X2go is remote desktop solution capable of providing encrypted desktop session over low bandwidth, high latency links. It is similar to VNC but with built-in encryption. We are using x2go for replacement of Oracle Sunray solution.
This post is part of series where we are going to setup VDI solution based on open source components. Previously, we have setup DHCP server ,TFTP server and yum repository server. Now, we will install x2go server components.
We will be using the same machine on which we have configured DHCP server.
x2go use ssh connection for encryption. We can use ssh service which come with operating system. However, we may not be able to enable few of the features in existing ssh configuration which are required for x2go if you have hardened ssh e.g. disable port forwarding. Therefore, we are going to set up a new systemd service with a different ssh configuration but same using the ssh binary.
I have selected tcp port 2748 for running separate ssh daemon on which I will connect from x2go client. Open this port in firewall.
firewall-cmd --zone=public --add-port=2748/tcp --permanent
Reload the firewall to re-read the configuration.
firewall-cmd –reload
Copy the existing sshd configuration file to a new file in which we can make changes.
cp /etc/ssh/sshd_config /etc/ssh/sshd_config_x2go
Change the listening port to 2748 in new file.
sed -i -e 's/#Port 22/Port 2748/g' /etc/ssh/sshd_config_x2go
We are going to create a new service for new ssh daemon
>/usr/lib/systemd/system/x2go-sshd.service
Paste the following line on terminal which will append the content to newly create service file
cat > /usr/lib/systemd/system/x2go-sshd.service <<EOF
[Unit]
Description=X2GO-OpenSSH server daemon
Documentation=man:sshd(8) man:sshd_config(5)
After=network.target sshd-keygen.service
Wants=sshd-keygen.service
[Service]
Type=notify
EnvironmentFile=/etc/sysconfig/sshd
#ExecStart=/usr/sbin/sshd -D $OPTIONS
ExecStart=/usr/sbin/sshd -D -f /etc/ssh/sshd_config_x2go $OPTIONS
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=on-failure
RestartSec=42s
[Install]
WantedBy=multi-user.target
EOF
Reload the systemd daemon to detect this newly created service
systemctl daemon-reload
Start the new service and enable it on startup
systemctl enable x2go-sshd.service && systemctl restart x2go-sshd.service
Now, we are going to install GUI components. Following commands are going to deploy minimal number of packages for GUI based environment. X2go has best compatibility with XFCE. Therefore, we will be using XFCE environment.
yum groupinstall -y Fonts
yum install -y xfdesktop xorg-x11-server-Xorg xorg-x11-xinit xorg-x11-font-utils xorg-x11-xauth xorg-x11-utils xorg-x11-fonts* lightdm xfce4-session xfce4-session-engines xfce4-settings xfce4-terminal Thunar tumbler xscreensaver
As I am using virtual machine therefore it is good practice to install vm tools along with x11 drivers.
yum install open-vm-tools-desktop.x86_64 xorg-x11-drv-evdev
Now the desktop environment is ready, we can test if it is working fine by using rebooting the machine which will load GUI on next run.
reboot
Once machine is back online, install x2go package
yum install x2goserver x2goserver-xsession
Enable the x2go session service
systemctl enable x2gocleansessions.service
X2go provides the ability to copy the clipboard. This option can be disabled from server side to ensure data leakage protection.
sed -i 's/#X2GO_NXAGENT_DEFAULT_OPTIONS+=\" -clipboard both\"/X2GO_NXAGENT_DEFAULT_OPTIONS+=\" -clipboard none\"/g' /etc/x2go/x2goagent.options
XFCE displays the drives on user desktop. This can be disabled using following code
>/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-desktop.xml
cat > /etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-desktop.xml <<'EOF'
<?xml version="1.0" encoding="UTF-8"?>
<channel name="xfce4-desktop" version="1.0">
<property name="backdrop" type="empty">
<property name="screen0" type="empty">
<property name="monitor0" type="empty">
<property name="workspace0" type="empty">
<property name="color-style" type="int" value="0"/>
<property name="image-style" type="int" value="5"/>
<property name="last-image" type="string" value="/usr/share/backgrounds/images/default.png"/>
</property>
<property name="workspace1" type="empty">
<property name="color-style" type="int" value="0"/>
<property name="image-style" type="int" value="5"/>
<property name="last-image" type="string" value="/usr/share/backgrounds/images/default.png"/>
</property>
<property name="workspace2" type="empty">
<property name="color-style" type="int" value="0"/>
<property name="image-style" type="int" value="5"/>
<property name="last-image" type="string" value="/usr/share/backgrounds/images/default.png"/>
</property>
<property name="workspace3" type="empty">
<property name="color-style" type="int" value="0"/>
<property name="image-style" type="int" value="5"/>
<property name="last-image" type="string" value="/usr/share/backgrounds/images/default.png"/>
</property>
</property>
</property>
</property>
<property name="desktop-icons" type="empty">
<property name="file-icons" type="empty">
<property name="show-filesystem" type="bool" value="false"/>
<property name="show-removable" type="bool" value="false"/>
<property name="show-trash" type="bool" value="true"/>
</property>
</property>
<property name="last" type="empty">
<property name="window-width" type="int" value="672"/>
<property name="window-height" type="int" value="551"/>
</property>
</channel>
EOF
Reboot the system one more time
reboot
Now, you are ready to connect to this x2go server via client which can be downloaded from this link
Now, we will need to create a new session.
You will need to provide the IP address or URL of the server along with port, username and environment.
Once you save the setting, new session will appear on right side.
Click on the newly created icon and it will ask you for the password. Once you click OK, session will initiate
On successful login, you will see the desktop.
