器。
This is more secure than simply opening up your server’s firewall to allow connections to port 5901, as that would allow anyone to access your server over VNC. By connecting over an SSH tunnel, you’re limiting VNC access to machines that already have SSH access to the server.
这比简单地打开服务器的防火墙以允许连接端口5901安全性更高,因为这将允许任何人通过VNC访问您的服务器。 通过SSH隧道连接,可以将VNC访问限制为对服务器具有SSH访问权限的计算机。
If you are using PuTTY to connect to your server, you can create an SSH tunnel by right-clicking on the top bar of the terminal window, and then clicking the Change Settings… option:
如果您使用PuTTY连接到服务器,则可以通过在终端窗口的顶部栏上单击鼠标右键,然后单击“ 更改设置...”选项来创建SSH隧道:
Find the Connection branch in the tree menu on the left-hand side of the PuTTY Reconfiguration window. Expand the SSH branch and click on Tunnels. On the Options controlling SSH port forwarding screen, enter 59000 as the Source Port and localhost:5901 as the Destination, like this:
在“ PuTTY重新配置”窗口左侧的树菜单中找到“ 连接”分支。 展开SSH分支,然后单击“ 隧道” 。 在“ 控制SSH端口转发的选项”屏幕上,输入59000作为Source Port ,输入localhost:5901作为Destination ,如下所示:
Then click the Add button, and then the Apply button to implement the tunnel.
然后单击添加按钮,然后单击应用按钮以实现隧道。
Once the tunnel is running, use a VNC client to connect to localhost:59000. You’ll be prompted to authenticate using the password you set in Step 1.
隧道运行后,使用VNC客户端连接到localhost:59000 。 系统将提示您使用在步骤1中设置的密码进行身份验证。
Once you are connected, you’ll see the default Xfce desktop. It should look something like this:
建立连接后,您将看到默认的Xfce桌面。 它看起来应该像这样:
You can access files in your home directory with the file manager or from the command line, as seen here:
您可以使用文件管理器或从命令行访问主目录中的文件,如下所示:
Press CTRL+C in your local terminal to stop the SSH tunnel and return to your prompt. This will disconnect your VNC session as well.
在本地终端中按CTRL+C停止SSH隧道并返回到提示符。 这也将断开您的VNC会话。
Now you can configure your VNC server to run as a systemd service.
现在,您可以将VNC服务器配置为作为systemd服务运行。
步骤4 —将VNC作为系统服务运行 (Step 4 — Running VNC as a System Service)
By setting up the VNC server to run as a systemd service you can start, stop, and restart it as needed, like any other service. You can also use systemd’s management commands to ensure that VNC starts when your server boots up.
通过将VNC服务器设置为作为systemd服务运行,您可以像其他任何服务一样根据需要启动,停止和重新启动它。 您还可以使用systemd的管理命令来确保在服务器启动时VNC启动。
First, create a new unit file called /etc/systemd/system/[email protected]:
首先,创建一个名为/etc/systemd/system/[email protected]的新单元文件:
- sudo nano /etc/systemd/system/[email protected] 须藤纳米/etc/systemd/system/[email protected]
The @ symbol at the end of the name will let us pass in an argument you can use in the service configuration. You’ll use this to specify the VNC display port you want to use when you manage the service.
名称末尾的@符号将使我们传递您可以在服务配置中使用的参数。 您将使用它来指定管理服务时要使用的VNC显示端口。
Add the following lines to the file. Be sure to change the value of User, Group, WorkingDirectory, and the username in the value of PIDFILE to match your username:
将以下行添加到文件中。 确保在PIDFILE的值中更改User , Group , WorkingDirectory和用户名的值以匹配您的用户名:
[Unit]
Description=Start TightVNC server at startup
After=syslog.target network.target
[Service]
Type=forking
User=sammy
Group=sammy
WorkingDirectory=/home/sammy
PIDFile=/home/sammy/.vnc/%H:%i.pid
ExecStartPre=-/usr/bin/vncserver -kill :%i > /dev/null 2>&1
ExecStart=/usr/bin/vncserver -depth 24 -geometry 1280x800 -localhost :%i
ExecStop=/usr/bin/vncserver -kill :%i
[Install]
WantedBy=multi-user.targetThe ExecStartPre command stops VNC if it’s already running. The ExecStart command starts VNC and sets the color depth to 24-bit color with a resolution of 1280x800. You can modify these startup options as well to meet your needs. Also, note that the ExecStart command again includes the -localhost option.
如果ExecStartPre命令已经在运行,它将停止它。 ExecStart命令启动VNC并将颜色深度设置为24位颜色,分辨率为1280x800。 您也可以修改这些启动选项,以满足您的需求。 另外,请注意, ExecStart命令再次包含-localhost选项。
Save and close the file.
保存并关闭文件。
Next, make the system aware of the new unit file:
接下来,使系统知道新的单位文件:
- sudo systemctl daemon-reload sudo systemctl守护进程重新加载
Enable the unit file:
启用单位文件:
- sudo systemctl enable [email protected] sudo systemctl启用[email protected]
The 1 following the @ sign signifies which display number the service should appear over, in this case the default :1 as was discussed in Step 2.
@符号后的1表示服务应显示在哪个显示号上,在这种情况下,默认值:1如步骤2所述。
Stop the current instance of the VNC server if it’s still running:
如果VNC服务器的当前实例仍在运行,请停止它:
- vncserver -kill :1 vncserver -kill:1
Then start it as you would start any other systemd service:
然后像启动其他任何systemd服务一样启动它:
- sudo systemctl start vncserver@1 sudo systemctl启动vncserver @ 1
You can verify that it started with this command:
您可以验证它是否使用以下命令启动:
- sudo systemctl status vncserver@1 sudo systemctl状态vncserver @ 1
If it started correctly, the output should look like this:
如果正确启动,则输出应如下所示:
Output
● [email protected] - Start TightVNC server at startup
Loaded: loaded (/etc/systemd/system/[email protected]; enabled; vendor preset: enabled)
Active: active (running) since Thu 2020-05-07 17:23:50 UTC; 6s ago
Process: 39768 ExecStartPre=/usr/bin/vncserver -kill :1 > /dev/null 2>&1 (code=exited, status=2)
Process: 39772 ExecStart=/usr/bin/vncserver -depth 24 -geometry 1280x800 :1 (code=exited, status=0/SUCCESS)
Main PID: 39795 (Xtightvnc)
...
Your VNC server is now ready to use whenever your server boots up, and you can manage it with systemctl commands like any other systemd service.
现在,只要服务器启动,您的VNC服务器就可以使用了,您可以像其他systemd服务一样使用systemctl命令对其进行管理。
However, there won’t be any difference on the client side. To reconnect, start your SSH tunnel again:
但是,客户端不会有任何区别。 要重新连接,请再次启动SSH隧道:
ssh -L 59000:localhost:5901 -C -N -l sammy your_server_ip
ssh -L 59000 :localhost: 5901 -C -N -l sammy your_server_ip
Then make a new connection using your VNC client software to localhost:59000 to connect to your server.
然后使用您的VNC客户端软件与localhost:59000建立新连接以连接到服务器。
结论 (Conclusion)
You now have a secured VNC server up and running on your Ubuntu 20.04 server. Now you’ll be able to manage your files, software, and settings with a user-friendly graphical interface, and you’ll be able to run graphical software like web browsers remotely.
您现在已经在Ubuntu 20.04服务器上启动并运行了安全的VNC服务器。 现在,您将可以使用用户友好的图形界面来管理文件,软件和设置,并且可以远程运行Web浏览器之类的图形软件。
翻译自: https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-vnc-on-ubuntu-20-04