Orange Pi (and Raspberry Pi) are mini PCs cards that are very often used remotely without screen (neither keyboard nor mouse). In some cases, or if you start on Linux, you would like with a graphical access to the Linux desktop. In this tutorial we will learn how to install and configure a Virtual Network Computing (VNC) server on the Armbian distribution that is very well suited to Orange Pi.
Contents
Install the TightVNC server on Armbian
TightVNC (official project page) is a lightweight VNC server that runs on all Linux distributions as well as on Windows. Before installing it, it is best to update the system.
sudo apt-get update && apt-get upgrade
When finished, install TightVNC.
sudo apt-get install tightvncserver
Create a VNC User
It is possible to connect to your Orange Pi or Raspberry Pi with your usual user but for security, it is better to add a dedicated user to this situation.
Change user to root (if not).
su -
Add a new user to the system with the adduser command and answer questions (password, optional questions).
# adduser vnc
Adding user `vnc' ...
Adding new group `vnc' (1001) ...
Adding new user `vnc' (1001) with group `vnc' ...
Creating home directory `/home/vnc' ...
Copying files from `/etc/skel' ...
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Changing the user information for vnc
Enter the new value, or press ENTER for the default
Full Name []: VNCuser
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n] Y
This user is given the right to use the sudo command (if you want to install new packages remotely).
# gpasswd -a vnc sudo Adding user vnc to group sudo
Start the VNC server manually
Change user
su - vnc
Now we start the VNC server on port 1. On first launch, you will have to specify the password necessary to authenticate you from a client.
$ vncserver :1 You will require a password to access your desktops. Password: Verify: Would you like to enter a view-only password (y/n)? n xauth: file /home/vnc/.Xauthority does not exist New 'X' desktop is orangepilite:1 Creating default startup script /home/vnc/.vnc/xstartup Starting applications specified in /home/vnc/.vnc/xstartup Log file is /home/vnc/.vnc/orangepilite:1.log
Know the settings of the active server
If you need to know the current settings of the active VNC server, run the following command
$ ps -ef | grep Xtightvnc vnc 1551 1 0 13:07 ? 00:00:00 Xtightvnc :1 -desktop X -auth /home/vnc/.Xauthority -geometry 1024x768 -depth 16 -rfbwait 120000 -rfbauth /home/vnc/.vnc/passwd -rfbport 5901 -fp /usr/share/fonts/X11/misc/,/usr/share/fonts/X11/Type1/,/usr/share/fonts/X11/75dpi/,/usr/share/fonts/X11/100dpi/ -co /etc/X11/rgb -localhost vnc 1801 1772 0 13:25 pts/2 00:00:00 grep Xtightvnc
One can thus know on which port is returned the stream (-rfbport), the resolution of the generated image (-geometry) …
Stop a VNC server
To stop a VNC server, use the following command followed by the screen. 1 by default
vncserver -kill :1
Connect from a client
There are many VNC clients for all platforms (macOS, Windows, Linux …) and for smartphones (iOS, Android …). RealVNC (website) is available on all platforms (including mobile). It is free for personal use. If you prefer to stay in projects 100% Open Source and free, pledge of privacy, you can turn to UltraVNC (official page of the project).
Start your client and enter the IP address of your Orange PI (or any VNC server) followed by the port on which it is started. By default it will be 1. By default, the connection is not encrypted. It is not very annoying when you connect to a post on its own network but be careful if you access your office remotely because everything will transit in clear on the internet …
Accept the warning message.
You are now connected to your desktop.
Create a systemd service to start VNC automatically at startup
Let’s start by stopping the server running
vncserver -kill :1
We will create a new script that will run at startup like any other service.
sudo nano /usr/local/bin/monserveurvnc
Paste the content into the script. This script contains three commands: start, stop and restart the VNC server.
#!/bin/bash
PATH="$PATH:/usr/bin/"
DISPLAY="1"
DEPTH="16"
GEOMETRY="1024x768"
OPTIONS="-depth ${DEPTH} -geometry ${GEOMETRY} :${DISPLAY}"
case "$1" in
start)
/usr/bin/vncserver ${OPTIONS}
;;
stop)
/usr/bin/vncserver -kill :${DISPLAY}
;;
restart)
$0 stop
$0 start
;;
esac
exit 0
Save with CTRL+X then Y.
We make this script executable
sudo chmod +x /usr/local/bin/monserveurvnc
We can now execute the commands proposed by this script manually like this
sudo /usr/local/bin/monserveurvnc start sudo /usr/local/bin/monserveurvnc stop sudo /usr/local/bin/monserveurvnc restart
Now let’s add a script (Unit file) that will allow to manage VNC as a service with systemd.
sudo nano /lib/systemd/system/monserveurvnc.service
And past this script
[Unit] Description=Manage VNC Server on this droplet [Service] Type=forking ExecStart=/usr/local/bin/monserveurvnc start ExecStop=/usr/local/bin/monserveurvnc stop ExecReload=/usr/local/bin/monserveurvnc restart User=vnc [Install] WantedBy=multi-user.target
We restart systemd to take account of the new service. Then you start the VNC server using systemd
sudo systemctl daemon-reload sudo systemctl enable monserveurvnc.service
Now we have 4 commands to start, stop, re-start and know the status (status) of the VNC service.
sudo systemctl start monserveurvnc.service sudo systemctl stop monserveurvnc.service sudo systemctl restart monserveurvnc.service sudo systemctl status monserveurvnc.service
Securing the VNC Server with an SSH Tunnel
We will now secure the connection by passing the connection through an SSH tunnel. Let’s go.
We start by stopping the service.
sudo systemctl stop monserveurvnc.service
Then we open the configuration file
sudo nano /usr/local/bin/monserveurvnc
Modify the OPTIONS line by adding the -localhost option to the end like this
OPTIONS="-depth ${DEPTH} -geometry ${GEOMETRY} :${DISPLAY} -localhost"
Save with CTRL+X then Y.
And finally we restart the VNC service.
sudo systemctl start monserveurvnc.service
Opening an SSH tunnel
To access securely, we must already create an SSH tunnel through which we will pass all the exchanges between the client and the VNC server. On Windows, you can use Putty, on MacOS or Linux, you will use the Terminal simply.
On Putty, in the left menu, go to Connection -> SSH -> Tunnels.
In the Add New Forwarded Port section, enter 5901 in the Source port field and localhost: 5901 as the Destination. Click the Add button to finish
On macOS or Linux, run the following command and enter your password.
ssh vnc@IP_VNC_SERVER -L 5901:localhost:5901
Now, in your VNC client, replace the IP of the VNC server with localhost: 5901. Disregard the warning message, the connection is not secure between your computer and your computer! Everything that comes out (and goes back) now passes through the SSH tunnel.
Orange Pi Comparison Chart
No posts for this criteria.- Install Home Assistant (HASS) on an Orange Pi running under Armbian
- IoT development based on Orange Pi, Arduino (Firmata), Nodejs, Blynk and Johnny-Five
- Blynk + Node.js + Johnny-Five: drive a Pan-Tilt PTZ SG90 kit on Orange Pi with an Arduino / Firmata
- Start programming with Node Js and Johnny-Five: IoT and robotics based on Arduino, Raspberry Pi, Orange Pi
- Orange Pi: test of the OPI.GPIO package for Node-Red (node-red-contrib-opi-gpio)
- Orange Pi (Armbian): replace the GPIO by an Arduino/Firmata, Node-RED and Johnny-Five
[…] If you opted for the Desktop version, a tutorial for remote access with TightVNC […]