How to Enable Remote Desktop Logins on Ubuntu 20.04 When You Can Only Reach the Host Via SSH

Problem: You want to log in to a Gnome desktop on a remote Ubuntu 20.04 host.

Complication: You can only reach the host via SSH.

Further complication: A bug in Gnome currently makes it impossible to enable Gnome’s built-in screen sharing if you connect via SSH. ☹

Solution: Use TigerVNC and an SSH tunnel, and log into that desktop! Here’s how, minus the 2+ hours of head-scratching and swearing that accompanied my long trip down this short path today.

Caveats: This solution assumes you already have Gnome installed and working on the target host. It also assumes X11 provides the desktop on the host; if you’re using Wayland, these steps won’t work.

Step 1. Begin by SSHing to the remote host. Once you’re in, sudo apt install tigervnc-standalone-server to install TigerVNC.

Step 2. Run vncpasswd to set a password for your VNC sessions.

Step 3. Create a file at ~/.vnc/xstartup and fill it with these contents:

#!/bin/sh [ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup [ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources vncconfig -iconic & dbus-launch --exit-with-session env GNOME_SHELL_SESSION_MODE=ubuntu /usr/bin/gnome-session --systemd --session=ubuntu & # comment out previous line & uncomment next one if you want a vanilla Gnome session # dbus-launch --exit-with-session gnome-session &

Step 4. To launch the VNC server, do: vncserver -localhost no

Step 5. Now do vncserver -list to see what port VNC is running on. The number you want is listed under RFB PORT # and will vary depending on how many X sessions are already active on the machine. You’ll use this number shortly.

Step 6. Do exit to disconnect from this SSH session.

Step 7. Start another SSH session, this time with a tunnel for the port number you noted above. In this example, 5902 is the port:
ssh -L 5902:localhost:5902 yourusername@yourhostname

Step 8. You should be connected to the host again, but with a tunnel running from your local port to the remote port. To log in to the remote desktop session, point your local VNC client at the local port. (In this example, I’d use Remmina to connect to localhost:5902 using the VNC protocol. After I enter the password I created in step 2, voilà, my remote desktop appears!)

Step 9. When you’re done, disconnect your VNC client, and then, in your SSH session, do:
vncserver -kill :*

Step 10. Now close your SSH session with exit

Assuming the number of active X sessions on the host is constant, subsequent connections are simpler: You can start the SSH connection with the requisite tunnel (as in step 7), then fire up TigerVNC (step 4), then connect with your VNC client.

(I referenced several different outdated web pages while puzzling this out. Install and Configure TigerVNC server on Ubuntu 18.04 was the most helpful, but the SSH tunnel setup in that walkthrough is needlessly complex, and my steps will also get you a more-or-less proper Ubuntu-flavored Gnome session rather than a vanilla Gnome session.)