Getting RealVNC Server on Raspberry Pi to Listen Only on Localhost

by Jul 8, 2025IT Tips0 comments

Installed VNC using rasp-config => Interface options => VNC

Wanted to avoid having port 5900 listening on the local subnet (0.0.0.0:5900) but only available if I SSH to the box and connect via SSH tunnel

?
1
2
3
# create /etc/vnc/config.d/vncserver-x11
# contents
localhost=1

https://help.realvnc.com/hc/en-us/articles/360002253878-Configuring-RealVNC-Connect-Using-Parameters#populating-configuration-files-with-parameters-0-2

After the above setting and restart the Local Address changes from (0.0.0.0:5900 to 127.0.0.1:5900)

?
1
2
3
4
sudo netstat -apn | grep 5900
# output
tcp        0      0 127.0.0.1:5900          0.0.0.0:*               LISTEN      812/vncserver-x11-c
tcp6       0      0 ::1:5900                :::*                    LISTEN      812/vncserver-x11-c

Overriding a SystemD unit file

The problem with copilot it was telling me to edit the unit file and add `-listen 127.0.0.1` and all sorts of other solutions but none seemed to work for me.

But in trying the solutions it offered I found out how to edit and override a systemd unit file as follows

?
1
sudo systemctl edit vncserver-x11-serviced.service

Next was to edit to taste but make sure you clear ExecStart with ExecStart=

After editing the unit file you need to make sure systemd knows it has changed

?
1
2
3
sudo systemctl daemon-reexec # restarts systemd process more extreme
sudo systemctl daemon-reload # this is usually all that is needed as it will re-read the changed unit files
sudo systemctl restart vncserver-x11-serviced.service # then restart the changed process

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

The reCAPTCHA verification period has expired. Please reload the page.