In the previous article, we covered running a VNC server on any type of virtual machine. This option has a lot of disadvantages, the main one being high requirements for the bandwidth of data transmission channels. Today we will try to connect to a graphical Linux desktop using RDP (Remote Desktop Protocol). VNC is based on the transmission of arrays of pixels using the RFB (Remote Framebuffer) protocol, while RDP allows more complex graphical primitives and high-level commands to be sent. It is commonly used to organize Remote Desktop Services on Windows, but servers for Linux are also available.
Table of contents:
Installing the graphical environment
Server Russification and software
installation Installing and configuring the RDP server
Configuring the firewall
Connecting to the RDP server Session
manager and user sessions
Switching keyboard layouts
Installing a graphical environment
We'll take a virtual machine running Ubuntu Server 18.04 LTS with two processing cores, four gigabytes of RAM, and a twenty gigabyte hard disk drive (HDD). A weaker configuration is poorly suited for a graphical desktop, although it depends on the tasks being solved. Don't forget to use the promo code Habrahabr10 to get a 10% discount when ordering.
Installing the desktop environment with all dependencies is done with the following command:
sudo apt-get install xfce4 xfce4-goodies xorg dbus-x11 x11-xserver-utilsAs in the previous case, we chose XFCE due to its relatively low computational requirements.
Server Russification and software installation
Virtual machines are often deployed with English localization only. On the desktop, you may need Russian, which is not difficult to set up. First, let's install translations for system programs:
sudo apt-get install language-pack-ruLet's set up localization:
sudo update-locale LANG=ru_RU.UTF-8You can achieve the same effect by manually editing the / etc / default / locale.
To localize GNOME and KDE, the repository contains language-pack-gnome-ru and language-pack-kde-ru - you will need them if you will be using programs from these desktop environments. In XFCE, translations are installed along with the applications. Then you can install dictionaries:
#
sudo apt-get install hunspell hunspell-ru
# LibreOffice
sudo apt-get install mythes-ru
# - DICT
sudo apt-get install mueller7-dictIn addition, the installation of translations may be required for some applications:
# Firefox
sudo apt-get install firefox firefox-locale-ru
# Thunderbird
sudo apt-get install thunderbird thunderbird-locale-ru
# LibreOffice
sudo apt-get install libreoffice libreoffice-l10n-ru libreoffice-help-ruThis completes the preparation of the desktop environment, it remains to configure the RDP server.
Installing and configuring the RDP server
There is a free Xrdp server in the Ubuntu repositories, which we will use:
sudo apt-get install xrdpIf everything went well, the server should start automatically:
sudo systemctl status xrdp
The Xrdp server is started as the xrdp user and by default takes the /etc/ssl/private/ssl-cert-snakeoil.key certificate, which you can replace with your own. To read the file, you need to add the user to the ssl-cert group:
sudo adduser xrdp ssl-certThe default settings can be found in the / etc / default / xrdp file, while all other server configuration files are located in the / etc / xrdp directory. The main parameters are in the xrdp.ini file, which can be left unchanged. The config is well documented, and there are corresponding manpages in the kit:
man xrdp.ini
man xrdpIt remains only to edit the script /etc/xrdp/startwm.sh, which is executed when initializing the user session. First, let's make a backup copy of the script from the distribution kit:
sudo mv /etc/xrdp/startwm.sh /etc/xrdp/startwm.b
sudo nano /etc/xrdp/startwm.shTo start the XFCE desktop environment, you need a script similar to the following:
#!/bin/sh
if [ -r /etc/default/locale ]; then
. /etc/default/locale
export LANG LANGUAGE
fi
exec /usr/bin/startxfce4Please note: it is better to write the full path to executable files in scripts - this is a good habit. Let's make the script executable and the Xrdp server setup can be considered complete:
sudo chmod 755 /etc/xrdp/startwm.shWe restart the server:
sudo systemctl restart xrdpFirewall configuration
By default, Xrdp listens on TCP port 3389 on all interfaces. Depending on the configuration of the virtual server, you may need to configure the Netfilter firewall. On Linux this is usually done using the iptables utility, but on Ubuntu it is better to use ufw. If the client's IP address is known, the configuration is done with the following command:
sudo ufw allow from IP_Address to any port 3389You can allow connections from any IP as follows:
sudo ufw allow 3389RDP supports encryption, but it is a bad idea to expose the Xrdp server from public networks. If the client does not have a fixed IP, the server should only listen to localhost to increase security. It is best accessed through an SSH tunnel, which will securely route traffic from the client computer. We used a similar approach in the previous article for the VNC server.
Connecting to RDP Server
To work with the desktop environment, it is better to create a separate unprivileged user:
sudo adduser rdpuser
Let's add the user to the sudo group so that he can solve administration-related tasks. If there is no such need, you can skip this step:
sudo gpasswd -a rdpuser sudoYou can connect to the server using any RDP client, including the built-in Windows Remote Desktop Services client. If Xrdp is listening on an external interface, no additional gestures are needed. It is enough to specify the VPS IP address, username and password in the connection settings. After connecting, we will see something like this:
After the initial setup of the desktop environment, we will get a full-fledged desktop. As you can see, it does not consume so many resources, although further everything will depend on the applications used.
If the Xrdp server only listens to localhost, the traffic on the client computer will have to be packed into an SSH tunnel (sshd must be running on the VPS). On Windows, you can use a graphical SSH client (for example, PuTTY), and on UNIX systems, you need the ssh utility:
ssh -L 3389:127.0.0.1:3389 -C -N -l rdpuser RDP_server_ipAfter initializing the tunnel, the RDP client will no longer connect to the remote server, but to the local host.
With mobile devices, it is more difficult: SSH clients capable of raising the tunnel will have to be bought, in addition, in iOS and iPadOS, the background work of third-party applications is difficult due to too good energy optimization. On the iPhone and iPad, it will not work to raise the tunnel in a separate application - you need a combine application, which itself is able to establish an RDP connection via SSH. Such, for example, as Remoter Pro .
Session manager and user sessions
The multi-user capability is implemented directly in the Xrdp server and does not require additional configuration. After starting the service through systemd, one process runs in daemon mode, listens on port 3389 and communicates through localhost with the session manager.
ps aux |grep xrdp
sudo netstat -ap |grep xrdp
The session manager is usually not visible to users, because the login and password specified in the client's settings are transferred to it automatically. If this did not happen or an error occurred during authentication, an interactive login window will appear instead of the desktop.
The automatic start of the session manager is registered in the / etc / default / xrdp file, and the configuration is stored in /etc/xrdp/sesman.ini. By default, it looks like this:
[Globals]
ListenAddress=127.0.0.1
ListenPort=3350
EnableUserWindowManager=true
UserWindowManager=startwm.sh
DefaultWindowManager=startwm.sh
[Security]
AllowRootLogin=true
MaxLoginRetry=4
TerminalServerUsers=tsusers
TerminalServerAdmins=tsadmins
; When AlwaysGroupCheck=false access will be permitted
; if the group TerminalServerUsers is not defined.
AlwaysGroupCheck=false
[Sessions]You don't have to change anything here, you just need to disable root login (AllowRootLogin = false). For each user logged into the system, a separate xrdp process is launched: if you disconnect without ending the session, user processes will continue to work by default, and you can reconnect to the session. The settings can be changed in the /etc/xrdp/sesman.ini file ([Sessions] section).
Switching keyboard layouts
With a two-sided clipboard, problems usually do not arise, but with the Russian keyboard layout you will have to tinker a little (the Russian locale must already be installed ). Let's edit the keyboard settings of the Xrdp server:
sudo nano /etc/xrdp/xrdp_keyboard.iniThe following lines should be added to the end of the configuration file:
[rdp_keyboard_ru]
keyboard_type=4
keyboard_type=7
keyboard_subtype=1
model=pc105
options=grp:alt_shift_toggle
rdp_layouts=default_rdp_layouts
layouts_map=layouts_map_ru
[layouts_map_ru]
rdp_layout_us=us,ru
rdp_layout_ru=us,ruIt remains to save the file and restart Xrdp:
sudo systemctl restart xrdpAs you can see, it's not difficult to set up an RDP server on a Linux VPS, and in the previous article we have already discussed the VNC setup. In addition to these technologies, there is another interesting option: the X2Go system using a modified NX 3 protocol. We will deal with it in the next publication.
