Credit: This is more or less this DigitalOcean post with my own notes thrown in.
I don’t like using VNC on my Pi because of the hefty resource requirements for a desktop environment, but I wanted to get a G Photos token for rclone so I could sync off a bunch of 360 videos eating up all my G Drive space, and I needed a graphical web browser to do that.
1. Install XFCE
This is only required if you don’t already have a desktop environment. You can also use another desktop environment, but XFCE is pretty lightweight.
When you’re prompted to do so, pick gdm3 or lightdm display manager. I picked lightdm because it uses less resources. Here’s an article comparing the display managers.
Side note:
During installation, I got some errors.
I found this article, but it didn’t help me. So I uninstalled and reinstalled everything thinking I could select gdm3 maybe not encounter the same issues, but it didn’t prompt me, and since it worked anyway, I didn’t bother figuring it out. If you know why those errors occurred, please leave a comment.
2. Install and configure TightVNC Server
You could use another VNC server, but TightVNC works for me. Also, there’s a PortableApps version of the client which I can install on a USB stick and use on any Windows machine. Anyways, install the server.
Run the server for the first time. This will initialize its configuration.
You should be prompted to enter a password and get some output like:
You will require a password to access your desktops.
Password:
Verify:
Would you like to enter a view-only password (y/n)? n
xauth: file /home/ubuntu/.Xauthority does not exist
New 'X' desktop is localhost:1
Creating default startup script /home/ubuntu/.vnc/xstartup
Starting applications specified in /home/ubuntu/.vnc/xstartup
Log file is /home/ubuntu/.vnc/localhost:1.log
Notice that it created a startup script ~/.vnc/xstartup. You’ll need to edit that file to get XFCE to work, but shut down the server first.
Back up the original ~/.vnc/xstartup.
Create a new ~/.vnc/xstartup with the following contents:
Make it executable.
The VNC server should work now, but VNC traffic is unencrypted, so if you care about people being able to snoop on what you’re typing (like passwords!) and whatever else you’re doing on your VNC connection, you should set up a SSH tunnel to encrypt your traffic.
3. Run the server securely
Run the VNC server such that it only accepts local connections.
4. Securely connect to the server
Set up a SSH tunnel from your local machine to the remote server. This is how you’ll make the VNC connection “locally”.
On your local machine (the VNC client), run the following command, replacing <remote user> with your username on the server and <remote host> with the server’s hostname or IP address. You can also change 59001 to a different port if you want, but make the port isn’t already being used by another service and it’s above 1024.
ssh -L 59001:localhost:5901 -C -N -l <remote user> <remote host>
On your VNC client, connect to localhost:59001 (or whatever port you used) and you should see your Pi desktop.
That’s it, but if it doesn’t work for you, I’d be interested to hear about it in the comments.
Echoic Dev 