Remote Desktop Server

Install Graphical User Interface

Either XFCE or GNOME

Install XFCE (Light Weight) UI

sudo apt update
sudo apt install xfce4 xfce4-goodies xorg dbus-x11 x11-xserver-utils

  • xfce : light weight desktop environment

  • X11 (X Window System) : It provides the basic framework for a GUI environment

  • xorg : display server for the X Window System

  • While installation prompt choose "lightdm" as display manager, "gdm3" is mostly used in GNOME (.)

Install GNOME UI (Modern UI)

  • Little heavier than XFCE. (Normally servers shouldn't have UI for performance)
  • Other alternatives of UI Ubuntu Help
//style 1 (GUI with no softwares installed)
sudo apt-get install --no-install-recommends ubuntu-desktop
//style 2 (light) //no file explorer too (ignore)
sudo apt install gnome-session gnome-terminal gdm3
//style 3 (minimal desktop)
sudo apt install tasksel
sudo tasksel install ubuntu-desktop-minimal

Setting

In file '/etc/X11/Xwrapper.config', change allowed_users to below value

allowed_users=anybody

Note: If no Xwrapper.config file create it or add xserver-xorg-legacy package

XRDP

Source Ref

Steps

  • Mostly exists in 20.04 (double check)
sudo apt install xserver-xorg-core
  • if ubuntu 18.04 ref
sudo apt-get install --install-recommends linux-generic-hwe-18.04 xserver-xorg-hwe-18.04
  • Allow port
sudo ufw allow 3389/tcp
  • Install xrdp
sudo apt-get install xrdp -y
  • Check status
sudo systemctl status xrdp
  • fix SSL
sudo adduser xrdp ssl-cert
  • Policies
sudo bash -c "cat >/etc/polkit-1/localauthority/50-local.d/45-allow.colord.pkla" <<EOF
[Allow Colord all Users]
Identity=unix-user:*
Action=org.freedesktop.color-manager.create-device;org.freedesktop.color-manager.create-profile;org.freedesktop.color-manager.delete-device;org.freedesktop.color-manager.delete-profile;org.freedesktop.color-manager.modify-device;org.freedesktop.color-manager.modify-profile
ResultAny=no
ResultInactive=no
ResultActive=yes
EOF
  • Policies 2 (if ubuntu 20.04)
sudo bash -c "cat >/etc/polkit-1/localauthority/50-local.d/46-allow-update-repo.pkla" <<EOF
[Allow Package Management all Users]
Identity=unix-user:*
Action=org.freedesktop.packagekit.system-sources-refresh
ResultAny=yes
ResultInactive=yes
ResultActive=yes
EOF

Note : Check executable permission exists for new polkit files created

  • Fixing env variables in XRDP //add if xrdp doesn't works
sudo sed -i '1 a session required pam_env.so readenv=1 user_readenv=0' /etc/pam.d/xrdp-sesman

  • /etc/xrdp/startwm.sh is the start up script for xrdp, it looks inside for /etc/X11/Xsession global or any user local session

  • Create user session info '.xsession' file (For XFCE UI)

echo "xfce4-session" > ~/.xsession
  • Create user session info '.xsessionrc' file (For XFCE UI)
D=/usr/share/xfce4:/usr/share/xfce4:/usr/local/share
D=${D}:/usr/share:/var/lib/snapd/desktop:/usr/share
cat <<EOF > ~/.xsessionrc
export XDG_SESSION_DESKTOP=xfce4
export XDG_DATA_DIRS=${D}
export XDG_CONFIG_DIRS=/etc/xdg/xfce4:/etc/xdg:/etc/xdg
EOF
  • (For GNOME UI)
echo "gnome-session --session=ubuntu" > .xsession

You can use a different session types for the gnome session: ubuntu,gnome-classic,gnome-fallback,ubuntu-2d

  • Create user session info '.xsessionrc' file (For GNOME UI)
D=/usr/share/ubuntu:/usr/local/share:/usr/share:/var/lib/snapd/desktop
cat <<EOF > ~/.xsessionrc
export GNOME_SHELL_SESSION_MODE=ubuntu
export XDG_CURRENT_DESKTOP=ubuntu:GNOME
export XDG_SESSION_DESKTOP=ubuntu:GNOME
export XDG_DATA_DIRS=${D}
export XDG_CONFIG_DIRS=/etc/xdg/xdg-ubuntu:/etc/xdg
EOF

Note : check permissions on the files created in home directory

  • Restart xrdp
sudo systemctl restart xrdp

  • Can adjust configuration in '/etc/xrdp/xrdp.ini'

  • (For GNOME UI) If side doc not visible in rdp

apt-get install gnome-tweak-tool -y
//Go to (Tweak tool -> Extensions -> Dock -> On)

Note : check logs in user home directory (file starts with .), global logs ar /var/log/xrdp*

  • If The new_cursors draws black background around cursor.
//file /etc/xrdp/xrdp.ini
new_cursors=true -> new_cursors=false
crypt_level=high -> crypt_level=low
sudo systemctl restart xrdp

VNC RD

  • Installing VNC Server (tiger vnc)
sudo apt install tigervnc-standalone-server tigervnc-common
  • create the initial configuration
vncserver
  • Output of above command
You will require a password to access your desktops.
Password: //which will be asked in vnc viewer
Verify:
Would you like to enter a view-only password (y/n)? n

Note :

  • Some files created /home/{user}/.Xauthority, /home/{user}/.vnc must have permissions for {user}

  • In vncserver, :X is a display port that refers to 5900+X like 5901, 5902..etc

  • stop the VNC instance before configuring

vncserver -kill :1
  • Configuring VNC Server , add following content in '~/.vnc/xstartup' file //for XFCE4
#!/bin/sh
unset SESSION_MANAGER
unset DBUS_SESSION_BUS_ADDRESS
exec startxfce4
  • Configuring VNC Server , add following content in '~/.vnc/xstartup' file //for GNOME (not tested)
#!/bin/sh
[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
vncconfig -iconic &
dbus-launch --exit-with-session gnome-session &
  • Give user permission to current created file or entire .vnc folder
//current xstartup file
chmod u+x ~/.vnc/xstartup
//OR entire .vnc folder with hidden dot files
sudo chown -R someUser .
sudo chgrp -R someUser .
sudo chmod -R 775 .
  • allow port 5901
sudo ufw allow 5901
  • For custom config options for a user, create file '~/.vnc/config' & add necessary options
geometry=1920x1080
dpi=96
  • Global config is in '/etc/vnc.conf' file
  • In global config add following setting
$localhost="no";
  • Create generic service file '/etc/systemd/system/vncserver@.service' & add following content (replace {} content)
[Unit]
Description=Remote desktop service (VNC)
After=syslog.target network.target
[Service]
Type=simple
User={user}
PAMName=login
PIDFile=/home/%u/.vnc/%H%i.pid
ExecStartPre=/bin/sh -c '/usr/bin/vncserver -kill :%i > /dev/null 2>&1 || :'
ExecStart=/usr/bin/vncserver :%i -interface {ipAddress} -geometry 1440x900 -alwaysshared -fg
ExecStop=/usr/bin/vncserver -kill :%i
[Install]
WantedBy=multi-user.target

Note : above is a generic service file for a user at port passed as param. ANy changes in service file - reload below daemon & service start, verify steps

  • Reload daemon after new service creation
sudo systemctl daemon-reload
  • Enable above service with port param @1, so final port will be 5900 +1 = 5901
sudo systemctl enable vncserver@1.service
  • Start service
sudo systemctl start vncserver@1.service
  • Verify service
sudo systemctl status vncserver@1.service

Output : Check service status must be active & running

ncserver@1.service - Remote desktop service (VNC)
Loaded: loaded (/etc/systemd/system/vncserver@.service; indirect; vendor preset: enabled)
Active: active (running) since Thu 2018-08-16 19:05:54 UTC; 4s ago
Process: 9893 ExecStartPre=/bin/sh -c /usr/bin/vncserver -kill :1 > /dev/null 2>&1 || : (code=exited, status=0/SUCCESS)

Note: If service failed, check log at /var/log/systemd

  • By default VNC is not an encrypted protocol, check source link to use putty for ssh tunnel port forwarding

Download VNC Cient

Github Release -> Binaries Note: Use vnc viewer in TigerVNC binaries. Can also try Real VNC instead tigerVnc client

  • If port forwarding running, use 'localhost:5901' else 'ipAddress:5901' in vnc viewer

Ubuntu Client to Ubuntu Server

MINI PC (Headless) ISSUES

  • Always have SSH enabled to PC, so worst case command line access is available to change settings..etc

VINO VNC Works only after login

Vino VNC Ubuntu //also x11 VNC details

  • Ubuntu desktop sharing uses VINO VNC SERVER, by default it starts after login.

  • Setup VNC: UI Settings -> Sharing (on) -> screen sharing (on) -> set up strong password access

  • Issue : if we reboot the machine remotely, RD is lost. Again remote machine with monitor must be logged in.

  • Temporary fix : Make auto login on reboot edit the FILE '/etc/gdm3/custom.conf'

    AutomaticLoginEnable=true //EARLIER FALSE
    AutomaticLogin=yourusername //EARLIER COMMENTED

    It's temporary solution : remote access have secure password, but some one physically at machine can access data without authentication (although it locks screen after some time, insecure initially as some can hard reboot & access)

  • Permanent solution : (Look for) Run VINO VNC as service instead from UI settings or check x11VNC in above docs link alternatives

  • More about vino vnc

  • (optional) run if not accessed from windows

gsettings set org.gnome.Vino require-encryption false

Low screen resolution

  • Issue : Since headless (no connected monitors), default screen resolution is very low

Fake Monitor Ref

  • Install dummy driver
sudo apt-get install xserver-xorg-video-dummy
  • Create a new file /usr/share/X11/xorg.conf.d/dummy-monitor.conf (instead xorg.conf in /etc/X11/xorg.conf), add the following code
Section "Device"
Identifier "Configured Video Device"
Driver "dummy"
EndSection
Section "Monitor"
Identifier "Configured Monitor"
HorizSync 31.5-48.5
VertRefresh 50-70
EndSection
Section "Screen"
Identifier "Default Screen"
Monitor "Configured Monitor"
Device "Configured Video Device"
DefaultDepth 24
SubSection "Display"
Depth 24
Modes "1366x768"
EndSubSection
EndSection

Note : config docs

  • In /etc/default/grub, check nomodeset exists
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash nomodeset"

ISSUE : when u want to work with real monitor attached - just rename/ remove new file usr/share/X11/xorg.conf.d/dummy-monitor.conf else real monitor display wont work. Note: If real monitor exists then no need of above conf as low resolution problem doesn't exists

Wifi disconnects on PC frequently

  • RD unable to connect as device doesn't ping even if network exists

  • ISSUE : Power management config ref

    Try disabling wifi power management by opening /etc/NetworkManager/conf.d/default-wifi-powersave-on.conf and changing

    wifi.powersave = 2

    WIRELESS_POWERSAVE_DEFAULT (0), IGNORE (1), DISABLE (2), ENABLE (3)