Alright, something that can make your headless Ubuntu server experience even better secure remote desktop access! You know the drill: you have a server with no monitor or keyboard attached, but you need to do some serious work on it from afar. No problem, my friend!
First why do we need to make this setup secure? Well, because the internet is full of bad guys who love nothing more than hacking into vulnerable systems and stealing all your precious data. And let’s be real here, if you have a headless server with no monitor or keyboard attached, it’s probably pretty important that nobody else can access it without your permission. So let’s make sure we do this right!
Step 1: Install the necessary packages on your Ubuntu server
To set up secure remote desktop access for our headless Ubuntu server, we need to install a few packages first. Open up your terminal and type in these commands:
# Update the list of available packages on the server
sudo apt-get update
# Upgrade any outdated packages to their latest versions
sudo apt-get upgrade
# Install the necessary packages for secure remote desktop access
sudo apt-get install xrdp xserver-xorg-core libstartup-notification0
# xrdp: a remote desktop protocol (RDP) server that allows users to connect to the server remotely
# xserver-xorg-core: the core X server components for the X Window System
# libstartup-notification0: a library for tracking application startup notifications
# These packages are necessary for setting up secure remote desktop access on the server.
These commands will update the package list, upgrade any existing packages, and then install the necessary packages for our setup. Don’t worry if you see some warnings or errors during this process just follow along with the instructions and we’ll fix anything that goes wrong!
Step 2: Configure xrdp to start automatically at boot time
Now that we have installed the necessary packages, let’s configure xrdp to start automatically when our server boots up. Open up your terminal again and type in these commands:
# This script is used to configure xrdp to start automatically at boot time.
# Step 1: Open the rc.local file using the nano text editor with root privileges.
sudo nano /etc/rc.local
# Step 2: Add the necessary commands to start xrdp at boot time.
# The following command will start the xrdp service.
systemctl start xrdp
# The following command will enable the xrdp service to start at boot time.
systemctl enable xrdp
# The following command will reload the systemd daemon to apply the changes.
systemctl daemon-reload
# Step 3: Save and exit the file by pressing "Ctrl + X" and then "Y" to confirm.
# Step 4: Reboot the server to apply the changes.
sudo reboot
# Now xrdp will automatically start when the server boots up.
This will open up a text editor with the contents of the rc.local file. Add this line at the end of the file (before “exit 0”):
# This script opens a text editor with the contents of the rc.local file
# and adds the line "xrdp-sesman &" at the end of the file before "exit 0"
# Open the rc.local file in a text editor
nano /etc/rc.local
# Add the line "xrdp-sesman &" at the end of the file
xrdp-sesman &
# Save and close the file
# This ensures that the xrdp-sesman service will start automatically on system boot
# The "&" symbol runs the command in the background, allowing the script to continue
# without waiting for the command to finish executing
# This is useful for services that need to run continuously in the background
# and do not require user input or interaction.
Save and close the file by pressing Ctrl + X, Y, Enter. This will add a new line to our rc.local file that starts xrdp-sesman automatically at boot time.
Step 3: Configure firewall rules for remote desktop access
Now that we have installed and configured xrdp, let’s make sure it is accessible from the outside world by configuring some firewall rules. Open up your terminal again and type in these commands:
# This script allows remote desktop access by configuring firewall rules for xrdp.
# Step 1: Allow incoming connections on port 3389 using TCP protocol.
sudo ufw allow 3389/tcp # Allows incoming connections on port 3389 using TCP protocol.
# Step 2: Enable the firewall to start enforcing the rules.
sudo ufw enable # Enables the firewall and starts enforcing the rules.
These commands will add a new rule to our UFW (Uncomplicated Firewall) configuration that allows incoming connections on port 3389, which is the standard port for remote desktop access. We also enable UFW so that these rules are applied automatically at boot time.
Step 4: Restart your server and test the setup!
Now that we have installed, configured, and enabled our firewall rules, let’s restart our server to apply all of these changes. Type in this command:
# This script restarts the server to apply changes made to the firewall rules.
# Use the "sudo" command to run the following command with root privileges.
sudo reboot
# The "sudo" command allows a user with proper permissions to execute a command as another user, typically the root user.
# The "reboot" command restarts the server, applying any changes made to the firewall rules.
# It is important to restart the server after making changes to the firewall rules to ensure they are applied and take effect.
# This step is necessary to ensure that the firewall rules are applied automatically at boot time.
# By restarting the server, we are also testing the setup to ensure that the firewall rules are functioning as intended.
Once your server has finished booting up, open up a new terminal window on another machine (such as your laptop or desktop) and type in the following command:
# This script is used to connect to a server using the rdesktop command.
# It is assumed that the server has already finished booting up.
# The following command opens a new terminal window on another machine and connects to the server using the specified IP address.
# The -u flag specifies the username to use for the connection.
rdesktop <your_server_ip> -u ubuntu
Replace “
And there you have it secure remote desktop access for your headless Ubuntu server! So go ahead and give this tutorial a try I promise it’s not as scary as it sounds!