Ubuntu VNC怎样实现远程管理

1. Update System and Install VNC Server
Before configuring VNC, ensure your Ubuntu system is up-to-date. Open a terminal and run:

sudo apt update && sudo apt upgrade -y

Install a VNC server (e.g., TigerVNC for better performance or TightVNC for lightweight needs):

sudo apt install tigervnc-standalone-server -y  # Recommended for Ubuntu 22.04+  

2. Set VNC Password
Run the following command to set a secure VNC access password (at least 6 characters):

vncpasswd

• The password will be encrypted and stored in ~/.vnc/passwd.
• Note: This is the password for VNC connections, not your Ubuntu user password.

3. Configure Desktop Environment in xstartup
The ~/.vnc/xstartup file controls which desktop environment launches when you connect via VNC. Edit it with a text editor (e.g., nano):

nano ~/.vnc/xstartup

For GNOME (Ubuntu default): Replace the file content with:

#!/bin/sh
export GNOME_SHELL_SESSION_MODE=ubuntu
export XDG_CURRENT_DESKTOP=ubuntu:GNOME
export XDG_CONFIG_DIRS=/etc/xdg/xdg-ubuntu:/etc/xdg
exec /etc/X11/Xsession ubuntu-xsession

For XFCE (lightweight, recommended for older systems): Use:

#!/bin/sh
unset SESSION_MANAGER
unset DBUS_SESSION_BUS_ADDRESS
exec startxfce4

Save the file (Ctrl+O, Enter, Ctrl+X) and make it executable:

chmod +x ~/.vnc/xstartup

4. Start and Enable VNC Server
Start the VNC server with a display number (e.g., :1 for port 5901):

vncserver :1

• The first time you run this, it will create a default configuration file.
• To stop the server, use:

  vncserver -kill :1
  

To run VNC at system startup, enable the service:

sudo systemctl enable vncserver@:1.service
sudo systemctl start vncserver@:1.service

5. Configure Firewall (UFW)
If your Ubuntu system uses UFW (Uncomplicated Firewall), allow VNC traffic on the relevant port (default: 5901 for :1):

sudo ufw allow 5901/tcp
sudo ufw reload

6. Connect via VNC Client
On your local device (Windows/macOS/Linux), install a VNC client (e.g., TigerVNC Viewer, RealVNC Viewer). Open the client and enter:

<Ubuntu_Server_IP>:5901  # Replace with your server's IP and port

Enter the VNC password you set earlier to access the remote desktop.

7. Enhance Security with SSH Tunneling (Recommended)
Directly exposing VNC ports (5901+) is insecure. Use SSH tunneling to encrypt traffic:

• On your local machine, run:

  ssh -L 5905:localhost:5901 -N -f user@<Ubuntu_Server_IP>
  

  • -L 5905:localhost:5901: Maps local port 5905 to the server’s 5901 (VNC port).
  • -N: Prevents opening a shell on the server.
  • -f: Runs SSH in the background.
• In your VNC client, connect to localhost:5905 instead of the server’s IP.

Optional: Auto-Start VNC on Boot
To ensure VNC starts automatically after a system reboot, enable the systemd service (step 4) and verify it’s active:

sudo systemctl is-enabled vncserver@:1.service  # Should return "enabled"

By following these steps, you can securely manage an Ubuntu system remotely via VNC, with options to customize the desktop environment and enhance security.