Recently I needed to configure a solution for remote desktop on a Linux server. I decided to give XRDP a shot which uses TigerVNC Server by forwarding the standard RDP port of 3389 to a port VNC is listening on. The end result is to set up a SSH tunnel that forwards local port 3389 over SSH to XDRP which is listening only on the remote localhost on port 3389 as well. Use the information below to set this up on CentOS Linux though the instructions will be similar for other Linux distros as well.
First install XRDP via the EPEL repository. If you do not have the EPEL repo installed then you can attempt to use the command below to do so or check this link for an updated version of the EPEL repo RPM file for CentOS Linux.
Install EPEL Repo On CentOS Linux:
- [root@dev ~]# rpm -Uhv http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-5.noarch.rpm
- Retrieving http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-5.noarch.rpm
- warning: /var/tmp/rpm-tmp.BIUgyM: Header V3 RSA/SHA256 Signature, key ID 0608b895: NOKEY
- Preparing... ########################################### [100%]
- 1:epel-release ########################################### [100%]
- [root@dev ~]#
Now that the EPEL repo is installed use yum to install XDRP which will also install TigerVNC Server if it is not already installed.
Install XRDP On CentOS Linux Using Yum:
- [root@dev ~]# yum install xrdp
- Loaded plugins: fastestmirror, refresh-packagekit
- Loading mirror speeds from cached hostfile
- * base: mirror.steadfast.net
- * epel: mirror.steadfast.net
- * extras: centos.mirrors.tds.net
- * updates: mirror.steadfast.net
- Setting up Install Process
- Resolving Dependencies
- --> Running transaction check
- ---> Package xrdp.x86_64 0:0.5.0-0.13.el6 set to be updated
- --> Processing Dependency: vnc-server for package: xrdp-0.5.0-0.13.el6.x86_64
- --> Running transaction check
- ---> Package tigervnc-server.x86_64 0:1.0.90-0.10.20100115svn3945.el6 set to be updated
- --> Finished Dependency Resolution
- Dependencies Resolved
- =====================================================================================================================================================
- Package Arch Version Repository Size
- =====================================================================================================================================================
- Installing:
- xrdp x86_64 0.5.0-0.13.el6 epel 240 k
- Installing for dependencies:
- tigervnc-server x86_64 1.0.90-0.10.20100115svn3945.el6 base 1.0 M
- Transaction Summary
- =====================================================================================================================================================
- Install 2 Package(s)
- Upgrade 0 Package(s)
- Total download size: 1.3 M
- Installed size: 4.2 M
- Is this ok [y/N]: y
- Downloading Packages:
- (1/2): tigervnc-server-1.0.90-0.10.20100115svn3945.el6.x86_64.rpm | 1.0 MB 00:01
- (2/2): xrdp-0.5.0-0.13.el6.x86_64.rpm | 240 kB 00:00
- -----------------------------------------------------------------------------------------------------------------------------------------------------
- Total 648 kB/s | 1.3 MB 00:02
- warning: rpmts_HdrFromFdno: Header V3 RSA/SHA256 Signature, key ID c105b9de: NOKEY
- base/gpgkey | 3.3 kB 00:00 ...
- Importing GPG key 0xC105B9DE "CentOS-6 Key (CentOS 6 Official Signing Key) " from /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
- Is this ok [y/N]: y
- warning: rpmts_HdrFromFdno: Header V3 RSA/SHA256 Signature, key ID 0608b895: NOKEY
- epel/gpgkey | 3.2 kB 00:00 ...
- Importing GPG key 0x0608B895 "EPEL (6) " from /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
- Is this ok [y/N]: y
- Running rpm_check_debug
- Running Transaction Test
- Transaction Test Succeeded
- Running Transaction
- Warning: RPMDB altered outside of yum.
- Installing : tigervnc-server-1.0.90-0.10.20100115svn3945.el6.x86_64 1/2
- Installing : xrdp-0.5.0-0.13.el6.x86_64 2/2
- Installed:
- xrdp.x86_64 0:0.5.0-0.13.el6
- Dependency Installed:
- tigervnc-server.x86_64 0:1.0.90-0.10.20100115svn3945.el6
- Complete!
- [root@dev ~]#
Once both are installed you will need to modify a couple configuration files and set a VNC password for one of the local users on the CentOS Linux server. First lets modify the XRDP configuration file which is located at /etc/xrdp/xrdp.ini.
Example xrdp.ini Configuration File For XRDP:
- [root@dev ~]# less xrdp.ini
- [globals]
- bitmap_cache=yes
- bitmap_compression=yes
- address=127.0.0.1
- port=3389
- crypt_level=high
- channel_code=1
- [xrdp1]
- name=sesman-Xvnc
- lib=libvnc.so
- username=ask
- password=ask
- ip=127.0.0.1
- port=5901
Notice the addition of “address=127.0.0.1” which tells XRDP port 3389 only to listen on localhost. After modifying your xrdp.ini file accordingly lets modify the TigerVNC configuration file located at /etc/sysconfig/vncservers. Notice that mine is very simple and only contains two lines. You will likely want a different resolution so you can put any standard resolution for a desktop in to replace 1152×640.
Example TigerVNC Configuration File On CentOS Linux:
- VNCSERVERS="1:alex"
- VNCSERVERARGS[1]="-geometry 1152x640 -localhost"
Now that the configuration for XRDP and TigerVNC have been completed add both of these items to start automatically using chkconfig as shown below. After setting both to start at boot you can go ahead and start both services.
Set XRDP And TigerVNC To Start At Boot On CentOS Linux:
- [root@dev ~]# chkconfig xrdp on
- [root@dev ~]# chkconfig vncserver on
- [root@dev ~]# /etc/init.d/vncserver start
- Starting VNC server: 1:alex
- New 'dev:1 (alex)' desktop is dev:1
- Starting applications specified in /home/alex/.vnc/xstartup
- Log file is /home/alex/.vnc/dev:1.log
- [ OK ]
- [root@dev ~]#
Once you have configured both items, set them to start at boot, and then started both services you can add a VNC password for your user on Linux. In this example my username is alex so I make sure I am logged into Linux as the user alex and run the below command.
Set VNC Password On Linux:
- [alex@dev ~]$ vncpasswd
- Password:
- Verify:
- [alex@dev ~]$
Now we are good to go on the server side. To make a connection you need to set up a SSH tunnel using something like SSHTunnel on OSX or Tunnelier on Windows. The tunnel will forward localhost port 3389 (or any local port technically) to the servers localhost port 3389. Once you make that connection successfully the remote desktop connection will look similar to the below. Login with the local user and the VNC password you set in the last step above.
XRDP Example Images Connecting From OSX To CentOS Linux:
If you need the features mentioned in the popup window type in the root password and click the Authenticate button.
I’ve worked with XRDP extensively, and that said, a few of your steps are unnecessary.
1st. The RDP protocol, and XRDP as well, support built in encryption. Hence the line “crypt_level=high” in the file xrdp.ini. This makes using an SSH tunnel kind of redundant in all but the most extreme cases.
2nd. While there’s nothing wrong with using TigerVNC, or even TightVNC, I’ve found that the best method is to setup RealVNC, chained against xinetd & gdm to create an LTSP-like terminal server as the base for which XRDP is configured to talk to. The method I devised on my own network basically had XRDP running from a single installation that was configured as a menu-based gateway, so that when you connect to the server, it would give a list of all of the servers behind my firewall. Each server then has security according to it’s OS. All of my systems (windows server & Linux server included) use Active Directory authentication, so it was trivial to setup a VNC password on top of the windows Servers where a session could actually be connected back into without logging out and back in, while with my Linux servers that step was unnecessary because any drop in the connection resets the socket and ends the session, forcing all new connections to authenticate via GDM to Active Directory.
Now, I haven’t posted this to criticize. Not at all. I’m simply hoping my own research will benefit others. My web server is down at the moment, where I normally would have this procedure documented. That server will be returning soon, but a lot of what I’ve done is based on the following article: oapeon.blogspot.com/2010/05/ubuntu-1004-vnc-based-login-server.html .
While Ubuntu was used in the example in the article, as well as my lab environment, I’ve repeated this design at my work, where we have a mixture of Ubuntu, Red Hat, SuSE, and several others. It can be a bit tricky until you know the differences in configuration from one platform to the next, but overall it’s pretty similar, and once it’s together, it’s solid … over all. On the XRDP-gateway at work, I’ve set up a cron job to restart all 3 services that make up the gateway, daily at 1:00am. This ensures that the server has no dead sockets when you go to connect.
Anyway, I hope this was (or is) helpful. :)
Hello Stygian,
Thanks for taking the time to leave such detailed feedback. Definitely some useful information above.
Thanks.
alex
I did follow up the steps but my VPS showed that there are no such repositories :( what to do now ?
I searched more on Google and found this. I have two VPS. One is a fresh VPS and on other I have websites.
I did what is written here: URL –> l337fx.com/installing-remote-desktop-rdp-centos-vps.html and it was successful. But I wanna know if I can do it on the VPS which I have websites.
Hello Smith,
Thanks for taking the time to post feedback.
Thanks.
alex