🥇Linux VPS with GUI: Launching an RDP Server on Ubuntu 18.04

В previous article we've covered running a VNC server on any type of virtual machine. This option has a lot of disadvantages, the main of which are high bandwidth requirements for data transmission channels. Today we will try to connect to a graphical desktop on Linux via RDP (Remote Desktop Protocol). The VNC system is based on the transmission of pixel arrays via the RFB (Remote Framebuffer) protocol, while RDP allows you to send more complex graphic primitives and high-level commands. It is typically used for remote desktop services on Windows, but servers for Linux are also available.

We will take a virtual machine running Ubuntu Server 18.04 LTS with two cores, four gigabytes of RAM and a twenty gigabyte hard disk drive (HDD). A weaker configuration is not well suited for a graphical desktop, although it depends on the tasks being solved. Don't forget to use promo code Habrahabr10 to get a 10% discount on your order.

Installing the desktop environment with all dependencies is done with the following command:

sudo apt-get install xfce4 xfce4-goodies xorg dbus-x11 x11-xserver-utils

As in the previous case, we chose XFCE because of the relatively low requirements for computing resources.

Russification of the server and software installation

Often, virtual machines are deployed with English localization only. On the desktop, you may need Russian, which is easy to set up. First, install translations for system programs:

sudo apt-get install language-pack-ru

Set up localization:

sudo update-locale LANG=ru_RU.UTF-8

The same effect can be achieved by manually editing the /etc/default/locale.

To localize GNOME and KDE, the repository contains the language-pack-gnome-ru and language-pack-kde-ru packages - you will need them if you will use programs from these desktop environments. In XFCE, translations are installed with applications. Next, you can install dictionaries:

# Словари для проверки орфографии
sudo apt-get install hunspell hunspell-ru

# Тезаурус для LibreOffice
sudo apt-get install mythes-ru

# Англо-русский словарь в формате DICT
sudo apt-get install mueller7-dict

In addition, the installation of translations may be required for some application programs:

# Браузер Firefox
sudo apt-get install firefox firefox-locale-ru

# Почтовый клиент Thunderbird
sudo apt-get install thunderbird thunderbird-locale-ru

# Офисный пакет LibreOffice
sudo apt-get install libreoffice libreoffice-l10n-ru libreoffice-help-ru

This completes the preparation of the desktop environment, it remains to configure the RDP server.

Installing and configuring the RDP server

The Ubuntu repositories have a freely distributed Xrdp server, which we will use:

sudo apt-get install xrdp

If everything went well, the server should start automatically:

sudo systemctl status xrdp

The Xrdp server runs as the xrdp user and takes the /etc/ssl/private/ssl-cert-snakeoil.key certificate by default, which you can replace with your own. For read access to the file, you need to add the user to the ssl-cert group:

sudo adduser xrdp ssl-cert

The default settings can be found in the /etc/default/xrdp file, and all other server configuration files are in the /etc/xrdp directory. The main parameters are in the xrdp.ini file, which can be left unchanged. The config is well documented, besides, there are corresponding manpages in the kit:

man xrdp.ini
man xrdp

It remains only to edit the /etc/xrdp/startwm.sh script, which is executed when the user session is initialized. First, let's make a backup copy of the script from the distribution:

sudo mv /etc/xrdp/startwm.sh /etc/xrdp/startwm.b
sudo nano /etc/xrdp/startwm.sh

To start the XFCE desktop environment, you need a script that looks something like this:

#!/bin/sh
if [ -r /etc/default/locale ]; then
. /etc/default/locale
export LANG LANGUAGE
fi
exec /usr/bin/startxfce4

Please note: in scripts, it is better to write the full path to executable files - this is a good habit. Let's make the script executable and on this the Xrdp server setup can be considered complete:

sudo chmod 755 /etc/xrdp/startwm.sh

Restarting the server:

sudo systemctl restart xrdp

Firewall setup

By default, Xrdp listens on TCP port 3389 on all interfaces. Depending on the virtual server configuration, you may need to configure the Netfilter firewall. On Linux this is usually done with the iptables utility, but on Ubuntu it's better to use ufw. If the client's IP address is known, the configuration is performed by the following command:

sudo ufw allow from IP_Address to any port 3389

You can allow connections from any IP like this:

sudo ufw allow 3389

The RDP protocol supports encryption, but making the Xrdp server accessible from public networks is a bad idea. If the client does not have a fixed IP, the server should only listen on localhost to improve security. Access to it is best configured through an SSH tunnel, which will securely redirect traffic from the client computer. We have a similar approach used in a previous post for the VNC server.

Connecting to an RDP server

To work with the desktop environment, it is better to create a separate non-privileged user:

sudo adduser rdpuser

Let's add the user to the sudo group so that he can perform administration-related tasks. If there is no such need, this step can be skipped:

sudo gpasswd -a rdpuser sudo

You can connect to the server using any RDP client, including the built-in Windows Remote Desktop client. If Xrdp is listening on the external interface, no further action is required. It is enough to specify the VPS IP address, username and password in the connection settings. After connecting, we will see something like this:

After the initial setup of the desktop environment, we will get a full-fledged desktop. As you can see, it does not consume so many resources, although everything will depend on the applications used.

If the Xrdp server only listens on localhost, the client computer will have to pack the traffic into an SSH tunnel (the VPS must be running sshd). On Windows, you can use a graphical SSH client (such as PuTTY), while on UNIX systems, you need the ssh utility:

ssh -L 3389:127.0.0.1:3389 -C -N -l rdpuser RDP_server_ip

After the tunnel is initialized, the RDP client will no longer connect to the remote server, but to the local host.

With mobile devices, it’s more difficult: SSH clients capable of setting up a tunnel will have to be bought, besides, in iOS and iPadOS, background work of third-party applications is difficult due to too good power consumption optimization. On the iPhone and iPad, it will not be possible to raise the tunnel in a separate application - you will need a harvester application that itself can establish an RDP connection via SSH. Such, for example, as Remoter Pro.

Session manager and user sessions

The possibility of multi-user work is implemented directly in the Xrdp server and does not require additional configuration. After starting the service through systemd, one process runs in daemon mode, listens on port 3389 and interacts through localhost with the session manager.

ps aux |grep xrdp

sudo netstat -ap |grep xrdp

The session manager is usually not visible to users, because the login and password specified in the client settings are transferred to it automatically. If this does not happen or an error occurs during authentication, an interactive login window will appear instead of the desktop.

The automatic start of the session manager is specified in the /etc/default/xrdp file, and the configuration is stored in /etc/xrdp/sesman.ini. By default, it looks something like this:

[Globals]
ListenAddress=127.0.0.1
ListenPort=3350
EnableUserWindowManager=true
UserWindowManager=startwm.sh
DefaultWindowManager=startwm.sh

[Security]
AllowRootLogin=true
MaxLoginRetry=4
TerminalServerUsers=tsusers
TerminalServerAdmins=tsadmins
; When AlwaysGroupCheck=false access will be permitted
; if the group TerminalServerUsers is not defined.
AlwaysGroupCheck=false

[Sessions]

Here you can not change anything, you just have to disable root login (AllowRootLogin=false). A separate xrdp process is launched for each user who has logged in to the system: if you disconnect without ending the session, the default user processes will continue to run, and you can reconnect to the session. The settings can be changed in the /etc/xrdp/sesman.ini file (section [Sessions]).

Switching keyboard layouts

There are usually no problems with a two-way clipboard, but with the Russian keyboard layout you will have to play around a bit (the Russian locale should be already installed). Let's edit the keyboard settings of the Xrdp server:

sudo nano /etc/xrdp/xrdp_keyboard.ini

Add the following lines to the end of the configuration file:

[rdp_keyboard_ru]
keyboard_type=4
keyboard_type=7
keyboard_subtype=1
model=pc105
options=grp:alt_shift_toggle
rdp_layouts=default_rdp_layouts
layouts_map=layouts_map_ru

[layouts_map_ru]
rdp_layout_us=us,ru
rdp_layout_ru=us,ru

It remains to save the file and restart Xrdp:

sudo systemctl restart xrdp

As you can see, it is not difficult to set up an RDP server on a Linux VPS, but in previous article we've already covered the VNC setup. In addition to these technologies, there is another interesting option: using a modified NX 3 protocol, the X2Go system. We will deal with it in the next post.

Source: habr.com