How to Set Up VNC from Windows to Fedora 14 Over the Internet 39

Installing the VNC server in Fedora 14 is a little bit different than I described it for Fedora 12, so here are some updated instructions for setting up VNC in Fedora 14 and connecting to it via Windows over the Internet.

Step 1: Make sure SSH is Running

In all versions prior to Fedora 14, SSH is turned on by default. However, this is no longer the case with Fedora 14. Before being able to connect to your Fedora 14 box over a network, you must have physical access to the machine and explicitly enable SSH from the console. To do this, log in as root and do:

service sshd start
chkconfig sshd on

You should also make sure that your firewall settings (if any) allow remote access to port 22 (the default SSH port). I’ve also written a separate blog post on steps you can take to secure SSH on your server.

Step 2: Install TigerVNC Server on the Remote Fedora 14 Box

The TigerVNC server package may have been installed by default on your Fedora 14box when you installed the OS, but to make sure, become root (or sudo) and type:

yum install tigervnc-server

If it’s already installed, Fedora will let you know. If it’s not, it will be now!

Step 3: Configure Screen Resolutions, Port Number, and Users on the Remote Fedora 14 Box

The /etc/sysconfig/vncservers file controls which users are allowed to access your Fedora box via VNC, as well as what ports they will connect to, and what screen resolutions each of those users will use when connecting. As root (or with sudo), open the /etc/sysconfig/vncservers file with your favorite text editor and find the lines at the bottom that look something like this:

# VNCSERVERS="2:myusername"
# VNCSERVERARGS[2]="-geometry 800x600 -nolisten tcp -localhost"
Uncomment those lines, then change “myusername” to your Linux username on the first line. On the second line, change the geometry to whatever screen resolution you’d like for your desktop when remotely connecting (to avoid seeing scroll bars, make sure it’s smaller than the size of your local desktop), and then, for right now, remove the default -localhost option. We’ll test your VNC connection without it first, and then add that option back later when we’re sure VNC is working. Assuming your Linux username was clyde, those lines should now read:
VNCSERVERARGS[2]="-geometry 1024x768 -nolisten tcp"
This tells the VNC server to set up VNC display port #2 (the default for remote access) to for clyde to connect with a screen resolution of 800×600.

Step 4: Configure the VNC Desktop Environment and Password

For the next step, you should be logged in to your Fedora box as the user whose desktop you’ll want to access. If you’re already logged in as root, and your username is clyde, type:

su - clyde

The hyphen is important, as it will load the local path for clyde, which we’ll need for the next step. Now type:


This will run the vncserver program, and will set up default versions of the necessary desktop environment files for whichever user ran the program (in this case, clyde).

The first time you run vncserver, it will look like this:

You will require a password to access your desktops.

xauth:  creating new authority file /home/stevej/.Xauthority

New 'server.hostname:1 (clyde)' desktop is server.hostname:1

Creating default startup script /home/clyde/.vnc/xstartup
Starting applications specified in /home/clyde/.vnc/xstartup
Log file is /home/clyde/.vnc/server.hostname:1.log

When it prompts you for a password, this will be your VNC password, which you’ll use to connect to your remote desktop. If you choose, this can be different than your Linux account password. If you ever want to change your VNC password, just type vncpasswd while logged on as the user whose password you want to change.

The newly created files will be in  the .vnc directory under the user’s home directory (for our example, /home/clyde/.vnc). Using your favorite text editor, edit the /home/username/.vnc/xstartup file.

Go to the bottom of the file, comment out the twm & line, and then add a line that tells VNC to start your desktop of choice. If you want a GNOME desktop, the last two lines should read:

# twm &
startx &

If you prefer a KDE desktop, they should read:

# twm &
startkde &

Step 5: Start the VNC Server Service

To start and stop services, you’ll need to be logged in as root. If you’re still logged in as a different user, type exit to get back to the root user. Make sure any previous instance of vncserver service is stopped by typing:

service vncserver stop

If you get a FAILED message in reply, it’s OK. That just means that the server wasn’t running.

Now, start the service with all the settings you’ve entered with:

service vncserver start

You should get a success message that says something like:

Starting VNC server: 2:clyde
New 'server.hostname:2 (clyde)' desktop is server.hostname:2
Starting applications specified in /home/clyde/.vnc/xstartup
Log file is /home/clyde/.vnc/server.hostname:2.log

If you get a FAILED message, double-check the previous steps. Check for typos in the /etc/sysconfig/vncservers file, such as username, and make sure that you don’t have any spaces in the screen resolution parameter.

Step 6: Allow sshd to Forward Ports (SELinux users only)

Check to see if you have SELinux enabled on your system with:


If you get a reply that says it’s disabled, you can skip to the next step. If it is enabled, then you need to allow the sshd daemon to forward ports – otherwise, you’ll only be able to connect over the local network. Tell SELinux that sshd can forward ports with:

setsebool -P sshd_forward_ports 1

(Thanks to James Butler for pointing this out!)

Step 7: Configure Firewall Settings

If you have the Linux Firewall turned off on your Fedora 14 box, you can skip this step.

If you’re using the built-in firewall on your Fedora 14 box, you’ll need to tell it to allow incoming connections on the port you set up in Step 2 above. The number(s) you used in the VNCSERVERS= line(s) of the /etc/sysconfig/vncservers file determine which port numbers VNC will listen on. Our example used VNCSERVERS=”2:clyde”, which means you’d need to open port 5902 in your firewall. If you set up other users and/or other ports, then you’ll need to open those as well: 1=port 5901, 2= port 5902, 3=port 5903, etc.

To add the appropriate port(s) to your firewall, edit the /etc/sysconfig/iptables file and add the following line:

 -A INPUT -m state --state NEW -m tcp -p tcp --dport 5902 -j ACCEPT

If you’re using additional ports for VNC, add a separate line for each.

The following line should already appear somewhere in your /etc/sysconfig/iptables file, but if it isn’t there for some reason, now is a good time to add it so you can connect to your VNC server securely in a later step:

-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT

Once you’ve added the appropriate line(s), restart your firewall with:

service iptables restart

Step 8: Configure Router Port Forwarding

If your network lives behind a router (and most home-based broadband users’ networks do), and you only want to access your Fedora 14 desktop from inside the same local network, then you don’t need to mess with port forwarding on your router and can skip to the next step.

If the only way you plan on connecting to your Fedora 14 desktop over the Internet is via a secure SSH tunnel (which is what I recommend), then you’ll need to verify that you’ve properly forwarded port 22 (the default SSH port) on your router to the internal IP address of your Fedora 14 box. If you’re able to SSH into your Fedora 14 box from outside your router, then you’ve already got things forwarded properly. Check your router’s instructions (or the instructions for your router’s firmware if you’re using something like DD-WRT or Tomato) on how to set up port forwarding.

If you would like to connect to your Fedora 14 desktop over the Internet without a secure SSH tunnel (and I would recommend doing this only for testing and troubleshooting purposes and only when first getting things set up), then you’ll need to forward the appropriate VNC port(s) from your router to your Fedora 14 box (we used port 5902 in our example). Again, this is recomended only for testing purposes, as it is not a secure connection.

Step 9: Install a VNC Client on Windows

Because it’s lightweight, stable, supports the secure connection we’ll be setting up in a minute, and completely FREE, I recommend TightVNC client, which can be downloaded here. But there are many other good VNC clients available out there, including RealVNC, and an interesting one called Terminals, which allows you to set up multiple tabs in one application with both Windows RDC and Linux VNC connections, kind of like tabs in your Web browser.

So download and install the VNC client of your choice.

Step 10: Connect to your VNC Server

Open your VNC client and connect to the appropriate IP address of your Fedora 14 box and the port that you chose in /etc/sysconfig/vncservers.

If you’re connecting from inside your network and the IP address of your Fedora 14 box is, then to connect to port #2 as in our example, you’d connect to

If you’re connecting from outside your nework and want to connect to port #2 as in our example, then use your WAN IP and VNC port instead, as in 222.33.444.55:5902.

You’ll be prompted for the VNC password you set up in an earlier step, and the desktop you configured in /home/username/.vnc/xstartup should display.

If you are unable to connect, go back and carefully re-check each step. It’s probably a very simple typo or a small thing you forgot.

Step 11: Connect to your VNC Server with SSH Tunneling

Now that you know your VNC server is running properly, it’s time to secure things. This isn’t necessary when connecting to your Fedora 14 box via VNC inside a trusted network. But if you want to connect over the Internet, you really should take this extra step, which will only take a couple of minutes to configure.

First, you’ll need a Windows SSH client. I use SecureCRT (which is a commercial app with a free trial period), but you can also do it easily with a very popular freeware Windows SSH client called PuTTY.

The idea behind SSH tunneling is to establish a secure SSH connection between your Windows box and the remote Fedora 14 box, and then “tunnel” the VNC connection through your SSH connection. Don’t worry… it’s much easier than it sounds.

In SecureCRT: create a new connection to the IP address or hostname of your remote Fedora 14 box (or the external IP address of the router if you’re connecting from outside the local network). Under the Connection category, set the protocol to SSH2. In the SSH2 sub-category, use port 22, and be sure to use the username on the Fedora 14 box that you configured in /etc/sysconfig/vncservers (in our example, it was clyde). In the Port Fowarding sub-category, hit Add…, enter a descriptive name for the forwarded connection (such as VNC), then put the port number that corresponds to the number you set up in /etc/sysconfig/vncservers for that username in both port fields (in our example, both would be 5902). None of the checkboxes need to be selected. Save your new connection, then click Connect. A terminal window should appear, and you’ll be prompted for your username and password. Use your Fedora account username and password (which may be different than the VNC password you set up).

In PuTTY: enter the IP address or hostname of your remote Fedora 14 box (or the external IP address of the router if you’re connecting from outside the local network). Click the + next to the SSH sub-category, then click Tunnels. Enter the port number that corresponds to the number you set up in /etc/sysconfig/vncservers in the Source port field (in our example, it would be 5902), then enter localhost:5902 (or a different port if applicable) in the Destination field, then click on Add. Scroll up and click on the Session category. Type in a name for the session in the Saved Sessions field then press Save. Click Open to establish the connection. A terminal window should appear, and you’ll be prompted for your username and password. Use your Fedora account username and password (which may be different than the VNC password you set up).

You’ve essentially told your SSH client to “listen” for local connections to port 5902 on localhost (your Windows box), and then tunnel those connections over to port 5902 on the remote host (your Fedora 14 box) using your secure SSH connection.

Once your SSH connection is established (whether by SecureCRT, PuTTY, or some other client), open your VNC client viewer and connect to localhost:5902. The VNC client should establish the connection, prompt for the VNC password (which may not be the same as your Fedora account password), and then display the remote desktop.

Step 12: Securing Things and Tidying Up

To finish securing your VNC server, there are a few final steps you should take.

First, exit your VNC client (you can just close it), then exit your SSH tunneling session by typing exit from the command prompt. Re-connect to your Fedora 14 box with a standard (non-tunneling) SSH connection and become root. Edit the /etc/sysconfig/vncservers file and add the -localhost option to the VNCSERVERARGS line, so that it reads:

VNCSERVERARGS[2]="-geometry 1024x768 -nolisten tcp -localhost"

This option tells the VNC server not to accept remote connections from VNC clients without a secure tunnel.

Restart the VNC server with this new option by typing:

service vncserver restart

Next, if you forwarded port 5902 on your router (or any other ports for your VNC server) for testing purposes in Step 6 above, now would be a good time to undo that forwarding. You don’t need those ports forwarded anymore now that you’ve got SSH tunneling working. You do, however, still need the VNC ports open on your Fedora box’s firewall, so keep any /etc/sysconfig/iptables changes you made while setting up VNC.

Optional Step: Starting Multiple VNC Sessions

If you’d like to start multiple instances of the VNC server on your Fedora box, you can simply edit your /etc/sysconfig/vncservers file. Multiple instances are helpful if you want to allow multiple users to connect to the Fedora box via VNC. You can also set up multiple profiles for the same user, which is useful if you want to allow the same user to access the Fedora box from multiple  remote systems that may have different screen resolutions.

If you’d like to set up an additional user (we’ll use joe in this example), your /etc/sysconfig/vncservers file should include:

VNCSERVERS="2:clyde 3:joe"
VNCSERVERARGS[2]="-geometry 1024x768 -nolisten tcp -localhost"
VNCSERVERARGS[3]="-geometry 800x600 -nolisten tcp -localhost"

Notice that the VNCSERVERS= line has both users listed on the same line. This is important so that when the vncserver service starts, it will start for all users listed. Add a separate VNCSERVERARGS= line for each new user, along with whatever arguments you want. Note also that by using the #3, your VNC server will now also be listening on port 5903 for that user, so set up your firewall, tunnel, and/or VNC client appropriately to listen and/or forward all the ports you want to use.

If you’d like to set up multiple profiles for the same user, your /etc/sysconfig/vncservers file should include:

VNCSERVERS="2:clyde 3:clyde"
VNCSERVERARGS[2]="-geometry 1024x768 -nolisten tcp -localhost"
VNCSERVERARGS[3]="-geometry 800x600 -nolisten tcp -localhost"

Now when clyde connects to the VNCSERVER on port 2 5902, he’ll get 1024×768 desktop. If he connects on port 5903, he’ll get a separate login instance on a separate desktop at 800×600. It’s possible to be connected to both ports at the same time, and have two different desktops running.

Be sure to do a service vncserver restart after making any changes to /etc/sysconfic/vncservers. You should see output from all instances being started, such as:

Starting VNC server: 2:clyde
New 'server.hostname:2 (clyde)' desktop is server.hostname:2
Starting applications specified in /home/clyde/.vnc/xstartup
Log file is /home/clyde/.vnc/server.hostname:2.log
New 'server.hostname:3 (clyde)' desktop is server.hostname:3
Starting applications specified in /home/clyde/.vnc/xstartup
Log file is /home/clyde/.vnc/server.hostname:3.log


You’ve successfully set up your remote Fedora box to accept VNC connections securely. Enjoy your new Windows to Fedora 14 VNC connection!

UPDATE: If you’re trying to set up VNC on an RHEL 5.5 or a CentOS 5.5 box, I’ve made a new blog post that walks you through a couple additional steps.

  • Mark

    Thanks Steve for an excellent page!
    I had googled something about Windows VNC and Fedora 14, and there was your page; Just what was needed!

  • Pingback: Set up VNC from Windows to Fedora 12 Over the Internet | Steve Jenkins' Blog()

  • You’re welcome, Mark! Glad you got it up and running. 🙂

    • George Birsk

      Great page!
      Thanks for your flawless, step-by-step configuration of Vncservers. It helped well.

  • Jay Rome

    This is a good article/how-to, however you forgot that on Fedora 14 you’ll need to start the ssh service. Most will also want ssh on after they reboot: The following commands can be used:
    #service sshd start
    #chkconfig sshd on

    • Hi, Jay. Thanks for mentioning that. This howto was assuming that they already had already taken the necessary steps to get SSH running, but since it is such a major change from previous versions of Fedora, I’ll edit the post to include that. Thanks!

  • Bob Gustafson

    I am running Fedora 14 and have vnc running for user2 and user1. Your blog was helpful.

    It is more convenient to be able to see ‘my screen’ (:0) rather than either user2 or user3’s screens (sized differently for different clients).

    I could do it with x0vncserver, but I would like to use the X server that is already running – to save on CPU cycles.

    Have you worked this out?

    • Then your best bet would be to use vino. My systems default to runlevel 3, so I don’t have an X server running on boot (like you – to save on resources). Vino will allow you to essentially connect to the console session. I haven’t messed with it yet, but once I do I plan on writing a post about it. If you beat me to it, let me know! 🙂

  • Bob Gustafson

    I DO have an X server running on boot. And I want to.

    I just don’t want to have 2 or 3 X servers running.

    I could run x0vncserver, but that would be an additional one over the normal X server running my screen (as I understand it..)

  • Bob Gustafson

    x0vncserver does work..

    I have two screens on two different systems. All of a sudden, I had both screens the same. The mouse icon is better on the right screen though.

    It took awhile to get oriented so I could click ‘close’ on the duplicate screen (left).

    But I do have an ‘extra’ X server.

    • Cool! That’s probably a better approach than using vino, since vino requires you to already be logged on to the :0 session on the remote machine. How is it on resource usage?

    • After a little more searching, I don’t think there’s currently a way to connect directly to the :0 session on Fedora without running some sort of additional server. An alternative to x0vncserver that you may want to try is x11vnc. I just installed it and had it working in about 5 mins. What actually took the longest was rebooting my machine into runlevel 5. 🙂 I probably could have just done “startx” but I wanted to match your setup exactly.

      After the reboot I simply did “yum install x11vnc” and then ran “x11vnc -xkb” from the command line to test it out (the -xkb flag is required or it won’t let you use the SHIFT key over the VNC client for some reason). I opened up port 5900 in the Fedora firewall and was able to connect with TightVNC client to hostname:0. Of course, this is not very secure and I plan to tinker with this later to get it working over an SSH tunnel and with some additional password protection, but x11vnc is clearly another option for connecting to the :0 session. But it does flunk your “extra X-tra” requirement. Let me know if you find a solution that doesn’t, I’d be very interested to play with it!

  • Bob Gustafson

    I signed up with [email protected], sent my query, and got back the following reply from Henrique.

    > I would like to access my desktop remotely, but I am not overjoyed to
    > have to run x0vncserver.

    Make sure you have the

    Add these lines to the Screen section of your xorg.conf file:
    Option “SecurityTypes” “VncAuth”
    Option “UserPasswdVerifier” “VncAuth”
    Option “PasswordFile” “/path/to/vnc/passwd/file”
    and this line to the Module section:
    Load “vnc”

    Set the password with vncpasswd. Restart X and remote with
    vncviewer. All the above has worked for me for several Fedora
    releases, except for the cases when the module is occasionally

    — Henrique

    I don’t have an xorg.conf file and tigervnc-server-module is installed, but doesn’t do anything. I’m working on running Xorg -configure, but I need to start up in runlevel 1, (no X server running) to do it. More soon.

  • Bob Gustafson

    There are a number of ways to get an xorg.conf file. What I did:
    1) edit /etc/inittab to start at level 3 (instead of 5 which uses X)
    2) reboot, login as root, execute Xorg -configure
    3) edit /etc/inittab to start at level 5 (undo step 1)
    4) reboot, login, su to root, edit as per Henrique, put it into /etc/X11xorg.conf
    5) reboot
    6) on another computer, use vncviewer to connect to x.x.x.x:5900
    7) you should see a ‘mirror’ of your other screen

    • That’s great news – I will certainly try that myself, too. Thank you for searching that out!

      Because I moderate the comments, I think it blocks others from editing comments. But if you post a comment with an edit request, I can edit the commend and then delete the edit request comment. 🙂

  • Very good tutorial. I tried with System -> Preferences -> Remote Desktop in FC14 but that didn’t work. With your steps I made connection to my Fedora PC at work through VPN …

    Thank you!

  • peter

    well it works for root, but not for any other users. what could i possibly have forgotten. my firewall is open for the respective ports as well.

  • peter

    to add to my comment. i am getting a blank/black screen for users other than root.

  • Peter: Check Step 4 and make sure the /home/{username}/.vnc/xstartup file for each non-root user has the correct startup command on the last line, and that the twm line is commented out.

  • James Butler

    Steve, great tutorial and much needed since there is no documentation this good that comes with any of the vnc servers that I could find. I am using tigervnc on Fedora 14 accessing from Windows Server 2003, Windows XP, and Windows 7 computers. I was able to successfully connect and get logged into a desktop just on my local network. But when I tried to do it over the Internet using putty and tiger vncviewer, it would not connect. I was able to connect to my box via ssh with putty but then when I try to connect to localhost:5902 with tiger vncviewer is says connection refused. I setup putty with my wan ip of my router and added 5902 and localhost in ssh/tunneling section. Any suggestions?

  • James Butler

    Well, I figured out what the problem was! SELinux!
    To allow port connections through ssh, you have to allow sshd to forward ports. You do that like this: setsebool -P sshd_forward_ports 1.
    You have to do this as the root user of course. Maybe you could add this detail to your tutorial.

    • Ahh, James. Yes – that would do it. If you read my “What I do to a vanilla Linux server” article, you’ll see that one of the first things I do on a new box is disable SELinux. 🙂 But I’ll add this info to the article to benefit anyone else who is running SELinux. Thanks!

  • J.K.

    I would just like to say that this guide actually works. I’ve tried a lof of these ‘Set up VNC from Windows to Fedora’ guides and this one is the only one that works. Well, to be fair, for some reason, it didn’t work without SSH (TightVNC goes to :1 even though I use the :5902), but I’m not comfortable using it without SSH 2 anyways, so it all works out in the end.

    You should put up PayPal donate button so I could really show my gratitude.


  • Thanks, J.K. I’m glad it worked for you. I appreciate the generous thought about the PayPal Donate button, but happy comments are all the payment I need. 🙂

  • Thanks Steve jenkins.
    Great tutorial, it`s quick and works.

  • Pingback: VNC through a SSH tunnel « Linux @

  • Pingback: Confluence: Wiki()

  • Steve,
    Thanks for the helpful steps. This got me up and running with an internet accessible VNC server in no time.

    A couple of things I noticed while going through these steps. First, if you want the vncserver service to persist, you should do
    # checkconfig --levels 345 vncservice on

    The second point is that if you are going to be SSH tunnelling to the server, there is no need to open up the firewall for ports 5902 … It works fine for me without this step.

  • Kerry

    Great post! Well written with very clear instructions. Exactly what I was looking for to connect to my lab machine with my iPad. Fedora 14 is one of the systems I have set up for my CEH training and I like being able to get to it so easily.
    Thanks for writing this up.

  • Clayton Curtis

    I echo the earlier comment about the value of this post!! Thanks!!

    Any guidance on Fedora 15?

    Also, another source of guidance recommended using
    exec gnome-session &
    instead of
    startx &


  • Uli Barkow

    Great help even for newbie like me.
    My Box has a Dual Head graphic card, monitor 0 and 1 are independant (i cannot move windows between the screens).
    Is there a way to remote control both screens ?


  • Oscar

    Hi, it looks a good how-to, very complete, just a question: This guide would work perfect with Fedora 12 too right?

    • Hi, Oscar. Actually, the exact steps for Fedora 12 are linked in the first paragraph.

  • Tim

    Thanks for providing us these great instructions. They have served me well until my recent Fedora 16 upgrade. The procedures have changed significantly, and can be found in the bottom portion of the following page:


  • Sam

    Steve –
    I can’t begin to thank you enough for this thorough list of instructions!

    After grappling with this for a whole day, I finally found this page and it worked immediately (on Fedora 14, runlevel 3).

    Many thanks again!


  • Jim Snyder

    if you’re using tigervnc (default vncserver on Fedora14, I think) vncviewer provides ssh hooks internally:

    vncviewer -via localhost remotehost:PortNumber

    (I don’t guarantee that that’s the secure/correct/whatever way to set up the tunnel, check vncviewer -h and look for the -via explanation, but it works. Don’t run vncviewer in the background if you have a passphrase on your ssh key on remotehost, of course.)

    If you’re always connecting to an existing desktop session, then you might as well disable vncserver, because the xorg.conf vnc module provides the service. I didn’t find it necessary to move /etc/sysconfig/vncservers out of the way.

  • Jim Snyder

    sorry, I said that wrong, it’s not

    vncviewer … remotehost:PortNumber


    vncviewer … remotehost:DisplayNumber

    duh. Typing before thinking.

  • Mike Roger

    This is a great article in regards to setting up VNC from Windows. Additionally, one may even consider deploying on premise RHUB remote support appliances in order to remotely access computers from anywhere.

  • Pingback: How to set up remote control from Windows 7 to CentOS 5.5 | Researcher and Developer()