65.9K
CodeProject is changing. Read more.
Home

Remote desktop connection to Ubuntu VM in the Azure cloud using an SSH tunnel

Johan Ohlin
starIconstarIconstarIconstarIcon
emptyStarIcon
starIcon

4.71/5 (8 votes)

Nov 15, 2013

CPOL

5 min read

viewsIcon

39732

This post describes how to setup a graphical user interface and connect to it through an encrypted tunnel.

This is the second post in the series on how to install and configure an Ubuntu VM running in the Azure Cloud. The first post described how to setup an Ubuntu VM in Azure and connect through SSH.

This post describes how to setup a graphical user interface and connect to it through an encrypted tunnel.

Installing a desktop in Ubuntu

  1. Connect to your VM using Putty and, in the command prompt, run sudo apt-get update to make sure your package lists are all up to date.
  2. Now run sudo apt-get install ubuntu-desktop. This will install the default desktop environment for ubuntu. It’s a large chunk of files being installed taking quite some of the VM’s resources. If you’re not happy with that there are many other ones you can use. You’ll be asked to confirm with a Y that you want to continue the installation.

Setup VNC server

  1. The desktop is now ready to be used but we still have no place to display it since no monitor is connected to the VM. Run sudo apt-get install vnc4server to install a VNC server for displaying the desktop over the network. Once again you’ll be prompted to enter Y to approve the installation.
  2. Type the command vncserver as the user you want to run it as. You’ll then be prompted twice for the password you want to use to access the VNC display.
  3. Starting the vncserver, as we just did, creates all the necessary settings we need. But we need to tweak them a little for the vncserver to run a proper Ubuntu desktop. Therefore we kill the newly created vnc desktop by typing vncserver -kill :1
  4. Open the user specific vnc settings file by typing: 
    cd ~
vim .vnc/xstartup
  5. Assuming you’re running Ubuntu 12.04 or newer, change the file to look like this (the rows being changed/added are marked). When you’ve opened the file you have to press i to enter Insert mode. 
    #!/bin/sh

# Uncomment the following two lines for normal desktop:
unset SESSION_MANAGER
# exec /etc/X11/xinit/xinitrc
/usr/bin/gnome-session &

[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey
vncconfig -iconic &
# x-terminal-emulator -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
# x-window-manager &
    To save your changes, first press ESC to exit Insert mode and then type :wq to Write and Quit (or simply :q! if you want to Quit without saving changes).
  6. We can now start the vncserver again, this time with the correct settings. Type vncserver -geometry 1440x900 to start a desktop with 1440×900 as screen resolution. This command needs to be run every time you restart the server. To automate this execution, open /etc/rc.local by typing sudo vim /etc/rc.d and add su USER -c "/usr/bin/vncserver -geometry 1440x900" where USER is replaced with the username you want to run the process, probably your own username. Add this line before the exit 0 line (if such exists in the file). The next time you restart the server your VNC desktop is ready to be used.

Tunneling through SSH

It is not necessary to use a tunnel to connect to your display, but it’s definitely more secure. By using tunnels you don’t need to open up any extra ports in the firewall. Instead, all graphics goes through the encrypted SSH traffic.

  1. Close any ongoing Putty connection to your Ubuntu server. If you’re just opening the Putty program make sure you load the settings for the connection to your Ubuntu server as illustrated here:

    2. Load settings in Putty

  2. Go to Connections -> SSH -> Tunnels and add a tunnel for the protocol. Source port is the port on your local computer and destination is localhost:port on the destination machine. Click on Add after entering the information so it will be registered in the Forwarded ports window. In this example I’ve added both a tunnel for RDP (port 3389) and for VNC (5901).

    3. Setup a tunnel

  3. Go back to first page in Putty and save the configuration, or the tunnel won’t be there the next time you restart Putty.

Display with VNC

  1. Download a VNC client. If you’re running Windows I suggest TightVNC because it works great together with Putty. When you install it, select custom install and deselect the server installation. You only need the VNC client for this to work.
  2. Start the VNC client and enter 127.0.0.1:1 as address. :1 at the end means you want to connect to display 1 on address 127.0.0.1.

    3. TightVNC starting client

  3. Enter the password you gave earlier when running vncserver for the first time.

    4. TightVNC entering password

  4. Click OK and you’re now connected to the Ubuntu desktop!

    5. Ubuntu desktop

Display with Window’s Remote Desktop Connection

  • If you prefer to use Remote Desktop Connection to connect to your VNC server, then you’ll need to install the XRDP server on your Ubuntu server. XRDP is a linux implementation of Microsofts Remote Desktop Protocol (it translates from RDP to VNC so you are actually using VNC even when connecting to XRDP). Install XRDP by running sudo apt-get install xrdp and then start it by running sudo /etc/init.d/xrdp start. The XRDP server will start automatically each time you restart your server so there is no further configuration needed.
  • If you’ve configured the RDP tunnel through Putty on port 3389 you can simply start the Remote desktop application and enter localhost:3389 as address.
    Remote desktop start
  • Your Remote desktop application then connects to the XRDP server on the VM, where you have to specify what you want to connect to. Select vnc-any as module and the other parameters according to the picture.
    Remote desktop password
    All the modules available here are specified in the file /etc/xrdp/xrdp.ini. You can alter that file to create one single module that works just for your needs and comment out all the other modules with a leading # character. It could look something like this. 
    [globals]
bitmap_cache=yes
bitmap_compression=yes
port=3389
crypt_level=low
channel_code=1

[xrdp1]
name=VNC_login
lib=libvnc.so
username=USER
password=ask
ip=127.0.0.1
port=5901

    On the marked line (11) you have to replace USER with either the username you want everyone to use or ask for the dialog to ask for a username. When you’re done, don’t forget to restart xrdp for changes to take effect using sudo /etc/init.d/xrdp restart.

More resources