Skip to content
On this page

Remote Desktops

When SSH is not enough, different protocols are available to connect to a desktop interface remotely.


Remmina / Ubuntu

Available by default on Ubuntu

A client that connects to most. Then choose the protocol that works best for your use case:

If you need to install

sudo apt-get install remmina
[sudo] password for account: 
Reading package lists... Done
Building dependency tree       
Reading state information... Done
remmina is already the newest version (1.4.2+dfsg-1ubuntu1).

to pull configs from another machine:

rsync -av account@office:/home/account/.local/share/remmina/ .local/share/remmina/


If connecting from OS X, use the built in VNC viewer / client: Screen Sharing.

Servers / Protocols

SSH Tunnels

Unless you're already working over an encrypted connection like VPN, it's a good idea to establish an SSH tunnel first before connecting to a remote desktop.

If the remote desktop protocol is not encrypted by default (e.g. VNC), it's a good idea to establish an SSH tunnel to encrypt the connection (even on a local network):

ssh <user>@<destination_ip> -L 5900:<vnc_server_ip>:5900 -L 5901:<another_vnc_ip>:5901

Note: the vnc_server_ip is proxied via the destination_ip machine, so it's relative to that.

Sometimes it's helpful to use localhost -- this proxies to the localhost of the destination_ip, which may get around firewall issues if the destination_ip proxy traffic gets routed through firewalls:

ssh <user>@<destination_ip> -L 5900:localhost:5900 

Remmia allows configuring an SSH tunnel in the client. This may work for you.

If it doesn't it's also possible to configure Remmia to launch and manage the ssh tunnel via a command on your behalf:

Rule of thumb

If you have a monitor and keyboard and mouse attached to the system, use built in screen sharing option.

If no local desktop session is active via a monitor, use either RDP or tigervnc to create a new desktop session for you. In my experiments so far, RDP did not like having an active session running for a long time. It became very sluggish. Logging out and logging back in fixed the issue.


Remote Desktop Protocol

RDP may be a more efficient protocol. Does not appear to send the whole screen as an image? It may not require the user to be logged in already.

Originally from Windows, there is a server version that can be installed on Ubuntu

sudo apt update

sudo apt install -y xrdp
sudo systemctl enable xrdp

then to see if it's running

sudo systemctl status xrdp

Logout of any current Ubuntu desktop sessions. You can’t be logged in to Ubuntu while connecting via Xrdp. This is not a good option for active desktops (e.g. keyboard and mouse attached running active processes. For that use Quick Share.

To get passed the color issue, may need to provide authorization via password up to 4 times (!).

create a file (called 02-allow-colord.conf) in /etc/polkit-1/localauthority.conf.d/ and populated with the following content

polkit.addRule(function(action, subject) {
  if (( == "org.freedesktop.color-manager.create-device" || == "org.freedesktop.color-manager.create-profile" || == "org.freedesktop.color-manager.delete-device" || == "org.freedesktop.color-manager.delete-profile" || == "org.freedesktop.color-manager.modify-device" || == "org.freedesktop.color-manager.modify-profile") &&
  subject.isInGroup("{users}")) {
    return polkit.Result.YES;

Summary: If the user belong to the group “users” then the create,modify profile and color device can then be performed without authentication prompt.

About the issue:

The desktop environment is slightly different having difficulty getting the dock to show. Maybe it doesn't matter? Sending all keys via keyboard allows most functionality

try restarting the machine after peripherals unplugged. Still able to access? Yes! Nice.


VNC is free and open source and available by default on Ubuntu.

Quick Share (Ubuntu)

Quick share is available, but requires logging in every time.

If you don't have a monitor and keyboard attached to the machine, this is a problem.

Take a second to set up tightvncserver if you plan to use this machine headless.

However, if it is a machine that will always have a keyboard and mouse attached, Quick Share is perfect!

Go to settings – click on sharing on the left panel – enable sharing using the slide switch

Click on Screen sharing (off by-default) – enable “Allow connections to control the screen“.

Select “Require a password” if you don’t want to manually approve connection on the remote computer. Set password as per your preference, you need to give it during remote authentication.


Don't enable it on the network. This way an SSH tunnel must be established first. That is, the vpn service is only available via localhost. If you can get on there, you're in.

!! NOTE !! This will only be enabled after the host has logged in to the desktop Not a good option if you don't have a local keyboard / monitor to log in with

Main Desktop (Login Server)

TODO: This looks like the same scenario as the native Ubuntu screen sharing option (above) where remote connections are only available after local login.

To attach to the existing (main, console) desktop, you'll want to use "x11vnc":

sudo apt-get install x11vnc

x11vnc -storepasswd

x11vnc -forever -bg -usepw -display :0

To start x11vnc automatically at login, create a script:

echo "/usr/bin/x11vnc -forever -bg -usepw -display :0" > ~/
chmod +x ~/

Then use the desktop's GUI to add the automatic startup:

Start -> Settings -> Session and Startup -> Application Autostart -> Add

Be sure to specify the full path to the script:



Separate Virtual Desktop

When running headless, RDP may be a more efficient option. Otherwise, if you really want VNC...

An alternative approach is to launch a new virtual desktop that is not available on the main display when a monitor is plugged in. For this you'll want to use something like "tightvncserver".

sudo ufw allow 5901

Consider if you need a full blown GUI in this case... it may be easier to just work at the command line over SSH.

To start tightvncserver at boot, you'll need an init script

#!/bin/sh -e
# Provides:          vncserver
# Required-Start:    networking
# Default-Start:     3 4 5
# Default-Stop:      0 6


# The Username:Group that will run VNC
export USER="mythtv"

# The display that VNC will use

# Color depth (between 8 and 32)

# The Desktop geometry to use.

# The name that the VNC Desktop will have.

OPTIONS="-name ${NAME} -depth ${DEPTH} -geometry ${GEOMETRY} :${DISPLAY}"

. /lib/lsb/init-functions

case "$1" in
log_action_begin_msg "Starting vncserver for user '${USER}' on localhost:${DISPLAY}"
su ${USER} -c "/usr/bin/vncserver ${OPTIONS}"

log_action_begin_msg "Stoping vncserver for user '${USER}' on localhost:${DISPLAY}"
su ${USER} -c "/usr/bin/vncserver -kill :${DISPLAY}"

$0 stop
$0 start

exit 0

It is possible to launch the VNC server when logging in to the desktop (see below), but this gets confusing if you decide to run multiple desktop instances.