Introduction to TigerVNC
In today's world, remote access to Linux desks has become a need for both system administrators and for developers and domestic users. TigerVNC emerges as a powerful, light and open source solution that allows a Linux machine to be controlled from any other device using the VNC protocol. In this article we will explore step by step how to install, configure and use TigerVNC safely and efficiently.
What is TigerVNC?
TigerVNC is an implementation of the VNC server and client (Virtual Network Computing) derived from the TightVNC project. It is optimized to provide high performance in LAN environments and also works well on limited bandwidth connections thanks to its advanced compression. Its code is released under the GPL license, allowing its free use and community collaboration.
Advantages of TigerVNC against other alternatives
- Top performance in graphics and text thanks to improved compression algorithms.
- Support for TLS extensions that add end to end encryption.
- Multiplatform compatibility: customers available for Windows, macOS, Linux and mobile devices.
- Low resource consumption, ideal for virtual servers and machines.
- Frequent updates and an active community that fixes errors quickly.
Installation in popular Linux distributions
The easiest way to get TigerVNC is through the official repositories of each distribution. The commands for the three most used families are shown below.
Ubuntu and Debian
Update the package index and install the packagetigervnc-standalone-serverand the clienttigervnc-viewer:
sudo apt update\nsudo apt install tigervnc-standalone-server tigervnc-viewerFedora, CentOS and RHEL
In these distributions the package is calledtigervnc-serverfor the server andtigervncfor the customer:
sudo dnf install tigervnc-server tigervncArch Linux and derivatives
In Arch's official repositories we find both packages:
sudo pacman -S tigervncAfter installation, it is recommended to check the version withvncserver -versionto make sure that everything was installed correctly.
Basic TigerVNC server configuration
The first step is to create an access password for the VNC service. We'll use the command.vncpasswdwhich will request a key and optionally a read-only one.
vncpasswdThis password is saved in the file
~/.vnc/passwdwith restricted permits.Then we start the server by specifying the display number that we want to use. For example, for the screen
:1:
vncserver :1 -geometry 1920x1080 -depth 24The most common parameters are:
-geometry: defines virtual desktop resolution.-depth: color depth in bits (8, 16 or 24).-localhost: restricts access only to the local machine, useful when combined with an SSH tunnel.
To stop the server is usedvncserver -kill :1. If you want the service to start automatically when starting, you can create a unit file or add the call tovncserverin the file~/.xinitrcaccording to distribution.
Connection from TigerVNC customers
Once the server is running, it is enough to open the VNC client and point to the IP address of the Linux machine followed by the corresponding screen number and port (by default 5900 + screen number). For example, for the screen:1The port is 5901.
Linux Customer
Runvncviewer IP_DEL_SERVIDOR:5901or use the graphical interface oftigervnc-viewer.
Customer on Windows
Download the TigerVNC installer from the official site, install it and writeIP_DEL_SERVIDOR:5901in the connection field.
Customer in macOS
MacOS users can use the integrated Screen Sharing client (vnc: / /) or install TigerVNC using Homebrew:brew install --cask tigervnc.
Best security practices
Although TigerVNC includes support for TLS encryption, by default the VNC traffic is not encrypted, so it is always recommended to wrap the connection in an SSH tunnel or enable TLS.
Use of SSH tunnel
From the client machine, create a tunnel that redirects the local port to the remote port of the server:
ssh -L 5901:localhost:5901 usuario@IP_DEL_SERVIDORThen connect the VNC client tolocalhost:5901. All traffic will travel encrypted through SSH.
Enable TLS encryption
If you prefer not to rely on SSH, you can generate a self-signed certificate and tell TigerVNC to use it:
vncserver :1 -TLSOnly 1 -X509Cert ~/.vnc/server.crt -X509Key ~/.vnc/server.keyRemember to distribute the public certificate to trusted customers.
Other recommendations
- Use strong passwords and change them periodically.
- Disable read-only access if you don't need it.
- Limit access by firewalls (ufw, firewall) allowing only authorized PIs.
- Keep the package up to date to benefit from safety patches.
Common problem solution
Although TigerVNC is quite stable, some inconvenience may appear. Here we list the most frequent and how to solve them.
Black or grey screen when connecting
This is usually because the desktop environment does not start properly. Check that file~/.vnc/xstartupcontains the appropriate lines to launch your window manager, for example:
#!/bin/sh\nxrdb $HOME/.Xresources\nstartxfce4 &Make sure the file has execution permission (chmod +x ~/.vnc/xstartup).
Connection error rejected
Check that the server is actually listening in the expected port withnetstat -tlnp | grep 5901. If it does not appear, restart the server or review the log in~/.vnc/*.log.
Slow performance or high latency
Reduces color depth (-depth 8) or the resolution (-geometry 1280x720) and enable JPEG compression if available. In addition, use an SSH tunnel with compression (ssh -C) can improve experience in slow links.
Permission problems in the password file
The file~/.vnc/passwdmust be accessible only by the owner (chmod 600 ~/.vnc/passwd). Permissions more laxity will make the server refuse to start.
Conclusion
TigerVNC is one of the best options for remote access to Linux desks thanks to its combination of performance, security and ease of use. Following the installation, configuration and security practices described in this article, you can enjoy a fluid and protected remote access in both domestic and professional environments. Do not hesitate to experiment with the different compression and encryption options to adapt the solution to your specific needs.
