System Servicesvncremote desktopremote accessnetwork computingvnc servervnc viewer

TightVNC

TightVNC is a Virtual Network Computing (VNC) implementation providing remote desktop access across networks. It includes server, viewer, password tools, and wrappers optimized for low-bandwidth connections.

Description

TightVNC enables viewing and controlling remote desktop environments from anywhere on the Internet across various architectures. The suite includes tightvncserver for hosting VNC sessions, xtightvncviewer for client connections, tightvncpasswd for managing authentication passwords, and supporting utilities like tightvncconnect and Xtightvnc. It differs from standard VNC by using optimized data encoding like Tight encoding for better performance over slow connections.

Use cases include remote administration, support, and monitoring of Kali Linux systems. The server generates displays viewable via VNC clients without needing a physical display, making it ideal for headless servers. Password management supports both full-control and view-only access, enhancing security for different permission levels.

The tools integrate with X11 environments and support features like shared sessions, reverse connections, and SSH tunneling for secure access.

How It Works

TightVNC operates on the VNC protocol (RFB - Remote Framebuffer), sending screen updates as rectangles using encodings like Tight, Zlib, Hextile, CoRRE, RRE, CopyRect, or Raw. Tight encoding preprocesses pixel data with zlib compression and optional JPEG for color-rich areas, optimizing for low bandwidth. Servers like Xtightvnc and tightvncserver authenticate via DES-encrypted passwords from vncpasswd files, supporting view-only mode. Clients like xtightvncviewer request preferred encodings, with servers adapting to client capabilities. Reverse connections and HTTP serving are supported.

Installation

bash

sudo apt install tightvncserver

Flags

-tWrite passwords into /tmp/$USER-vnc/passwd, creating the directory if it does not exist, and checking permissions (mode must be 700)

-fFilter mode. Read plain-text passwords from stdin, write encrypted versions to stdout. Short or empty passwords silently accepted

-rfbauth passwd-fileUse authentication on RFB protocol

-listenMake the viewer listen on port 5500+display for reverse connections from a server

-sharedSpecify that a shared connection is requested. Default in TightVNC

-viewonlyDisable transfer of mouse and keyboard events from the client to the server

-alwayssharedAlways treat new clients as shared

-neversharedNever treat new clients as shared

Examples

Interactively set primary and optional view-only passwords for VNC server authentication (defaults to $HOME/.vnc/passwd)

tightvncpasswd

Set passwords in secure temporary location /tmp/$USER-vnc/passwd for NFS/shared home partitions

tightvncpasswd -t

Filter mode: read plaintext passwords from stdin and output encrypted versions to stdout

tightvncpasswd -f

Launch TightVNC server on next available display (wrapper for Xtightvnc)

tightvncserver

Kill TightVNC server on display :1

tightvncserver -kill :1

Tell Xvnc to connect to a listening VNC viewer on the given host and port

tightvncconnect host:port

Connect X viewer client to VNC server at host:display

xtightvncviewer host:display

Make viewer listen for reverse connections from server on port 5500+display

xtightvncviewer -listen

Updated 2026-04-16kali.org ↗