How to make a remote desktop linux. Remote graphical access to ubuntu via VNC. Time to be real
When trying to access a remote desktop via VNC in Linux Mint 19, I had to face the fact that, compared to previous versions (17, 18), this option is not provided by default. With further steps to organize the ability to connect via VNC to a node running Linux Mint 19, the need to make a number of additional efforts began to resemble an episode from a movie:
– Should I finish you off right away or do you want to suffer?
“It’s better, of course, to suffer.”
(from the film "White Sun of the Desert")
It all started with the fact that in the settings (hereinafter referred to as the graphical environment XFCE) of the “Sessions and startup” section and the “Autostart” tab there is no mention of connecting to a remote desktop, although in the previous Linux Mint 18 the enable point was located between updating user folders and network.
The vino package is responsible for implementing the VNC server in Linux Mint, which is not installed by default in Linux Mint 19. This package must be installed and, in principle, can be easily found through Synaptic.
However, this will not be enough. As the study of the issue showed, the vino developers removed the graphical configuration utility from their product, so vino will need to be configured through the dconf-editor configurator.
Run a command in the terminal that will install the necessary components and launch dconf-editor
Sudo apt install -y vino dconf-editor && sudo dconf-editor
When running dconf-editor, a warning will be displayed that the changes you make are made at your own risk and to continue, you must click on the "I"ll be careful" button. To turn off this display on subsequent runs of dconf-editor, uncheck check the box "Show this dialog next time".
After launching the graphical system configurator, by sequentially moving “gnome – desktop”, go to the “remote-access” section
If you plan to connect via a VNC client from Windows, then, as they say, it is advisable to turn off encryption (move the slider in the appropriate line).
Despite the fact that this, as they say, is not a “buzz”, but on a local network that you trust, this action is acceptable.
Do the same with prompt-enabled, otherwise the other computer will have to “approve” the remote connection to it every time.
For any protection, set a password for the connection by turning off the default setting and entering the password you created, for example:
To secure this change, click on the green button.
Close the configurator and go to the autorun settings. Add vino software to the list of programs automatically launched at system startup
/usr/lib/vino/vino-server
The figure is for the XFCE shell. In Cinnamon and MATE, use their existing program startup settings.
Reboot your system.
On the computer from which you will connect, create an appropriate connection. In the figure below, the connection will be made from a Linux node, so it is added in the Remmina program.
Please note that you do not need to enter a username, only the password that was specified when setting up vino through the dconf-editor graphical configurator is entered.
The figure shows the node H-4.vot, which corresponds to the fully qualified domain name of the node. In this case, it is assumed that the DNS server of your local network is able to match the IP addresses issued by DHCP to the names of network hosts. MikroTik, for example, can do this via . If there is no DNS server or it does not know how to do this, then assign a static address to the host to which you will connect remotely (or configure the DHCP server to give it the same address) and connect via IP.
If everything is done correctly, you will have the pleasure of viewing the remote desktop of the Linux host you connected to, as well as managing this computer.
In this case, an icon will be displayed on the panel (usually at the bottom) (with the Mint-Y design theme - blue), indicating the fact of a remote connection to the desktop.
The speed of the remote computer's response to your commands depends on its hardware capabilities, the degree of system load, and the amount of data transferred via VNC. When considering the issue of the “responsiveness” of a remote system, many publications write about VNC being inferior to RDP, but I personally have not been able to come across anything better for remotely connecting to Linux with a GUI. In order to increase the response speed of the target system, you can try to “play around” with the target computer’s screen display quality settings in the connection parameters (see the Remmina connection settings window):
An alternative solution is x11vnc().
" and soon after that I was asked to tell how to do the same thing, but in reverse - from Windows to Linux. At first glance it may seem that the task is not easy, but in fact, it is very easy.
Readers may have a question - why is this even necessary? The answer is simple - in order to have a single point of administration. After all, how much time is usually spent running between computers in an attempt to solve a problem! You already know how to connect to computers running Windows from Linux, and after reading this article, you will be able to connect the other way around - from Windows to Linux, and this will greatly facilitate your task of administering a local network. So let's get started.
Assumptions
In my article, I assume that your local network already has correctly functioning computers running . To make things easier, I'll use the 192.168.1.x scheme. In this case, it is much more convenient to use static IP addresses, otherwise you will have to spend extra time finding out the address of the desired computer.
Software
You only need two applications:
On a computer running Linux for use as a VNC server;
on a Windows computer for use as a VNC client.
Installing TightVNC is very easy - just download the installer and double-click it to run. But the process of installing applications on Linux is not so obvious for many Windows users.
Of course, it all depends on what Linux distribution you have. But in general terms the sequence of actions is as follows:
1. Run the program install/remove tool - Synaptic, Ubuntu Software Center, gnome-packagekit, etc.
2. Type "x11vnc" (without quotes) in the search bar.
3. Check the packages to be installed.
4. Click the Apply button to begin installation.
Those who are used to working from the command line can install the application as follows:
1. Open a terminal.
2. Run a command like sudo apt-get install x11vnc - depending on what distribution you have.
After installation is complete, you can begin connecting.
On a computer running Linux
Everything is quite simple here - you just need to start the x11vnc server. In the help for this utility, which can be called with the command man x11vnc, a list of available options is provided. I would recommend using the option -forever- without it, the server will shut down immediately after the client session ends. So the command to be executed in the terminal should look like this:
X11vnc -forever
The next command prompt will not appear after this, even if you use the & character. Therefore, it is worth adding the line x11vnc -forever at the end of the file " /etc/rc.local"so that the server starts every time the system starts.
On a Windows computer
Now let's make the connection. Launch the TightVNC utility installed on Windows from the Start menu. The image shown in Fig. A window in which you need to specify the address for connection. From here you can call up the Options dialog box.
Figure A: Select the Connection Profile that best suits your connection type.
There are a number of options available in the settings window (Figure B), but if you don't need any special configuration, you can leave the default values.
Figure B. TightVNC can be connected in View mode - then the session will not be interactive. This is a good option for a test connection.
Once you have configured all the settings, click the Connect button to connect to the remote desktop (Figure C). The connection speed depends on the network bandwidth, but overall TightVNC is a very workable solution.
Remotely connecting to a Linux desktop from Windows using Xming and SSH
Unlike Windows, in Linux the graphical shell is not part of the system kernel. The standard window system for Linux is the X Window System, or, simply put, X's. It takes care of rendering graphic elements and interacting with input/output devices. And the best part is that this system has a transparent client-server architecture. The window system acts as a server, and graphical applications act as clients. As clients should, they connect to the server and interact with it to render and receive mouse and keyboard events.
But that is not all! The fact is that the window system can be located on another computer, and the graphical application can communicate with it via the network. This way you can run the application on a remote computer, forcing it to draw on the computer you are currently working on. Or vice versa. Or run the program on one remote computer and draw the interface on another remote computer.
1.SSH client. I installed PuTTY.
2.X Server for Windows. I chose Xming.
First, let's establish an SSH connection with a remote computer. To do this, launch PuTTY. Enter the IP address of the Linux computer
Now go to the Connection / SSH / X11 section and enable GUI redirection. As the location of the X server, enter the IP address of the Windows computer we are currently using (this will most likely be 127.0.0.1)
In addition, so that crocodile does not appear instead of Russian letters, it is advisable to set the correct encoding in the Window / Translation section (I have UTF8 - the standard encoding on Debian and Ubuntu). We return to the Session section, save the settings and connect to the Linux computer. If the connection is successful, we enter the username and password and see a text console. With its help, we can remotely launch console programs, but graphical programs cannot be drawn in the console. Therefore, we will leave our connection via SSH for a while.
Now let's configure Xming. To do this, launch the XLaunch program - this is a settings wizard. In the first step, we indicate the method of integration into the Windows graphical environment. I prefer the first one, where each Linux application is in its own window.
In the second step, we are asked to automatically launch some application along with X. I chose to do this later as needed through the PuTTY we already had running.
In the third step, we specify the Xming launch parameters. The Clipboard option allows you to integrate the clipboard. Also, for full operation, I entered the following parameters:
“-dpi 96? – to adjust the font size. The value can be adjusted to taste.
“-xkblayout us,ru” – for working with two keyboard layouts.
“-xkbvariant basic,winkeys” – clarification of layouts.
“-xkboptions grp:caps_toggle” – switching the layout using the CAPS LOCK key.
And finally, in the next step, save the settings with the “Save configuration” button and start the X server with the “Finish” button.
The Xming icon will appear in the system tray.
So, the X server is running. We return to our console provided by the SSH connection. Here we can remotely launch a console application, and in the same console we will see the output of this application. What will happen now if we try to run a graphical application in this console? Typically, if you connect via SSH and try to launch a windowed application, you will get an error because you connected to the remote computer in console mode and there is simply nothing to draw windows with. However, this time we enabled graphics redirection to our Windows computer, which already has its own X server running. Therefore, if you try to run a windowed application in a remote console terminal, its window will be drawn on the Windows computer. For example, try typing the following command:
$gedit&
The ampersand at the end of the command indicates that the program should be run in the background so that the console is available for other actions while it is running.
July 28
New versions of Ubuntu already have a built-in VNC server. We will use his standard tools. While I was understanding this issue, I had to read a decent number of forums. So, many users write that in version ubuntu 14.04 this trick does not work due to some internal subtleties of the kernel structure. I didn’t go into this question deeply... in any case, if suddenly you are the happy owner of this particular version, you can use the alternative x11vnc server.
It is installed quite simply:
Sudo apt-get remove vino sudo apt-get install x11vnc
In the same article, we will look at the standard VNC server already included in ubuntu by default. How to set everything up?
Let's connect to the remote host.
We connect via ssh to the remote computer to which we want to gain graphical access. At the same time, we must know its ip and login with the password of the user whose screen we want to see. In fact, the data of any user with sudo rights will suit us, but then we will have to adjust some points.
So, let's say on a local network we have a computer running Ubuntu with an IP address of 10.20.0.30 and a user feanor184. We connect to it from the console with the -X key (to launch graphic X):
Ssh -X [email protected]
enter the password and get into the console of our remote computer.
Now, enter in it:
Sudo vino-preferences
and see the graphic window
Check the boxes here:
allow other users to view your desktop — We allow you to view your desktop.
allow other users to control your desktop — We allow you to control the mouse and keyboard remotely.
require the user to enter this password — Be sure to set a password for the connection. You never know who is surfing our network.
show notification area icon: always — We always display the vnc icon at the top of the screen in the tray.
You can also set your own settings - my settings are described here)
Save the settings and disconnect from the remote host.
To connect to the configured computer, we use any client with vnc support.
For example, Remmina is for Linux.
UltraVNC Viewer - for Windows.
Let me remind you once again that in order for the described connection settings to work, the remote computer must be running Ubuntu OS. Installing ubuntu is a separate topic that I would not like to focus on here, so we will skip this step. There are many manuals on this topic on the Internet.
What do we end up with?
We were able to connect to a remote computer running ubuntu and perform any operations on it as if we were sitting at its monitor.
AND Vino. The general principle of operation: a secure SSH tunnel is created from a Windows computer to Ubuntu and a VNC connection (remote desktop) is created through it.
The article is divided into four parts:
- Installing and activating SecureShellServer: sudo apt-get install openssh-server service ssh status ssh start/running, process 2006
Checking that port 22 is open (default port used by SSH):
Netstat -tulpan | grep:22 tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
In Linux, to connect via SSH using local port forwarding, the following command is generally used:
Ssh -C
-p -L<локальный_порт>:<адрес_машины>:<удаленный_порт>-l<пользователь> This means that any connection originating from the local computer (localhost) through the port<локальный_порт>will be redirected via the SSH tunnel to<удаленный_порт>remote machine.
There is some confusion regarding which IP to specify in
And<адрес_машины>. If the computer is located behind a router (NAT) then<адрес_машины>must be the internal IP address of the computer (for example, 10.0.0.5), and in external IP address of the router. If the computer connects to the Internet directly, then the addresses And<адрес_машины>will be the same. To summarize about tunneling, consider an example:
Ssh -l myuserid -L 7777:work:22 gate ssh -p 7777 localhost
This command does the following: creates a secure SSH connection to the gate machine under the user myuserid. At the same time, listening begins on the local machine (from which the connection was made) on port 7777. If a connection is organized on this port (again from within the local machine itself), then this connection is tunneled into an ssh connection, reaches the gate machine and a connection is made from it on the work machine on port 22. After this, we check the operation of the tunnel - by connecting via ssh to local port 7777, we eventually connect to the work machine (taking into account that it has an ssh server configured on port 22).
Enhanced security when using an SSH tunnel is achieved due to the fact that only one port must be open to the outside (SSH) and the encrypted connection will only go through this port.
We check whether the folder is present on the server/home/<имя_пользователся>/.ssh
/home/<имя_пользователся>/.ssh/authorized_keys
in it, if not, then create it under the user<имя_пользователся>(usually this is the first user in the system or administrator)
Mkdir ~/.ssh cd ~/.ssh touch authorized_keys
Configuring ssh for greater security. The settings file is located at
/etc/ssh/sshd_config
Making a backup copy
Sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.original
In general, you should change:
- TCP listening port (default 22):
Port<Порт_на_котором_SSH_будет_ждать_подключения> - Disable the unreliable old SSH ver.1 protocol:
Protocol 2 - Allow public/private key pair authentication:
PubkeyAuthentication yes - Specify where to look for resolved public keys:
AuthorizedKeysFile %h/.ssh/authorized_keys - Disable the ability to authenticate using a password (can be done later, after a successful first connection):
PasswordAuthentication no
For greater security, you should configure SSH authentication using a public key.
Public keys allowed for ssh connections are stored in the file~/.ssh/authorized_keys
We generate a public/private key pair on the machine with which we will connect (will be described later) and copy the public key to this file.
Particular attention should be paid to formatting - the entire key should be placed on one line and begin with “ssh-rsa" and file access (-rw——- (600)).
Setting up correct access to the key file
Chmod go-w $HOME $HOME/.ssh chmod 600 $HOME/.ssh/authorized_key chown `whoami` $HOME/.ssh/authorized_keys
In the settings file /etc/ssh/sshd_config change
StrictModes no
To apply the settings made to the file /etc/ssh/sshd_config, you need to restart the sshd daemon.
Sudo /etc/init.d/ssh restart
- TCP listening port (default 22):
- Download putty.exe.
Before diving into Putty settings there are a few notes to make.- Putty saves settings in profiles.
- To save all settings to a profile, go to the Session menu, in the Saved Session column, enter the profile name and click Save. In order to load a specific profile into Putty, in the same menu you need to select the desired profile by name and click Load.
- To automatically load a specific profile when you start Putty, you need to create a shortcut to the exe file and add in the Working folder line after the path to the exe file
-load<имя_профиля>
To improve security the following will be used:
- local port forwarding
- public key system
If you use an SSH connection for access via VNC (remote desktop), you need to configure port forwarding, the so-called local port forwarding. It is used to improve security, since when using VNC, data is transmitted in clear text.
To forward ports in Putty, go to the menu Connection -> SSH -> Tunnels and add 5900 like "Source port", localhost:5900 in "Destination" and click Add.
You can use Puttygen to create a public/private key pair. Download Puttygen.exe. In the parameters, select SSH-2 RSA, set the number of bits to 2048 and click the Generate button.
For additional security, you can enter "passphrase" twice. If there is a need to immediately log into the console during an SSH connection, then the field can be left empty.
The public key is saved in a format that only Putty can understand. Therefore, to install it on Linux you need to do the following:
- While puttygen is still open, copy the public key in the "Public key for pasting..." section and paste it into the file authorized_keys on server.
- Point Putty to the private key file in the Connection -> SSH -> Auth menu in the "Private key file for authentication" section generated *.ppk file.
- By default, Ubuntu already includes the Vino VNC server. To configure it, you need to go to Menu -> System -> Preferences -> Remote Desktop and enable remote access. In the settings you can enable password authentication, but you cannot configure the listening port (5900 is used).
To enable more detailed configuration, it is recommended to install X11VNC. - Download TightVNC and install. For the purposes of this article, it is sufficient to select only the client role.
Launch TightVNC on a Windows machine and enter
