Installing xRDP and XFCE

Installing xRDP and XFCE is pretty easy, once you know what to do …
Just make sure you have an Internet connection before you start.
Step 1 – Install xRDP
We will use sudo and apt-get to update your system and install xRDP. Keep in mind that sudo will
ask for your admin password.

1 sudo apt-get update

2 sudo apt-get install xrdp

Step 2 – Install XFCE4

Again we will use sudo and apt-get:

1 sudo apt-get install xfce4

Optional, recommended by Neal, install XFCE4 terminal and 2 icons sets:

 1 # Install XFCE4 terminal (way better than xterm)
2 sudo apt-get install xfce4-terminal
3
4 # Install icon sets
5 sudo apt-get install gnome-icon-theme-full tango-icon-theme

Step 3 – Configure xRDP

In this step we modify 2 files to make sure xRDP uses xfce4.
First we need to create or edit our .xsession file in our home directory.
We can either use nano or simply redirect an echo statement (easier):

1 echo xfce4-session >~/.xsession

The second file we need to edit is the startup file for xRDP, so it will start xfce4.

1 nano /etc/xrdp/startwm.sh
The content should look like this (pay attention to the last line):

1 #!/bin/sh
2
3 if [ -r /etc/default/locale ]; then
4 . /etc/default/locale
5 export LANG LANGUAGE
6 fi
7
8 startxfce4

Step 4 – Restart xRDP

To make all these changes effective, restart xRDP as such:

1 sudo service xrdp restart

Testing your xRDP connection

On the computer that will remotely control your Ubuntu machine, start you RDP client.
Windows comes standard with a Remote Desktop client (mstsc.exe – you can start it from a
command prompt, or find the shortcut to Remote Desktop under Accessories).
For a Mac, Microsoft actually has a Remote Desktop Client which can be found in the Apple App
Store, or you can use Cord (free).
Whichever client you use, most work with either the computer network name or IP address of your
Ubuntu machine.
To find the IP address on your Ubuntu box, type:

1 hostname -I

(note: this is a capital “i”)

Depending on your RDP client capabilities and settings (for example: Microsoft RDP Client allows
automatic login), you might or might not see the login screen.
Here we enter our Ubuntu username and password and click “OK”, after which briefly a window
will show with the login process and you’ll have access to your Ubuntu machine, even though the
desktop looks different. One downside I’ve discovered so far is that the clipboard is NOT being
synchronized … so Copy and Paste between machines does not work properly.

Install and configure a remote desktop server

Now that you have a desktop environment installed, configure a remote desktop service
to listen for incoming connections. xrdp is an open source Remote Desktop Protocol
(RDP) server that is available on most Linux distributions, and works well with xfce. Install
xrdp on your Ubuntu VM as follows:
bashCopy

sudo apt-get install xrdp

Tell xrdp what desktop environment to use when you start your session. Configure xrdp
to use xfce as your desktop environment as follows:
bashCopy

echo xfce4-session >~/.xsession

Restart the xrdp service for the changes to take effect as follows:
bashCopy

sudo service xrdp restart

Set a local user account password

If you created a password for your user account when you created your VM, skip this
step. If you only use SSH key authentication and do not have a local account password
set, specify a password before you use xrdp to log in to your VM. xrdp cannot accept
SSH keys for authentication. The following example specifies a password for the user
account azureuser:
bashCopy

sudo passwd azureuser

Note
Specifying a password does not update your SSHD configuration to permit password
logins if it currently does not. From a security perspective, you may wish to connect to
your VM with an SSH tunnel using key-based authentication and then connect to xrdp. If
so, skip the following step on creating a network security group rule to allow remote
desktop traffic.
Create a Network Security Group rule for Remote Desktop
traffic
To allow Remote Desktop traffic to reach your Linux VM, a network security group rule
needs to be created that allows TCP on port 3389 to reach your VM. For more
information about network security group rules, see What is a Network Security
Group? You can also use the Azure portal to create a network security group rule.

The following example creates a network security group rule with az vm open-port on
port 3389.
Azure CLICopy

az vm open-port --resource-group myResourceGroup --name myVM --port 3389

Connect your Linux VM with a Remote Desktop client

Open your local remote desktop client and connect to the IP address or DNS name of
your Linux VM. Enter the username and password for the user account on your VM as
follows:

After authenticating, the xfce desktop environment will load and look similar to t

X11vnc -storepasswd

Vi /etc/rc.local

Vi /etc/xrdp/startwm.sh

Put line

Startxfce4

Su

Service xrdp restart

Go to xvnc

Resolution 800 600

 If you have connectivity to RHN or a Satellite Server :

o # yum install tigervnc-server
 If you do not have connectivity to RHN or a Satellite Server :
 Create a local 'yum' repository
 More information : How to Create a Local 'yum' Repository in RedHat Enterprise Linux
(RHEL) 5 and 6

2. Configure VNC password for the user(s)

 Switch user to the user you want to use for VNC :
o # su - vncuser1

NOTE: Replace 'vncuser1' with the correct username

 Set the VNC password for the user :

 $ vncpasswd
 $ exit
 Repeat for each VNC user as necessary

3. Configure resolution for the user(s)

 Edit '/etc/sysconfig/vncservers' with your favorite editor
 Append the following lines :
o VNCSERVERS="1:vncuser1 2:vncuser2"
o VNCSERVERARGS[1]="-geometry 1024x768"
o VNCSERVERARGS[2]="-geometry 1024x768"

NOTE: Replace 'vncuser1' and 'vncuser2' with the correct usernames. You can add more users as
needed. In addition, you can change the resolution value as needed.
 4. Start the VNC server
 Start the service :
o # service vncserver start
 Ensure service is started on reboots :
 # chkconfig vncserver on

5. Configure the firewall

 # iptables -I INPUT -m state --state NEW -p tcp --destination-port 5901 -j ACCEPT
 # iptables -I INPUT -m state --state NEW -p tcp --destination-port 5902 -j ACCEPT

NOTE : Each user requires an additional firewall port opened starting at 5901. Because we added
two users above, we need to open two ports.

 # service iptables save

By default, an Ubuntu 16.04 Droplet does not come with a graphical desktop
environment or a VNC server installed, so we'll begin by installing those. Specifically,
we will install packages for the latest Xfce desktop environment and the TightVNC
package available in the official Ubuntu repository.

On your server, install the Xfce and TightVNC packages.

 sudo apt-get update


 sudo apt install xfce4 xfce4-goodies tightvncserver


To complete the VNC server's initial configuration after installation, use

the vncserver command to set up a secure password.

 vncserver


You'll be prompted to enter and verify a password, and also a view-only password.
Users who log in with the view-only password will not be able to control the VNC
 instance with their mouse or keyboard. This is a helpful option if you want to
demonstrate something to other people using your VNC server, but isn't necessary.

Running vncserver completes the installation of VNC by creating default configuration

files and connection information for our server to use. With these packages installed,
you are now ready to configure your VNC server.

Step 2 — Configuring the VNC Server

First, we need to tell our VNC server what commands to perform when it starts up.
These commands are located in a configuration file called xstartup in the .vnc folder
under your home directory. The startup script was created when you ran
the vncserver in the previous step, but we need modify some of the commands for the
Xfce desktop.

When VNC is first set up, it launches a default server instance on port 5901. This port is
called a display port, and is referred to by VNC as :1. VNC can launch multiple
instances on other display ports, like :2, :3, etc. When working with VNC servers,
remember that :X is a display port that refers to 5900+X.

Because we are going to be changing how the VNC server is configured, we'll need to
first stop the VNC server instance that is running on port 5901.

 vncserver -kill :1


The output should look like this, with a different PID:

Output
Killing Xtightvnc process ID 17648
Before we begin configuring the new xstartup file, let's back up the original.

 mv ~/.vnc/xstartup ~/.vnc/xstartup.bak


Now create a new xstartup file with nano or your favorite text editor.

 nano ~/.vnc/xstartup


Paste these commands into the file so that they are performed automatically whenever
you start or restart the VNC server, then save and close the file.
 ~/.vnc/xstartup
#!/bin/bash
xrdb $HOME/.Xresources
startxfce4 &
The first command in the file, xrdb $HOME/.Xresources, tells VNC's GUI framework
to read the server user's .Xresources file. .Xresources is where a user can make
changes to certain settings of the graphical desktop, like terminal colors, cursor themes,
and font rendering. The second command simply tells the server to launch Xfce, which
is where you will find all of the graphical software that you need to comfortably manage
your server.

To ensure that the VNC server will be able to use this new startup file properly, we'll
need to grant executable privileges to it.

 sudo chmod +x ~/.vnc/xstartup



Now, restart the VNC server.

 vncserver


The server should be started with an output similar to this:

Output
New 'X' desktop is your_server_name.com:1

Starting applications specified in /home/sammy/.vnc/xstartup

Log file is /home/sammy/.vnc/liniverse.com:1.log

Step 3 — Testing the VNC Desktop

In this step, we'll test the connectivity of your VNC server.

First, we need to create an SSH connection on your local computer that securely
forwards to the localhost connection for VNC. You can do this via the terminal on
Linux or OS X with following command. Remember to
replace user and server_ip_address with the sudo non-root username and IP
address of your server.

 ssh -L 5901:127.0.0.1:5901 -N -f -l username server_ip_address


 If you are using a graphical SSH client, like PuTTY, use server_ip_address as the
connection IP, and set localhost:5901 as a new forwarded port in the program's SSH
tunnel settings.

Next, you may now use a VNC client to attempt a connection to the VNC server
at localhost:5901. You'll be prompted to authenticate. The correct password to use
is the one you set in Step 1.

Once you are connected, you should see the default Xfce desktop. It should look
something like this:

You can access files in your home directory with the file manager or from the command
line, as seen here:

Step 4 — Creating a VNC Service File

Next, we'll set up the VNC server as a systemd service. This will make it possible to
start, stop, and restart it as needed, like any other systemd service.

First, create a new unit file

called /etc/systemd/system/vncserver@.service using your favorite text editor:

 sudo nano /etc/systemd/system/vncserver@.service



Copy and paste the following into it. Be sure to change the value of User and the
username in the value of PIDFILE to match your username.

/etc/systemd/system/vncserver@.service
[Unit]
Description=Start TightVNC server at startup
After=syslog.target network.target

[Service]
Type=forking
User=sammy
 PAMName=login
PIDFile=/home/sammy/.vnc/%H:%i.pid
ExecStartPre=-/usr/bin/vncserver -kill :%i > /dev/null 2>&1
ExecStart=/usr/bin/vncserver -depth 24 -geometry 1280x800 :%i
ExecStop=/usr/bin/vncserver -kill :%i

[Install]
WantedBy=multi-user.target
Save and close the file.

Next, make the system aware of the new unit file.

 sudo systemctl daemon-reload



Enable the unit file.

 sudo systemctl enable vncserver@1.service



The 1 following the @ sign signifies which display number the service should appear
over, in this case the default :1 as was discussed above.
Stop the current instance of the VNC server if it's still running.

 vncserver -kill :1


Then start it as you would start any other systemd service.

 sudo systemctl start vncserver@1



You can verify that it started with this command:

 sudo systemctl status vncserver@1



If it started correctly, the output should look like this:

Output
vncserver@1.service - TightVNC server on Ubuntu 16.04
 Loaded: loaded (/etc/systemd/system/vncserver@.service; enabled; vendor
preset: enabled)
Active: active (running) since Mon 2016-04-25 03:21:34 EDT; 6s ago
Process: 2924 ExecStop=/usr/bin/vncserver -kill :%i (code=exited,
status=0/SUCCESS)

...

systemd[1]: Starting TightVNC server on Ubuntu 16.04...

systemd[2938]: pam_unix(login:session): session opened for user finid by
(uid=0)
systemd[2949]: pam_unix(login:session): session opened for user finid by
(uid=0)
systemd[1]: Started TightVNC server on Ubuntu 16.04.