Armbian: Access the Remote Desktop of Orange Pi with VNC

Orange Pi (and Raspberry Pi) are mini PCs cards that are very often used remotely without screen (neither keyboard nor mouse). In some cases, or if you start on Linux, you would like with a graphical access to the Linux desktop. In this tutorial we will learn how to install and configure a Virtual Network Computing (VNC) server on the Armbian distribution that is very well suited to Orange Pi.

Install the TightVNC server on Armbian

TightVNC (official project page) is a lightweight VNC server that runs on all Linux distributions as well as on Windows. Before installing it, it is best to update the system.

sudo apt-get update && apt-get upgrade

When finished, install TightVNC.

sudo apt-get install tightvncserver

Create a VNC User

It is possible to connect to your Orange Pi or Raspberry Pi with your usual user but for security, it is better to add a dedicated user to this situation.

Change user to root (if not).

su -

Add a new user to the system with the adduser command and answer questions (password, optional questions).

# adduser vnc
Adding user `vnc' ...
Adding new group `vnc' (1001) ...
Adding new user `vnc' (1001) with group `vnc' ...
Creating home directory `/home/vnc' ...
Copying files from `/etc/skel' ...
Enter new UNIX password: 
Retype new UNIX password: 
passwd: password updated successfully
Changing the user information for vnc
Enter the new value, or press ENTER for the default
    Full Name []: VNCuser
    Room Number []: 
    Work Phone []: 
    Home Phone []: 
    Other []: 
Is the information correct? [Y/n] Y

This user is given the right to use the sudo command (if you want to install new packages remotely).

# gpasswd -a vnc sudo
Adding user vnc to group sudo

Start the VNC server manually

Change user

su - vnc

Now we start the VNC server on port 1. On first launch, you will have to specify the password necessary to authenticate you from a client.

$ vncserver :1

You will require a password to access your desktops.

Password: 
Verify:   
Would you like to enter a view-only password (y/n)? n 
xauth:  file /home/vnc/.Xauthority does not exist

New 'X' desktop is orangepilite:1

Creating default startup script /home/vnc/.vnc/xstartup
Starting applications specified in /home/vnc/.vnc/xstartup
Log file is /home/vnc/.vnc/orangepilite:1.log

Know the settings of the active server

If you need to know the current settings of the active VNC server, run the following command

$ ps -ef | grep Xtightvnc
vnc       1551     1  0 13:07 ?        00:00:00 Xtightvnc :1 -desktop X -auth /home/vnc/.Xauthority -geometry 1024x768 -depth 16 -rfbwait 120000 -rfbauth /home/vnc/.vnc/passwd -rfbport 5901 -fp /usr/share/fonts/X11/misc/,/usr/share/fonts/X11/Type1/,/usr/share/fonts/X11/75dpi/,/usr/share/fonts/X11/100dpi/ -co /etc/X11/rgb -localhost
vnc       1801  1772  0 13:25 pts/2    00:00:00 grep Xtightvnc

One can thus know on which port is returned the stream (-rfbport), the resolution of the generated image (-geometry) …

Stop a VNC server

To stop a VNC server, use the following command followed by the screen. 1 by default

vncserver -kill :1

Connect from a client

There are many VNC clients for all platforms (macOS, Windows, Linux …) and for smartphones (iOS, Android …). RealVNC (website) is available on all platforms (including mobile). It is free for personal use. If you prefer to stay in projects 100% Open Source and free, pledge of privacy, you can turn to UltraVNC (official page of the project).

Start your client and enter the IP address of your Orange PI (or any VNC server) followed by the port on which it is started. By default it will be 1. By default, the connection is not encrypted. It is not very annoying when you connect to a post on its own network but be careful if you access your office remotely because everything will transit in clear on the internet …

Accept the warning message.

realvnc-avertissement-connexion-non-cryptee

You are now connected to your desktop.

tightvnc vnc armbian orange pi

Create a systemd service to start VNC automatically at startup

Let’s start by stopping the server running

vncserver -kill :1

We will create a new script that will run at startup like any other service.

sudo nano /usr/local/bin/monserveurvnc

Paste the content into the script. This script contains three commands: start, stop and restart the VNC server.

#!/bin/bash
PATH="$PATH:/usr/bin/"
DISPLAY="1"
DEPTH="16"
GEOMETRY="1024x768"
OPTIONS="-depth ${DEPTH} -geometry ${GEOMETRY} :${DISPLAY}"

case "$1" in
start)
/usr/bin/vncserver ${OPTIONS}
;;

stop)
/usr/bin/vncserver -kill :${DISPLAY}
;;

restart)
$0 stop
$0 start
;;
esac
exit 0

Save with CTRL+X then Y.

We make this script executable

sudo chmod +x /usr/local/bin/monserveurvnc

We can now execute the commands proposed by this script manually like this

sudo /usr/local/bin/monserveurvnc start
sudo /usr/local/bin/monserveurvnc stop
sudo /usr/local/bin/monserveurvnc restart

Now let’s add a script (Unit file) that will allow to manage VNC as a service with systemd.

sudo nano /lib/systemd/system/monserveurvnc.service

And past this script

[Unit]
Description=Manage VNC Server on this droplet

[Service]
Type=forking
ExecStart=/usr/local/bin/monserveurvnc start
ExecStop=/usr/local/bin/monserveurvnc stop
ExecReload=/usr/local/bin/monserveurvnc restart
User=vnc

[Install]
WantedBy=multi-user.target

We restart systemd to take account of the new service. Then you start the VNC server using systemd

sudo systemctl daemon-reload
sudo systemctl enable monserveurvnc.service

Now we have 4 commands to start, stop, re-start and know the status (status) of the VNC service.

sudo systemctl start monserveurvnc.service
sudo systemctl stop monserveurvnc.service
sudo systemctl restart monserveurvnc.service
sudo systemctl status monserveurvnc.service

Securing the VNC Server with an SSH Tunnel

We will now secure the connection by passing the connection through an SSH tunnel. Let’s go.

We start by stopping the service.

sudo systemctl stop monserveurvnc.service

Then we open the configuration file

sudo nano /usr/local/bin/monserveurvnc

Modify the OPTIONS line by adding the -localhost option to the end like this

OPTIONS="-depth ${DEPTH} -geometry ${GEOMETRY} :${DISPLAY} -localhost"

Save with CTRL+X then Y.

And finally we restart the VNC service.

sudo systemctl start monserveurvnc.service

Opening an SSH tunnel

To access securely, we must already create an SSH tunnel through which we will pass all the exchanges between the client and the VNC server. On Windows, you can use Putty, on MacOS or Linux, you will use the Terminal simply.

On Putty, in the left menu, go to Connection -> SSH -> Tunnels.

In the Add New Forwarded Port section, enter 5901 in the Source port field and localhost: 5901 as the Destination. Click the Add button to finish

putty windows tunnel ssh

On macOS or Linux, run the following command and enter your password.

ssh vnc@IP_VNC_SERVER -L 5901:localhost:5901

Now, in your VNC client, replace the IP of the VNC server with localhost: 5901. Disregard the warning message, the connection is not secure between your computer and your computer! Everything that comes out (and goes back) now passes through the SSH tunnel.

Orange Pi Comparison Chart

  • Model
  • SoC
  • RAM
  • eMMC storage
  • WiFi
  • Bluetooth
  • GPRS
  • FCC/CE certificated
  • Connector (!not compatible with Raspberry Pi)
  • Misc
  • Best prices

Subscribe to the weekly newsletter

No spam and no other use will be made of your email. You can unsubscribe anytime.

Tags:

DIY Projects