Poll - Sorta… What is your favorite Remote Desktop server?

Hey everyone

Question captured in the subject line, what is your favorite VNC server? Not quite ready to go full command line via ssh. Looking for something that gets updates, secure, and a dummy proof gui.

My use case is Linux to Linux connection via Remmina so happy to hear all your thoughts on what you do!

Edit, I am using Ubuntu Mate

1 Like

X11VNC, personally.

2 Likes

xrdp… lol

2 Likes

Sunshine.

If you are planning on running any public-facing services on this server, I highly recommend getting comfortable with CLI before deploying the server. The security is worth the effort.

If this is internal only, then it depends. If the system doesn’t require GPU acceleration, then SPICE is much more performant than VNC. If GPU acceleration is involved, then NoMachine’s NX protocol has provided the best results in all of my personal tests.

1 Like

if I do connect externally it would be through wireguard (pivpn route)

How you connect is one thing. It is more important that the service is not exposed to the world 24/7.

The firewall is always your friend…

I recommend the principle of block all, allow only the minimum necessary.
If you have a service that listens on port xxx, block it and add a rule only for your ip.

If something doesn’t need to be exposed then it should be hidden completely or at least only allowed for specific ip’s.

The fact that your connection to the machine will be via vpn does not mean that the server is already secure.
As long as the service is available to the world, there is risk.
It all depends on the configuration and which traffic goes through and what is available without restrictions.

It’s X right? Just use X11 forwarding, forget VNC entirely. The remote system doesn’t even need to have an X server running, and you get far better performance as it works like RDP, it’s forwarding the X draw commands and events over the network instead of capturing the desktop and sending a compressed image.

user@local:~$ ssh user@remote -X
user@remote:~$ echo $DISPLAY
localhost:10.0
user@remote:~$ xeyes

As for security, forget VPNs, etc… just use a SSH key and disable password auth.

5 Likes

Is this a troll lol

NO! I use xrdp successfully where I have such a need, the xfce+xrdp duo I like and use. Communications can of course be wrapped in additional encryption at your discretion.

Pardon my ignorance here but for some reason I thought that was riddled with security issues or hasnt been updated in awhile. this is without any research i am in front of my post talking off the top of my head

I know nothing about active remote exploits for xrdp at the moment.
Still in active development, last stable release is 18 months ago so… Whether it’s perhaps less secure than vnc or not… I won’t argue, so far I don’t see any problems. :wink:

If it must be something vnc, I use Xtigervnc too.

1 Like

Do you mean remote desktop software in general? VNC is just one specific protocol, and there aren’t many competing implementations to choose from.

x2go is fast, advanced and flexible. And there’s absolutely no configuration or setup to do on the server side, GUI or CLI… just install it. Client side is pretty simple, too.

But right now the Linux GUI world is in flux… Remote desktop software for X11 stops working as Wayland comes in, and there are extremely limited options there like gnome-remote-desktop, wayvnc, and weston-rdp.

1 Like

Here are some pointers from my experience:
There are basically two ways to setup VNC: “headless” and “mirror”.
“Headless” spawns a new X11 server with associated VNC server, not connected to any real output.
This has the advantage that you can resize your VNC server to whatever resolution you want.
“Mirror” mode duplicates a real X11 display as a VNC server, with the advantage that you get OpenGL support “for free”.
Headless is easier to setup, and well-suited for a multi-user experience. Mirror is great for duplicating a screen over LAN(I’ve used it as “network connected extra monitor” in the past).

You should never host a VNC or RDP server publicly. Seriously, I’ve been at hacker conferences where it’s a literal game(with scores and all!) to make creative use of open VNC servers. They are easy to find and easy to exploit. DON’T DO IT. DON’T ASSUME BECAUSE VNC HAS AUTHENTICATION AND ENCRYPTION YOU’RE FINE TO RUN IN ON THE INTERNET. DON’T. (This holds true for almost any externally-reachable service, with maybe the exceptions of SSH and static HTTP servers)

Instead, use SSH tunneling, VPN’s or whatever.

Some alternatives to VNC would be:

RDP

RDP comes from the windows world, but can be used on Linux just fine, as both a client or a server. It has some more modern features compared to VNC, like sharing printers, but usually that’s poorly supported under Linux(and even under Windows, where some features are locked behind enterprise editions and such).

SSH X11 forwarding

Useful to get a single application to run remotely without much configuration.
Performance is not great, especially over slow connections, but you can almost always use this option.
SSH is great at circumventing firewalls and NAT hell due to port forwarding/jump hosts.

Xpra

This is designed to be basically an improved version of X11 forwarding(It works different under the hood, but the user experience is similar, and it can optionally create SSH tunneled sessions as well). You can run a single application or a complete desktop. You can even leave applications running server-side and later re-attach to them.
Xpra brings some important improvements over SSH, such as actual video compression codecs, and automatic selection of codecs(e.g. Xpra will use HQ JPEGs to encode a mostly-still desktop, but will switch to x264 if needed), it detect the available bandwidth and selects appropriate parameters, it optionally shares clipboards, printers, files, sound etc.
Not to mention that it has a HTML5 client that can be used directly in the browser for convenience.

ffmpeg/My devember project

(Don’t actually use this) My devember project has an X11 streamer application that can stream the content of an X11 server to a web browser. It was actually super easy to implement, it’s just a CGI script that responds with some headers and then calls ffmpeg to encode the desktop as MPJPEG(64 lines of server code, could be reduced to ~5 if only ffmpeg output is required).
Don’t actually use it, I just wanted to say that custom solutions and hacks are very much possible, and that ffmpeg can do a lot as well.

Notes on VirtualGL

If you want OpenGL acceleration on something different than a mirror session, you’ll need VirtualGL.
VirtualGL forwards OpenGL requests via a LD_PRELOAD hack to a back-end X11 Server that runs the GL commands, then forwards the generated data back to the application.
This allows you to run most X11 applications with OpenGL support(Some like minecraft don’t work since they load OpenGL libraries in an incompatible way).

Personal recommendation

I’d go with Xpra. Some setup is required, but it’s easy to use once setup, lots of features, very flexible and is easy to secure(use SSH).

Pretty much. I was hoping to use remmina as my one stop shop as a cilent. Just not sure what’s an easy server to set up

Okay, now do Wayland. :rofl:

Okay, now do Wayland.

I know what you’re saying, I am not a fan of Wayland at all due to this missing critical feature, anyone that works with remote systems knows how useful and valuable this feature is, especially when one is in a bind. I know there is a project that attempts to retrofit something to Wayland but it’s still utter garbage compared to what it should be.

1 Like

Yea I’m worried how mate will turn out when the roll out of wayland is more widespread

Chrome Remote Desktop is also available for Linuxhttps://www.anyviewer.com/how-to/chrome-remote-desktop-multiple-sessions-0427.html

Parsec for me. Also pay for the warp features. It’s been solid for me