Azure provides images for Windows and several flavors of Linux. You can also create your own preconfigured images to make deployments go faster. In this tutorial, you will bring up an Ubuntu Server 18.04 LTS, provided by Canonical. 2 Enabling The Remote Desktop. We don't have to install anything to enable the remote desktop on Ubuntu. All we have to do is go to Search your computer, enter the word 'desk' and click on Desktop Sharing: In the Desktop Sharing window, you can configure the remote desktop connection. Azure Remote Rendering. Release, and monitor your mobile and desktop apps. Visual Studio App Center. Visual Studio Code. Provision virtual machines for Ubuntu.
Linux virtual machines (VMs) in Azure are usually managed from the command line using a secure shell (SSH) connection. When new to Linux, or for quick troubleshooting scenarios, the use of remote desktop may be easier. This article details how to install and configure a desktop environment (xfce) and remote desktop (xrdp) for your Linux VM running Ubuntu.
The article was writen and tested using an Ubuntu 18.04 VM.
Prerequisites
This article requires an existing Ubuntu 18.04 LTS VM in Azure. If you need to create a VM, use one of the following methods:
- The Azure CLI
- The Azure portal
Install a desktop environment on your Linux VM
Most Linux VMs in Azure do not have a desktop environment installed by default. Linux VMs are commonly managed using SSH connections rather than a desktop environment. There are various desktop environments in Linux that you can choose. Depending on your choice of desktop environment, it may consume one to 2 GB of disk space, and take 5 to 10 minutes to install and configure all the required packages.
The following example installs the lightweight xfce4 desktop environment on an Ubuntu 18.04 LTS VM. Commands for other distributions vary slightly (use yum
to install on Red Hat Enterprise Linux and configure appropriate selinux
rules, or use zypper
to install on SUSE, for example).
First, SSH to your VM. The following example connects to the VM named myvm.westus.cloudapp.azure.com with the username of azureuser. Use your own values:
If you are using Windows and need more information on using SSH, see How to use SSH keys with Windows.
Next, install xfce using apt
as follows:
Install and configure a remote desktop server
Now that you have a desktop environment installed, configure a remote desktop service to listen for incoming connections. xrdp is an open source Remote Desktop Protocol (RDP) server that is available on most Linux distributions, and works well with xfce. Install xrdp on your Ubuntu VM as follows:
Tell xrdp what desktop environment to use when you start your session. Configure xrdp to use xfce as your desktop environment as follows:
Restart the xrdp service for the changes to take effect as follows:
Set a local user account password
If you created a password for your user account when you created your VM, skip this step. If you only use SSH key authentication and do not have a local account password set, specify a password before you use xrdp to log in to your VM. xrdp cannot accept SSH keys for authentication. The following example specifies a password for the user account azureuser:
Note
Specifying a password does not update your SSHD configuration to permit password logins if it currently does not. From a security perspective, you may wish to connect to your VM with an SSH tunnel using key-based authentication and then connect to xrdp. If so, skip the following step on creating a network security group rule to allow remote desktop traffic.
Create a Network Security Group rule for Remote Desktop traffic
To allow Remote Desktop traffic to reach your Linux VM, a network security group rule needs to be created that allows TCP on port 3389 to reach your VM. For more information about network security group rules, see What is a network security group? You can also use the Azure portal to create a network security group rule.
The following example creates a network security group rule with az vm open-port on port 3389. From the Azure CLI, not the SSH session to your VM, open the following network security group rule:
Connect your Linux VM with a Remote Desktop client
Azure Ubuntu Remote Desktop Login
Open your local remote desktop client and connect to the IP address or DNS name of your Linux VM.
Enter the username and password for the user account on your VM as follows:
After authenticating, the xfce desktop environment will load and look similar to the following example:
If your local RDP client uses network level authentication (NLA), you may need to disable that connection setting. XRDP does not currently support NLA. You can also look at alternative RDP solutions that do support NLA, such as FreeRDP.
Troubleshoot
If you cannot connect to your Linux VM using a Remote Desktop client, use netstat
on your Linux VM to verify that your VM is listening for RDP connections as follows:
The following example shows the VM listening on TCP port 3389 as expected:
If the xrdp-sesman service is not listening, on an Ubuntu VM restart the service as follows:
Review logs in /var/log on your Ubuntu VM for indications as to why the service may not be responding. You can also monitor the syslog during a remote desktop connection attempt to view any errors:
Other Linux distributions such as Red Hat Enterprise Linux and SUSE may have different ways to restart services and alternate log file locations to review.
If you do not receive any response in your remote desktop client and do not see any events in the system log, this behavior indicates that remote desktop traffic cannot reach the VM. Review your network security group rules to ensure that you have a rule to permit TCP on port 3389. For more information, see Troubleshoot application connectivity issues.
Next steps
For more information about creating and using SSH keys with Linux VMs, see Create SSH keys for Linux VMs in Azure.
For information on using SSH from Windows, see How to use SSH keys with Windows.
Microsoft is continually working with different Linux communities to add evermore distributions to the Azure Marketplace. Running Linux machines in the cloud brings with it a number of benefits such as additional stability, security and affordability over that of its Windows counterpart. With Linux now running on two out of every five server instances on Azure, interaction with Linux based systems is becoming an ever increasing occurrence for system administrators.
SSH is the default method when connecting to an Ubuntu server deployed from the Azure Marketplace. For seasoned Linux admin this is fine but for anyone new to the operating system or looking for a quick method of troubleshooting, this style of administration can initially seem daunting or time consuming.
This article shows the steps involved in installing the GNOME desktop and xRDP package on an Ubuntu virtual machine running in Azure. This makes available a more familiar and user friendly remote desktop style connection.
Assumptions
The following assumptions have been made:
- Ubuntu Server version 17.10 has been deployed from the Azure Marketplace
- GNOME will be the chosen desktop interface
- SSH access is available
- PuTTY will be used as the SSH client
- Azure Portalaccess is available.
Installing Gnome Desktop
Although Ubuntu 17.10 “Artful Aardvark” has dropped the Unity 7 desktop, instead of switching to GNOME Shell, the Azure Marketplace image is deployed without the desktop package installed. It is worth noting that it’s possible to install xRDP without installing a desktop first, however, the user experience would be similar to that of the terminal experience offered when connecting by an SSH client.
Installing GNOME desktop over a terminal session might sound difficult, although in reality, it’s actually a relatively straightforward task. The first step of the process is to remotely connect to the server using an SSH client such as PuTTY and then install the applications from the Official Ubuntu Repository.
Open up PuTTY and using the IP address of the server which can be found on the Overview blade in Azure, configure and establish an SSH connection.
Once the SSH session has been established, go ahead and log in to the server.
Before we look to install the desktop, let’s go ahead and update the package list to make sure we have information on the newest versions of the packages and their dependencies. To accomplish this, we run the following command.
sudo apt-get update
We can now begin the desktop install. This is again done by issuing a fairly simple apt-get command from within the terminal session.
sudo apt-get install ubuntu-gnome-desktop
Installing xRDP
Now the desktop has been installed, it’s time to install xRDP. This is an open source remote desktop protocol (RDP) server, which allows you to RDP to your Linux server from a Windows machine. It is capable of accepting connections from rdesktop, freerdp, and remote desktop clients.
To install the package, run the following command.
sudo apt-get install -y xrdp
Configuring Console Access
Console access is restricted to root by default which essentially means that without making any further changes, connections by anyone else will be dropped. This is obviously not the required user experience, therefore access to the console will need to be configured for all users.
Ubuntu Remote Desktop 14.04
To change access from root only to all users we simply edit the file /etc/X11/Xwrapper.config
This can be done by using an editor such as nano to manually change the line allowed_users=console to allowed_users=anybody.
Alternatively, it can also be updated by running the following command to make the changes.
sudo sed -i 's/allowed_users=console/allowed_users=anybody/' /etc/X11/Xwrapper.config
Adding a Network Security Group rule for RDP traffic
This article is based on an Ubuntu server that has been deployed from the Marketplace. As such, the machine will have been deployed with an NSG that has been configured to manage inbound and outbound traffic. By default, this will only allow port 22 inbound for SSH communication, not 3389 which is required for an RDP connection.
From within the portal, select the servers networking settings before then clicking on “Add inbound port rule”
At this point you will be presented with a new blade in which the following settings need to be configured.
- Service
- Priority
- Name
- Description
As with most things in Azure, it is worth noting that this could also be done through PowerShell or Azure CLI.
Connecting via RDP
Now it’s time to check if the server is configured correctly and allowing RDP connections.
If you’re connecting from a Windows machine, go ahead and start up the Remote Desktop Connection client. Enter the public IP address of the Ubuntu Server and click on connect.
At this point, the xRDP login screen should appear. Go ahead and provide user credentials before selecting OK.
The first time you remotely login to the Ubuntu desktop, you will be presented with the following Authentication Required popup.
Clicking the cancel button a number of times will close the message and allow access to the desktop, although it will return on the next login. To subdue the message permanently, changes to the polkit configuration will need to be made.
To make the required changes, use the following command to create a file called 02-allow-colord.conf in the following location /etc/polkit-1/localauthority.conf.d/ remembering to use admin privileges.
sudo nano /etc/polkit-1/localauthority.conf.d/02-allow-colord.conf
Once nano has created and opened the file for editing, paste the following text into the file, before exiting and saving.
polkit.addRule(function(action, subject) {
if ((action.id 'org.freedesktop.color-manager.create-device' ||
action.id 'org.freedesktop.color-manager.create-profile' ||
action.id 'org.freedesktop.color-manager.delete-device' ||
action.id 'org.freedesktop.color-manager.delete-profile' ||
action.id 'org.freedesktop.color-manager.modify-device' ||
action.id 'org.freedesktop.color-manager.modify-profile') &&
subject.isInGroup('{group}')) {
return polkit.Result.YES;
}
});
If everything has gone to plan, the next time you login, no authentication message should be displayed.
Missing Gnome Desktop Dock
The other thing that you may notice when connecting remotely, is that the Ubuntu Dock is not visible. Having searched around the internet for a fix for this, the best solution I came across, was actually to install the Gnome Tweak tool which in turn then made it possible to enable both the Ubuntu appindicators and Ubuntu dock extensions. For some reason, the extensions tab appears to be missing from the default Systems Settings menu.
To install the Gnome Tweak tool, run the following command.
sudo apt-get install gnome-tweak-tool -y
Once installed, simply open the Tweak tool, select the Extensions tab and enable both the appindicators and dock extensions.
Now when connecting to the GNOME desktop, the Dock should be visible on the left-hand side of the screen.
That’s it!
In this post, we took an Ubuntu server running in Azure, installed the GNOME desktop and xRDP package, then followed up by making the necessary tweaks required for more streamlined user experience. Connecting to an Ubuntu server by remote desktop connection may not be enabled out of the box but hopefully, this article goes to show that it is still an option when administering Linux based machines in the cloud.