Using Apache Guacamole in combination with VNC for clientless Linux remote access

clientless-linux-remote-access.md

Clientless Linux remote access with Apache Guacamole

Quick and dirty guide how to get Apache Guacamole in combination with VNC up and running.

Apache Guacamole

Prerequisites

sudo add-apt-repository -y ppa:remmina-ppa-team/freerdp-daily
sudo apt update
env DEBIAN_FRONTEND=noninteractive sudo apt install -y freerdp2-dev freerdp2-x11

Installation

wget https://raw.githubusercontent.com/MysticRyuujin/guac-install/master/guac-install.sh
chmod +x guac-install.sh
sudo ./guac-install.sh --mysqlpwd my-super-secret-mysql-root-pw --guacuser db-svc-user --guacpwd my-super-secret-mysql-svc-user-password --nomfa --installmysql

Fix a timezone issue

See MysticRyuujin/guac-install#119

sudo mv /etc/mysql/mysql.conf.d/mysqld.cnf /etc/mysql/mysql.conf.d/mysqld.cnf.bkp
mysql_tzinfo_to_sql /usr/share/zoneinfo | mysql -u root -p'my-super-secret-mysql-root-pw' mysql
sudo bash -c 'cat <<EOF >> /etc/mysql/mysql.conf.d/mysqld.cnf
# Timezone
default_time_zone=Europe/Zurich
EOF'
# Check if the `default_time_zone` is really appended at the end:
sudo cat /etc/mysql/mysql.conf.d/mysqld.cnf

sudo systemctl restart mysql

Basic Configuration

sudo bash -c 'cat <<EOF > /etc/guacamole/user-mapping.xml
<user-mapping>
    <authorize username="user" password="my-super-secret-user-password">
    <protocol>vnc</protocol>
    <param name="hostname">localhost</param>
    <param name="port">5901</param>
    <param name="password">my-super-secret-vnc-password</param>
    </authorize>
</user-mapping>
EOF'

sudo systemctl restart guacd

TigerVNC

Installation

Note: Install and use xfce4-terminal since due to a currently existing issue with this setup where gnome-terminal won't start via VNC...

sudo apt install -y tigervnc-standalone-server xfce4-terminal

Configuration

# Set the VNC password to "my-super-secret-vnc-password"
vncserver
cp ~/.vnc/xstartup ~/.vnc/xstartup_backup
sudo bash -c 'cat <<EOF > ~/.vnc/xstartup
#!/bin/sh

export XKL_XMODMAP_DISABLE=1
export XDG_CURRENT_DESKTOP="GNOME-Flashback:GNOME"
export XDG_MENU_PREFIX="gnome-flashback-"
export XKB_DEFAULT_RULES=base
export QT_XKB_CONFIG_ROOT=/usr/share/X11/xkb

vncconfig -nowin &
#vncconfig -iconic &
xhost +local: &
gnome-session --session=gnome-flashback-metacity --disable-acceleration-check --debug &
EOF'

sudo chmod +x ~/.vnc/xstartup

sudo bash -c 'cat <<EOF > /etc/systemd/system/[email protected]
[Unit]
Description=Start TigerVNC server at startup
After=syslog.target network.target

[Service]
Type=forking
User=user
PAMName=login
PIDFile=/home/user/.vnc/%H:%i.pid
ExecStartPre=-/usr/bin/vncserver -kill :%i > /dev/null 2>&1
ExecStart=/usr/bin/vncserver -depth 24 -geometry 1680x1050 :%i
ExecStop=/usr/bin/vncserver -kill :%i

[Install]
WantedBy=multi-user.target
EOF'

sudo systemctl daemon-reload
sudo systemctl enable [email protected]
sudo systemctl start [email protected]

Note: This [email protected] currently fails when being started. Nevertheless, the /usr/bin/Xtigervnc process will be started and works just fine. Need to be fixed in the future.

Reboot the system

Verification

Verify if the /usr/bin/Xtigervnc process runs:

user@Lab:~/.vnc$ sudo ps aux | grep vnc
user  20939  5.2  0.8 1276780 130972 ?      Sl   21:49   0:11 /usr/bin/Xtigervnc :1 -desktop Lab:1 (user) -auth /home/user/.Xauthority -geometry 1680x1050 -depth 24 -rfbwait 30000 -rfbauth /home/user/.vnc/passwd -rfbport 5901 -pn -localhost -SecurityTypes VncAuth
user  22115  0.0  0.0  21532  1088 pts/0    S+   21:53   0:00 grep --color=auto vnc

Visit http://your-ip-here:8080/guacamole/#/. Log in using user / my-super-secret-user-password.

Credit

• https://www.smarthomebeginner.com/setup-vnc-server-on-ubuntu-linux/
• https://github.com/MysticRyuujin/guac-install