Index ¦ Archives ¦ Atom

Installing a GUI on an EC2 RHEL 7 Instance

I recently needed to put a GUI on an EC2 instance running RHEL 7. In working through all the quirks to get it running, I noticed there weren't a lot of tutorials that covered this particular use case. There were plenty on Ubuntu running on EC2, and plenty on RHEL 6/7 on a regular machine, but not a whole lot for the combo.

So in order to help out someone else who may be needing to do this, here's how to get a GUI installed on your RHEL 7 EC2 instance:

1) First things first, get your RHEL 7 instance spun up:

I just used the standard RHEL 7.1 AMI from Amazon. Just grab whichever one is coming up for your region, and feel free to stick with the defaults, except for the security group step.


I always like to tag my instance at this makes life a lot easier later:


2) Make your security group:

When launching, click to select "Create new security group", then make one with two rules: SSH on Port 22 allowed from "MyIP", and Custom TCP on ports 5900-5905 allowed from "MyIP".

Note: I try to avoid selecting "Everyone" whenever possible for security reasons, so you'll want to lock things down to only your IP. If others will be using this machine, then adjust accordingly, however your organization sets its security policies.


Review and then launch that bad boy.

3) If you don't have these already, download Putty and PuttyGen

4) Make a PuttyGen-version private key file:

Now you'll need to SSH into the instance you just made, but on Windows, Putty can't use the standard AWS .pem key file to authenticate. What you need to do is have PuttyGen convert your .pem file into a .ppk version of it, so that Windows Putty can use it.

After downloading and firing up PuttyGen, click load:


Then browse to the .pem key file you used to create your RHEL 7 instance and click load again. You should get an info message like this:


Click ok, then click "Save Private Key" to save this newly-generated .ppk file wherever you would like.


5) Now that you have that done, SSH into the box you just spun up and elevate to root in order to install some packages:

sudo su

6) Update everything on the box to start:

yum update

7) Then install the GUI packages you'll need:

yum groupinstall "X Window System"
yum -y groupinstall gnome
yum install firefox

8) Install TightVNC:

Gnome tends to take a while (and why not? It's got something like 86 packages in it, lol) so while you're waiting on that, go ahead and download TightVNC 2.7.10

You can just install the "Typical" version, and when it prompts you-select "Require password-based authentication" and select a password. Also select "Protect control interface with an administrative password" and set another password.

Then go ahead and in your start menu, select "Run TightVNC Server" to start the TightVNC service on your machine:


Just to verify it's running, you can either look in your task bar, or select the "Run TightVNC Server" start menu icon again, and get the "TightVNC server is already running" error message. Excellent.

9) Lastly, install the TigerVNC server on your linux box:

yum install tigervnc-server

10) Then resume being a normal user, and start up the TigerVNC server for initial configuration:



11) Set your password, and then on the info message that comes up, pay attention to the location specified here:


12) Edit the configuration file in that location:

sudo vi /home/ec2-user/.vnc/xstartup

Comment out the current line starting with exec and add the following:

exec gnome-session &

So that you end up with a VNC config file like this:


13) Next, you need to edit your VNC Servers config file:

sudo vi /etc/sysconfig/vncservers

And add the following to the file:

VNCSERVERARGS[1]="-geometry 1024x768"

Your finished file should look something like this:


14) Start the VNC Server and note your display's port number:

Note: You actually already have this running from the step when you set your password, but in the interest of simplicity, I am having you repeat this step so that this time, we can focus on identifying your port, instead of setting a password and configuring. This is why it'll likely come up on port 2, BTW.


In the info message that comes up, take a look at where it says "desktop is" followed by the IP-name of your box, followed by the word "internal" with a colon and number. This number is how you'll determine the port that the VNC server will be running off of.


Basically, your port is going to be 590 + whatever that number is. So, in the above example, your port will be 5902.

15) Set up a Putty session/SSH Tunnel with the proper settings:

Now we'll fire up a Putty session/SSH tunnel so that we can access the desktop GUI from TightVNC Viewer on our local machine.

Pull up Putty and put in ec2-user@PUBLICDNSHERE, and put in your private key, but instead of connecting now like you normally would, also set the following:

Where you put in your private key, check the box above where it says "Allow agent forwarding".


Then go to the "Tunnels" link on the lower left (Below the "SSH" heading) and add a forwarded port of Source port: 5902 and Destination: localhost:5902 and select Add. The port will show up on in the blank white box, and now you are good to go. Click Open to start your session.


16) Log Into the GUI with TightVNC Viewer:

Now that that is done, minimize (DON'T close) the SSH session we just pulled up. Go to your start menu and fire up TightVNC Viewer.

Log in with "Remote Host" set as localhost:5902 (or whatever your port was) and put in your password that you set in your RHEL box back when you were setting up and configuring the VNC server.


17) Enjoy your new GUI!

At this step, your new GUI should come up, and RHEL will prompt you for the initial setup info. Congratulations!



Ok, what happens if the GUI's NOT coming are some things to check:

If you are getting a message saying the machine actively refused the connection, check to make sure you have your SSH tunnel/port forwarding session up. If you forgot to click "Open" or you accidentally closed the window/session, then you won't be able to log in.

Make sure you are using the right password...don't use the one you set when you were installing the TightVNC program on your local machine. Use the one you set from within your Linux box.

Make sure that the port you gave when setting up the SSH tunnel/port forwarding session matches the one you are putting in at the TightVNC Viewer "Remote Host" field. Annndd...make sure this port actually is the one that you determined when you ran "vncserver" and got it from the info message. (Remember "desktop is....?")

© 2015 Gloria Silveira. Member of the Internet Defense League.