Complete guide to TigerVNC: installation, configuration, and usage on Linux

Posted on by BlockmyIP | Category: Linux Programs

Introduction to TigerVNC

In today’s world, remote access to Linux desktops has become a necessity for both system administrators and developers as well as home users. TigerVNC emerges as a powerful, lightweight, and open-source solution that allows you to control a Linux machine from any other device using the VNC protocol. In this article we will explore step by step how to install, configure, and use TigerVNC securely and efficiently.

What is TigerVNC?

TigerVNC is an implementation of the VNC (Virtual Network Computing) server and client derived from the TightVNC project. It is optimized to deliver high performance in LAN environments and also works well over low-bandwidth connections thanks to its advanced compression. Its code is released under the GPL license, allowing free use and community collaboration.

Advantages of TigerVNC over other alternatives

  • Superior performance in graphics and text thanks to improved compression algorithms.
  • Support for TLS extensions that add end-to-end encryption.
  • Cross-platform compatibility: clients available for Windows, macOS, Linux, and mobile devices.
  • Low resource consumption, ideal for servers and virtual machines.
  • Frequent updates and an active community that quickly fixes bugs.

Installation on popular Linux distributions

The easiest way to obtain TigerVNC is through the official repositories of each distribution. Below are the commands for the three most used families.

Ubuntu and Debian

Update the package index and install the tigervnc-standalone-server package and the tigervnc-viewer client:

sudo apt update\nsudo apt install tigervnc-standalone-server tigervnc-viewer

Fedora, CentOS, and RHEL

In these distributions the package is called tigervnc-server for the server and tigervnc for the client:

sudo dnf install tigervnc-server tigervnc

Arch Linux and derivatives

In the official Arch repositories we find both packages:

sudo pacman -S tigervnc

After installation, it is recommended to verify the version with vncserver -version to ensure everything was installed correctly.

Basic TigerVNC server configuration

The first step is to create an access password for the VNC service. We will use the vncpasswd command, which will prompt for a password and optionally a view-only password.

vncpasswd
This password is stored in the file ~/.vnc/passwd with restricted permissions.
Next, we start the server specifying the display number we want to use. For example, for display :1:
vncserver :1 -geometry 1920x1080 -depth 24

The most common parameters are:

  • -geometry: defines the virtual desktop resolution.
  • -depth: color depth in bits (8, 16, or 24).
  • -localhost: restricts access to the local machine only, useful when combined with an SSH tunnel.

To stop the server use vncserver -kill :1. If you want the service to start automatically at boot, you can create a systemd unit file or add the call to vncserver in the ~/.xinitrc file according to your distribution.

Connecting from TigerVNC clients

Once the server is running, simply open the VNC client and point to the Linux machine's IP address followed by the display number and the corresponding port (by default 5900 + display number). For example, for display :1 the port is 5901.

Linux client

Run vncviewer IP_DEL_SERVIDOR:5901 or use the graphical interface of tigervnc-viewer.

Windows client

Download the TigerVNC installer from the official site, install it, and enter IP_DEL_SERVIDOR:5901 in the connection field.

macOS client

macOS users can use the built-in Screen Sharing client (vnc://) or install TigerVNC via Homebrew: brew install --cask tigervnc.

Security best practices

Although TigerVNC includes support for TLS encryption, by default VNC traffic is not encrypted, so it is recommended to always wrap the connection in an SSH tunnel or enable TLS.

Using an SSH tunnel

From the client machine, create a tunnel that redirects the local port to the remote port on the server:

ssh -L 5901:localhost:5901 usuario@IP_DEL_SERVIDOR

Then connect the VNC client to localhost:5901. All traffic will travel encrypted through SSH.

Enabling TLS encryption

If you prefer not to depend on SSH, you can generate a self-signed certificate and tell TigerVNC to use it:

vncserver :1 -TLSOnly 1 -X509Cert ~/.vnc/server.crt -X509Key ~/.vnc/server.key

Remember to distribute the public certificate to trusted clients.

Other recommendations

  • Use strong passwords and change them periodically.
  • Disable view-only access if you don't need it.
  • Limit access via firewalls (ufw, firewalld) allowing only authorized IPs.
  • Keep the package updated to benefit from security patches.

Troubleshooting common issues

Although TigerVNC is quite stable, some inconveniences may appear. Here we list the most frequent ones and how to solve them.

Black or gray screen when connecting

This is usually due to the desktop environment not starting correctly. Verify that the file ~/.vnc/xstartup contains the appropriate lines to launch your window manager, for example:

#!/bin/sh\nxrdb $HOME/.Xresources\nstartxfce4 &

Make sure the file has execute permission (chmod +x ~/.vnc/xstartup).

Connection refused error

Check that the server is actually listening on the expected port with netstat -tlnp | grep 5901. If it does not appear, restart the server or review the logs in ~/.vnc/*.log.

Slow performance or high latency

Reduce the color depth (-depth 8) or resolution (-geometry 1280x720) and enable JPEG compression if available. Additionally, using an SSH tunnel with compression (ssh -C) can improve the experience on slow links.

Permission problems with the password file

The file ~/.vnc/passwd must be

This post is also available in ESPAÑOL.

Leave a Reply

Your email address will not be published. Required fields are marked *

Esta obra está bajo una Licencia Creative Commons Atribución 4.0 Internacional para Francesc Roig francesc@vivaldi.net .