Some Computer Hints

Google Cloud Shell as a Desktop

Google Cloud Platform (GCP) provides every Google user with a free, but temporary Linux virtual machine instance with command-line access called Google Cloud Shell. Every Google user has a free 5 GB of persistent disk storage. When you visit the Google Cloud Shell Console page, a Linux instance is automatically started and your persistent disk storage is mounted under the /home directory. You can do anything, including root (superuser) maintenance. However, after you exit from your shell, the Linux instance is terminated and anything done outside your /home directory is lost.

How to Configure It as a Desktop?

You can use your free Cloud Shell as a graphical Linux desktop also. For this, you need to do some installations on your temporary virtual machine and then access it from your local machine by using a VNC Viewer. Please note that any installations done using the root Linux user (via sudo) will be lost and need to be redone next time you start your Cloud Shell virtual machine. However, any configurations done under your normal (Google provided) Linux user will not be lost, since they will be stored under your /home/your-google-user/ persistent directory.


These should be done each time your Cloud Shell server is restarted:

$ sudo sh -c 'apt update && apt dist-upgrade && apt autoclean && apt autoremove'
$ sudo apt install vnc4server gnome-panel gnome netcat socat

The first command above is used to update all the installed components to the latest version. You may need to run this command two times, just to be sure. The second command is needed for installing some operating system components that are not installed by default in a Cloud Shell server prepared by Google. Do not panic if the command takes too much time and produces too much output; it will take up to 5 minutes to complete. At one step you will have to choose the keyboard layout that you are going to use.

If you use additional software, you will have to install them each time as well.


These will be done under your /home directory, so only once:

$ mkdir $HOME/.vnc
$ echo '#!/bin/bash
[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey
vncconfig -iconic &
gnome-session &
gnome-panel &
gnome-settings-daemon &
metacity &
nautilus &
gnome-terminal &
' > $HOME/.vnc/xstartup
$ chmod 755 $HOME/.vnc/xstartup

Starting, Using, and Stopping the VNC Server

To start your VNC server on your Google Cloud Shell machine, use the following command:

$ vncserver -geometry 1872x976 -localhost

Here the -geometry should be something that “fits” to your local machine screen size. The -localhost parameter instructs the VNC server to listen only on the local interface and not on the (wide area) network.

The first time you run vncserver you will be asked for a password. Enter a password that you will not forget; you will have to give it to the VNC client later. You can answer with n to the question to enter a view-only password.

The TCP port the VNC server is “listening” is 5901 and the DISPLAY screen is :1. You can verify that by using the following command:

$ netstat -nap | grep ":5901.*LISTEN"
tcp    0   0*   LISTEN      26030/Xtigervnc
tcp6   0   0   ::1:5901         :::*        LISTEN      26030/Xtigervnc

Before starting a graphical program on the “display screen” provided by the VNC server, you should set the DISPLAY environment variable correctly. For example:

$ export DISPLAY=:1
$ gedit

To stop the VNC server, enter the following command:

$ vncserver -kill :1

How to Access It from Your Local Machine?

First of all, you should install a VNC client on your local machine. Real VNC Viewer is a good option.

Then comes the real problem of accessing your (remote) Linux desktop from your local machine. Google Shell is a virtual machine which cannot be accessed from the Internet directly. We need a method to access our VNC server listening on port 5901 of Google Shell from our VNC client on our local machine.

Using an sshd Server

To solve this problem, one option would be to install a Cygwin Secure Shell Server (sshd) on your local machine, make the ssh port (TCP 22) accessible to the outside world and connect to it (i.e., to your local machine) from your Google Shell server using the following command:

$ ssh -R 5901:localhost:5901 your-local-user@your-public-IP

(Note: To find your-public-IP, please click.)

After this command is executed on your remote machine, you can use the VNC viewer (client) on your local machine by connecting to localhost:5901.

The following diagram summarizes the network configuration:

Google Cloud Shell Desktop VNC Network Connection Over SSH

Google Cloud Shell Desktop VNC Network Connection Over SSH

Cloud Shell Server (1) vnc server; listens on localhost:5091 (3) ssh client; connects to sshd server:22 and localhost:5091 Your Local Machine (4) vnc client; connects to localhost:5091 (2) sshd server; listens on your-public-IP:22 and localhost:5091

Using netcat or socat

If you do not have or do not what to install sshd in your local machine, you can do something similar and simpler with Cygwin tools like netcat, nc, or socat. Although similar network-wise, these methods will not be as secure as the “ssh tunneling” method described above.

On your local machine (Windows with Cygwin or Linux) run this:

$ rm -f /tmp/f ; mkfifo /tmp/f
$ nc -l 22 </tmp/f | nc -l 5901 >/tmp/f

On your Google Shell server run this:

$ rm -f /tmp/f ; mkfifo /tmp/f
$ nc your-public-IP 22 </tmp/f | nc localhost 5901 >/tmp/f

Here, you can replace the TCP port 22 with any appropriate port that is accessible on your local machine from the outside world (=Internet). After the above connections are established, you can use the VNC viewer (client) on your local machine by connecting to localhost:5901 as previously.

Or, instead of netcat you may use socat to do the same:

$ socat TCP-LISTEN:22 TCP-LISTEN:5901,bind=localhost	# on local machine
$ socat TCP:your-public-IP:22 TCP:localhost:5901	# on Google Shell server

Using UDP Hole Punching

Another simpler method would be to use UDP hole punching. If you select this method, first install my Python script on both hosts and then use the following commands:

$ ./ -l 5901 server’s-public-IP	# on local machine
$ ./ -c 5901 your-public-IP	# on Google Shell server

Note: To find server’s-public-IP, enter the following command on your Google Shell server:


or if it does not work use a public service like this:

$ wget -qO - | grep Public

Sample Screenshot

Below is given a screenshot of the VNC Viewer client screen on my local machine.

Google Cloud Shell Desktop
My Google Cloud Shell Desktop

Please note that you can install additional programs on your remote Linux desktop by opening a terminal and using the apt command line tool. For example:

$ sudo apt install galculator ghex thunar x11-apps