Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Best way to securely run remote linux desktop on a dedi
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Best way to securely run remote linux desktop on a dedi

I would like to ask for your advise on this. For servers, I use Linux. But for remote desktop environments, I use RDP with Duo.

I just got a KS-LE with 2 4TB disks. I plan to use this machine as a remote desktop. I can install Windows on it but can only utilize 2 TB on the boot disk (even if it's a GPT installation) because of legacy boot. Any easy setup for remote desktop for Linux? What distro would you recommend? And how can I securely access it from a client running on Windows?

Comments

  • Take a look at this.

    KasmVNC - Linux Web Remote Desktop.

    Modern VNC Server and client, web based and secure

    https://github.com/kasmtech/KasmVNC

    Thanked by 2edoarudo5 Erisa
  • Set up a VNC server and listen on 127.0.0.01 only. Then you will use SSH port forwarding to connect to it.

    Thanked by 1edoarudo5
  • risharderisharde Patron Provider, Veteran

    @Kousaka said:
    Set up a VNC server and listen on 127.0.0.01 only. Then you will use SSH port forwarding to connect to it.

    This. 127.0.0.1 correction.
    And for safe measure which is over kill, make sure firewall does not accept direct vnc connections on the port (paranoia and not necessary).

    Use ssh key as well to auth of course.

    Thanked by 2edoarudo5 yoursunny
  • emreemre Member, LIR
    edited December 2021

    Here is what you need to do for a perfectly working ultra fast remote linux desktop experience:
    1- prepare your server with anykind of ubuntu-server / minimal install your provider offers:
    then on your server:

    apt-get update
    
    apt-get install tasksel
    
    tasksel install xubuntu-desktop 
    
    apt-get install software-properties-common -y
    
    add-apt-repository ppa:x2go/stable -y
    
    apt-get update
    
    apt-get install x2goserver x2goserver-xsession -y
    

    create a sudo user in your server before next steps:

    on your home client pc:

    if running windows: download and install:

    https://code.x2go.org/releases/X2GoClient_latest_mswin32-setup.exe
    

    if running linux:

    apt-get install x2goclient
    

    select xubuntu as your desktop on drop down x2go client menu.

    connect to your server ip:22 with your sudo user

    enjoy!

    Thanked by 3edoarudo5 raynor issei
  • I'd always recommend this script that I wrote last year. https://github.com/Har-Kuun/OneClickDesktop
    It sets up xrdp on a Linux server in 1-click. You can access your desktop not only from an RDP client software, but also directly from your web browser.

    It also comes with a plugin that easily sets up audio redirection, such that you can play videos and songs on your remote desktop.
    https://github.com/Har-Kuun/OneClickDesktop/tree/master/plugins/Audio

  • Honestly, I don’t know exactly how secure it is, but I run LXDE under Debian, with NX to handle the Remote Desktop part.

    Connections are protected via firewall rules to only permit connections to the NX port from a small set of IP addresses that are under my control.

    The basis came from a Remote Desktop setup script that a member here put together several years ago, I’ve pulled it apart and it’s down to about 7 commands now, one day I’ll stop being lazy and properly automate it.

    Thanked by 1edoarudo5
  • @edoarudo5 said:
    …. I can install Windows on it but can only utilize 2 TB on the boot disk (even if it's a GPT installation)

    Windows OS can see and use both the disks
    1.8 TB x 2

  • I like also the x2go way.

    Thanked by 1edoarudo5
  • duckeeyuckduckeeyuck Member
    edited December 2021
    1. Mount debian iso
    2. Install desktop/debian
    3. From their vnc/kvm session, log in and start x11vnc

    As long as you use a safe password, you don't need any sort of firewall/whitelisting for this.
    It's really simple.

    Thanked by 1edoarudo5
  • @emre said:
    Here is what you need to do for a perfectly working ultra fast remote linux desktop experience:
    1- prepare your server with anykind of ubuntu-server / minimal install your provider offers:
    then on your server:

    > apt-get update
    > 
    > apt-get install tasksel
    > 
    > tasksel install xubuntu-desktop 
    > 
    > apt-get install software-properties-common -y
    > 
    > add-apt-repository ppa:x2go/stable -y
    > 
    > apt-get update
    > 
    > apt-get install x2goserver x2goserver-xsession -y
    > 

    create a sudo user in your server before next steps:

    on your home client pc:

    if running windows: download and install:

    > https://code.x2go.org/releases/X2GoClient_latest_mswin32-setup.exe
    > 

    if running linux:

    > apt-get install x2goclient
    > 

    select xubuntu as your desktop on drop down x2go client menu.

    connect to your server ip:22 with your sudo user

    enjoy!

    Would this be faster than xrdp/any noticeable advantage over xrdp?

  • emreemre Member, LIR

    @jmaxwell said: Would this be faster than xrdp/any noticeable advantage over xrdp?

    >

    If your ping times to your server is below or around 20ms this is the best possible remote desktop experience you will get.

    Thanked by 2Void edoarudo5
  • @Nekki said:
    Honestly, I don’t know exactly how secure it is, but I run LXDE under Debian, with NX to handle the Remote Desktop part.

    Connections are protected via firewall rules to only permit connections to the NX port from a small set of IP addresses that are under my control.

    The basis came from a Remote Desktop setup script that a member here put together several years ago, I’ve pulled it apart and it’s down to about 7 commands now, one day I’ll stop being lazy and properly automate it.

    Copy and paste isn't automation enough?

    Thanked by 2Nekki Hxxx
  • @dedipromo said:
    I'd always recommend this script that I wrote last year. https://github.com/Har-Kuun/OneClickDesktop
    It sets up xrdp on a Linux server in 1-click. You can access your desktop not only from an RDP client software, but also directly from your web browser.

    It also comes with a plugin that easily sets up audio redirection, such that you can play videos and songs on your remote desktop.
    https://github.com/Har-Kuun/OneClickDesktop/tree/master/plugins/Audio

    Nice! I've been using this for a year or so now on an LXC container on a Proxmox box and it's been awesome, thanks for your work! :)

    It's great to know that someone from LET created it too.

    Thanked by 1dedipromo
  • @dahartigan said:

    @dedipromo said:
    I'd always recommend this script that I wrote last year. https://github.com/Har-Kuun/OneClickDesktop
    It sets up xrdp on a Linux server in 1-click. You can access your desktop not only from an RDP client software, but also directly from your web browser.

    It also comes with a plugin that easily sets up audio redirection, such that you can play videos and songs on your remote desktop.
    https://github.com/Har-Kuun/OneClickDesktop/tree/master/plugins/Audio

    Nice! I've been using this for a year or so now on an LXC container on a Proxmox box and it's been awesome, thanks for your work! :)

    It's great to know that someone from LET created it too.

    Thanks for the kind words ;)

    Thanked by 1dahartigan
  • codelockcodelock Member
    edited December 2021

    @TimboJones said:

    @Nekki said:
    Honestly, I don’t know exactly how secure it is, but I run LXDE under Debian, with NX to handle the Remote Desktop part.

    Connections are protected via firewall rules to only permit connections to the NX port from a small set of IP addresses that are under my control.

    The basis came from a Remote Desktop setup script that a member here put together several years ago, I’ve pulled it apart and it’s down to about 7 commands now, one day I’ll stop being lazy and properly automate it.

    Copy and paste isn't automation enough?

    Nope,
    See : https://github.com/NARKOZ/hacker-scripts

    xxx: OK, so, our build engineer has left for another company. The dude was literally living inside the terminal. You know, that type of a guy who loves Vim, creates diagrams in Dot and writes wiki-posts in Markdown... If something - anything - requires more than 90 seconds of his time, he writes a script to automate that.

    xxx: So we're sitting here, looking through his, uhm, "legacy"

    xxx: You're gonna love this

    xxx: smack-my-bitch-up.sh - sends a text message "late at work" to his wife (apparently). Automatically picks reasons from an array of strings, randomly. Runs inside a cron-job. The job fires if there are active SSH-sessions on the server after 9pm with his login.

    xxx: kumar-asshole.sh - scans the inbox for emails from "Kumar" (a DBA at our clients). Looks for keywords like "help", "trouble", "sorry" etc. If keywords are found - the script SSHes into the clients server and rolls back the staging database to the latest backup. Then sends a reply "no worries mate, be careful next time".

    xxx: hangover.sh - another cron-job that is set to specific dates. Sends automated emails like "not feeling well/gonna work from home" etc. Adds a random "reason" from another predefined array of strings. Fires if there are no interactive sessions on the server at 8:45am.

    xxx: (and the oscar goes to) fucking-coffee.sh - this one waits exactly 17 seconds (!), then opens a telnet session to our coffee-machine (we had no frikin idea the coffee machine is on the network, runs linux and has a TCP socket up and running) and sends something like sys brew. Turns out this thing starts brewing a mid-sized half-caf latte and waits another 24 (!) seconds before pouring it into a cup. The timing is exactly how long it takes to walk to the machine from the dudes desk.

    xxx: holy sh*t I'm keeping those

    Original: http://bash.im/quote/436725 (in Russian)
    Pull requests with other implementations (Python, Perl, Shell, etc) are welcome.

  • @codelock said:

    @TimboJones said:

    @Nekki said:
    Honestly, I don’t know exactly how secure it is, but I run LXDE under Debian, with NX to handle the Remote Desktop part.

    Connections are protected via firewall rules to only permit connections to the NX port from a small set of IP addresses that are under my control.

    The basis came from a Remote Desktop setup script that a member here put together several years ago, I’ve pulled it apart and it’s down to about 7 commands now, one day I’ll stop being lazy and properly automate it.

    Copy and paste isn't automation enough?

    Nope,
    See : https://github.com/NARKOZ/hacker-scripts

    xxx: OK, so, our build engineer has left for another company. The dude was literally living inside the terminal. You know, that type of a guy who loves Vim, creates diagrams in Dot and writes wiki-posts in Markdown... If something - anything - requires more than 90 seconds of his time, he writes a script to automate that.

    xxx: So we're sitting here, looking through his, uhm, "legacy"

    xxx: You're gonna love this

    xxx: smack-my-bitch-up.sh - sends a text message "late at work" to his wife (apparently). Automatically picks reasons from an array of strings, randomly. Runs inside a cron-job. The job fires if there are active SSH-sessions on the server after 9pm with his login.

    xxx: kumar-asshole.sh - scans the inbox for emails from "Kumar" (a DBA at our clients). Looks for keywords like "help", "trouble", "sorry" etc. If keywords are found - the script SSHes into the clients server and rolls back the staging database to the latest backup. Then sends a reply "no worries mate, be careful next time".

    xxx: hangover.sh - another cron-job that is set to specific dates. Sends automated emails like "not feeling well/gonna work from home" etc. Adds a random "reason" from another predefined array of strings. Fires if there are no interactive sessions on the server at 8:45am.

    xxx: (and the oscar goes to) fucking-coffee.sh - this one waits exactly 17 seconds (!), then opens a telnet session to our coffee-machine (we had no frikin idea the coffee machine is on the network, runs linux and has a TCP socket up and running) and sends something like sys brew. Turns out this thing starts brewing a mid-sized half-caf latte and waits another 24 (!) seconds before pouring it into a cup. The timing is exactly how long it takes to walk to the machine from the dudes desk.

    xxx: holy sh*t I'm keeping those

    Original: http://bash.im/quote/436725 (in Russian)
    Pull requests with other implementations (Python, Perl, Shell, etc) are welcome.

    thats fucking hilarious

  • jarjar Patron Provider, Top Host, Veteran

    I use nomachine. It's close enough to x2go but I enjoy the UX and automatic handling of the client a bit more. It and x2go being the best performing for Linux, comparable to RDP for windows.

    Thanked by 2Nekki edoarudo5
  • I would setup a wireguard server, (great info here, @yoursunny posted a quick tutorial there) and then have a VNC server listening on the wgX (wireguard) adapter.

    Add firewall rules for..., fun maybe?

    Thanked by 1edoarudo5
  • @TimboJones said:

    @Nekki said:
    Honestly, I don’t know exactly how secure it is, but I run LXDE under Debian, with NX to handle the Remote Desktop part.

    Connections are protected via firewall rules to only permit connections to the NX port from a small set of IP addresses that are under my control.

    The basis came from a Remote Desktop setup script that a member here put together several years ago, I’ve pulled it apart and it’s down to about 7 commands now, one day I’ll stop being lazy and properly automate it.

    Copy and paste isn't automation enough?

    Clearly, it’s enough for me as I’ve been doing it for about 5 years…..

  • @Nekki said:

    @TimboJones said:

    Copy and paste isn't automation enough?

    Clearly, it’s enough for me as I’ve been doing it for about 5 years…..

    I've been putting off writing scripts or implementing some other form of automation for years but now I don't feel so bad about just having a clusterfuck of code snippets that I just copy and paste.

    Standard Notes is my Ansible.

    Thanked by 1Nekki
  • @BlazinDimes said:

    @Nekki said:

    @TimboJones said:

    Copy and paste isn't automation enough?

    Clearly, it’s enough for me as I’ve been doing it for about 5 years…..

    I've been putting off writing scripts or implementing some other form of automation for years but now I don't feel so bad about just having a clusterfuck of code snippets that I just copy and paste.

    Standard Notes is my Ansible.

    We are truly brothers from another mother, I have everything stored in Standard Notes.

    Thanked by 1BlazinDimes
  • @Nekki said:

    @BlazinDimes said:

    Standard Notes is my Ansible.

    We are truly brothers from another mother, I have everything stored in Standard Notes.

    I'm not sure how I ever functioned without it. Running it vanilla as I was too cheap to buy the lifetime and now the price went up. Time to add it to my self-hosted collection I suppose.

    Thanked by 1Nekki
  • @BlazinDimes said:

    @Nekki said:

    @BlazinDimes said:

    Standard Notes is my Ansible.

    We are truly brothers from another mother, I have everything stored in Standard Notes.

    I'm not sure how I ever functioned without it. Running it vanilla as I was too cheap to buy the lifetime and now the price went up. Time to add it to my self-hosted collection I suppose.

    I regret not going lifetime during last year’s BF sale, it was a great price but it was that or a lifetime PlexPass. I may go for the lowest tier of yearly sub to support the devs now as that should do what I need.

    Thanked by 1BlazinDimes
  • @BlazinDimes said:

    @Nekki said:

    @BlazinDimes said:

    Standard Notes is my Ansible.

    We are truly brothers from another mother, I have everything stored in Standard Notes.

    I'm not sure how I ever functioned without it. Running it vanilla as I was too cheap to buy the lifetime and now the price went up. Time to add it to my self-hosted collection I suppose.

    Notesnook is another alternative

  • Thanks for the suggestions guys, I'll try all of it when I have the time and choose the best one for me. Rendering on the QT app on Windows leaves some trail on x2go and that puts me off. That's its so far for me, I have yet to try your setup/configs, I might have a better experience using your setup.

  • @TheBrokenBee said:
    Notesnook is another alternative

    Sounds dirty.

  • personally im using nomachine or anydesk imo its way faster than vnc even with 250ms ping

    Thanked by 1edoarudo5
Sign In or Register to comment.