Π we've covered running a VNC server on any type of virtual machine. This option has a lot of disadvantages, the main of which are high bandwidth requirements for data transmission channels. Today we will try to connect to a graphical desktop on Linux via RDP (Remote Desktop Protocol). The VNC system is based on the transmission of pixel arrays via the RFB (Remote Framebuffer) protocol, while RDP allows you to send more complex graphic primitives and high-level commands. It is typically used for remote desktop services on Windows, but servers for Linux are also available.
Table of Contents:
Installing the graphical environment
We will take a virtual machine running Ubuntu Server 18.04 LTS with two cores, four gigabytes of RAM and a twenty gigabyte hard disk drive (HDD). A weaker configuration is not well suited for a graphical desktop, although it depends on the tasks being solved. Don't forget to use promo code Habrahabr10 to get a 10% discount on your order.
Installing the desktop environment with all dependencies is done with the following command:
sudo apt-get install xfce4 xfce4-goodies xorg dbus-x11 x11-xserver-utilsAs in the previous case, we chose XFCE because of the relatively low requirements for computing resources.
Russification of the server and software installation
Often, virtual machines are deployed with English localization only. On the desktop, you may need Russian, which is easy to set up. First, install translations for system programs:
sudo apt-get install language-pack-ruSet up localization:
sudo update-locale LANG=ru_RU.UTF-8The same effect can be achieved by manually editing the /etc/default/locale.
To localize GNOME and KDE, the repository contains the language-pack-gnome-ru and language-pack-kde-ru packages - you will need them if you will use programs from these desktop environments. In XFCE, translations are installed with applications. Next, you can install dictionaries:
# Π‘Π»ΠΎΠ²Π°ΡΠΈ Π΄Π»Ρ ΠΏΡΠΎΠ²Π΅ΡΠΊΠΈ ΠΎΡΡΠΎΠ³ΡΠ°ΡΠΈΠΈ
sudo apt-get install hunspell hunspell-ru
# Π’Π΅Π·Π°ΡΡΡΡ Π΄Π»Ρ LibreOffice
sudo apt-get install mythes-ru
# ΠΠ½Π³Π»ΠΎ-ΡΡΡΡΠΊΠΈΠΉ ΡΠ»ΠΎΠ²Π°ΡΡ Π² ΡΠΎΡΠΌΠ°ΡΠ΅ DICT
sudo apt-get install mueller7-dictIn addition, the installation of translations may be required for some application programs:
# ΠΡΠ°ΡΠ·Π΅Ρ Firefox
sudo apt-get install firefox firefox-locale-ru
# ΠΠΎΡΡΠΎΠ²ΡΠΉ ΠΊΠ»ΠΈΠ΅Π½Ρ Thunderbird
sudo apt-get install thunderbird thunderbird-locale-ru
# ΠΡΠΈΡΠ½ΡΠΉ ΠΏΠ°ΠΊΠ΅Ρ LibreOffice
sudo apt-get install libreoffice libreoffice-l10n-ru libreoffice-help-ruThis completes the preparation of the desktop environment, it remains to configure the RDP server.
Installing and configuring the RDP server
The Ubuntu repositories have a freely distributed Xrdp server, which we will use:
sudo apt-get install xrdpIf everything went well, the server should start automatically:
sudo systemctl status xrdp
The Xrdp server runs as the xrdp user and takes the /etc/ssl/private/ssl-cert-snakeoil.key certificate by default, which you can replace with your own. For read access to the file, you need to add the user to the ssl-cert group:
sudo adduser xrdp ssl-certThe default settings can be found in the /etc/default/xrdp file, and all other server configuration files are in the /etc/xrdp directory. The main parameters are in the xrdp.ini file, which can be left unchanged. The config is well documented, besides, there are corresponding manpages in the kit:
man xrdp.ini
man xrdpIt remains only to edit the /etc/xrdp/startwm.sh script, which is executed when the user session is initialized. First, let's make a backup copy of the script from the distribution:
sudo mv /etc/xrdp/startwm.sh /etc/xrdp/startwm.b
sudo nano /etc/xrdp/startwm.shTo start the XFCE desktop environment, you need a script that looks something like this:
#!/bin/sh
if [ -r /etc/default/locale ]; then
. /etc/default/locale
export LANG LANGUAGE
fi
exec /usr/bin/startxfce4Please note: in scripts, it is better to write the full path to executable files - this is a good habit. Let's make the script executable and on this the Xrdp server setup can be considered complete:
sudo chmod 755 /etc/xrdp/startwm.shRestarting the server:
sudo systemctl restart xrdp
Firewall setup
By default, Xrdp listens on TCP port 3389 on all interfaces. Depending on the virtual server configuration, you may need to configure the Netfilter firewall. On Linux this is usually done with the iptables utility, but on Ubuntu it's better to use ufw. If the client's IP address is known, the configuration is performed by the following command:
sudo ufw allow from IP_Address to any port 3389You can allow connections from any IP like this:
sudo ufw allow 3389The RDP protocol supports encryption, but making the Xrdp server accessible from public networks is a bad idea. If the client does not have a fixed IP, the server should only listen on localhost to improve security. Access to it is best configured through an SSH tunnel, which will securely redirect traffic from the client computer. We have a similar approach for the VNC server.
Connecting to an RDP server
To work with the desktop environment, it is better to create a separate non-privileged user:
sudo adduser rdpuser
Let's add the user to the sudo group so that he can perform administration-related tasks. If there is no such need, this step can be skipped:
sudo gpasswd -a rdpuser sudoYou can connect to the server using any RDP client, including the built-in Windows Remote Desktop client. If Xrdp is listening on the external interface, no further action is required. It is enough to specify the VPS IP address, username and password in the connection settings. After connecting, we will see something like this:
After the initial setup of the desktop environment, we will get a full-fledged desktop. As you can see, it does not consume so many resources, although everything will depend on the applications used.
If the Xrdp server only listens on localhost, the client computer will have to pack the traffic into an SSH tunnel (the VPS must be running sshd). On Windows, you can use a graphical SSH client (such as PuTTY), while on UNIX systems, you need the ssh utility:
ssh -L 3389:127.0.0.1:3389 -C -N -l rdpuser RDP_server_ipAfter the tunnel is initialized, the RDP client will no longer connect to the remote server, but to the local host.
With mobile devices, itβs more difficult: SSH clients capable of setting up a tunnel will have to be bought, besides, in iOS and iPadOS, background work of third-party applications is difficult due to too good power consumption optimization. On the iPhone and iPad, it will not be possible to raise the tunnel in a separate application - you will need a harvester application that itself can establish an RDP connection via SSH. Such, for example, as .
Session manager and user sessions
The possibility of multi-user work is implemented directly in the Xrdp server and does not require additional configuration. After starting the service through systemd, one process runs in daemon mode, listens on port 3389 and interacts through localhost with the session manager.
ps aux |grep xrdp
sudo netstat -ap |grep xrdp
The session manager is usually not visible to users, because the login and password specified in the client settings are transferred to it automatically. If this does not happen or an error occurs during authentication, an interactive login window will appear instead of the desktop.
The automatic start of the session manager is specified in the /etc/default/xrdp file, and the configuration is stored in /etc/xrdp/sesman.ini. By default, it looks something like this:
[Globals]
ListenAddress=127.0.0.1
ListenPort=3350
EnableUserWindowManager=true
UserWindowManager=startwm.sh
DefaultWindowManager=startwm.sh
[Security]
AllowRootLogin=true
MaxLoginRetry=4
TerminalServerUsers=tsusers
TerminalServerAdmins=tsadmins
; When AlwaysGroupCheck=false access will be permitted
; if the group TerminalServerUsers is not defined.
AlwaysGroupCheck=false
[Sessions]Here you can not change anything, you just have to disable root login (AllowRootLogin=false). A separate xrdp process is launched for each user who has logged in to the system: if you disconnect without ending the session, the default user processes will continue to run, and you can reconnect to the session. The settings can be changed in the /etc/xrdp/sesman.ini file (section [Sessions]).
Switching keyboard layouts
There are usually no problems with a two-way clipboard, but with the Russian keyboard layout you will have to play around a bit (the Russian locale should be already ). Let's edit the keyboard settings of the Xrdp server:
sudo nano /etc/xrdp/xrdp_keyboard.iniAdd the following lines to the end of the configuration file:
[rdp_keyboard_ru]
keyboard_type=4
keyboard_type=7
keyboard_subtype=1
model=pc105
options=grp:alt_shift_toggle
rdp_layouts=default_rdp_layouts
layouts_map=layouts_map_ru
[layouts_map_ru]
rdp_layout_us=us,ru
rdp_layout_ru=us,ruIt remains to save the file and restart Xrdp:
sudo systemctl restart xrdpAs you can see, it is not difficult to set up an RDP server on a Linux VPS, but in we've already covered the VNC setup. In addition to these technologies, there is another interesting option: using a modified NX 3 protocol, the X2Go system. We will deal with it in the next post.
Source: habr.com