Thursday, August 14, 2014

centos 70 remote graphical desktop



Yesterday I got my IDLE3 Python programming environment working on the Graphics Console of my local Centos 7, Linux system.

Today I'd like to migrate it to my Production system in the Cloud system which is run by IBM's Softlayer.

But currently the Softlayer build is text  (no Graphics Console).  So I need to fix that, but first regarding security:


Login Security
Already the remote Softlayer and my local Development system allows for only SSH  (Secure Shell) login.   I thought I'd emphasise the fact that I'm reporting violations in my logon banner this



vim /etc/ssh/sshd_config

# Make sure the banner line looks like this
Banner /etc/issue.net

# I put this in the /etc/issue.net file
cat /etc/issue.net

Welcome to Mouse House.

Please logon with your credentials

Note that unathorised access is regarded as an offence.
All attempted logons are recorded by username and IP address, and

malicious logins or Denial of Service events will be reported.

# restart ssh daemons to effect service sshd restart

Install a VNC Client

I already use the free software program 
TightVNC  to speak to Apple Mac systems so I think I will keep this here at the client end.

Note that the connection to the Linux VNC server is using RFB protocol which was not available on my older TightVNC installation, (causing all connections to fail).  Thus update to level 2.7.10 or later to fix.

Install the VNC Server

# make a backup first
# If things go wrong you need this to fall back to

# make sure system is fully updated before start
yum update

Transaction Summary
===============================================================================================================================================
Install   2 Packages
Upgrade  15 Packages

Total size: 107 M
Total download size: 1.0 M
Is this ok [y/d/N]: y
Downloading packages:
updates/7/x86_64/prestodelta                                                                                            |  72 kB  00:00:05
Delta RPMs reduced 139 k of updates to 34 k (75% saved)
(1/3): yum-plugin-fastestmirror-1.1.31-24.el7_1.1.31-25.el7_0.noarch.drpm                                               |  13 kB  00:00:05
(2/3): yum-utils-1.1.31-24.el7_1.1.31-25.el7_0.noarch.drpm                                                              |  21 kB  00:00:05
(3/3): libreswan-3.8-6.el7_0.x86_64.rpm                                                                                 | 883 kB  00:00:00

Finishing delta rebuilds of 2 package(s) (139 k)


# ensure the Graphical Desktop is installed
yum groupinstall "GNOME Desktop"

# install the VNC Server
yum install tigervnc-server


# for security I choose random number 57
# counting from :0 then this is the 58th terminal connection
cp /lib/systemd/system/vncserver@.service /etc/systemd/system/vncserver@:57.service

# here is my full file for user root
cat /etc/systemd/system/vncserver@:57.service
[Unit]
Description=Remote desktop service (VNC)
After=syslog.target network.target

[Service]
Type=forking
# Clean any existing files in /tmp/.X11-unix environment
ExecStartPre=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'
ExecStart=/sbin/runuser -l root -c "/usr/bin/vncserver %i"
PIDFile=/root/.vnc/%H%i.pid
ExecStop=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'

[Install]
WantedBy=multi-user.target


# allow access thru firewall
# since I'm using screen 57 and base port is 5900 we need to allow 5957
firewall-cmd --permanent --zone=public --add-port=5957/tcp
success


# as the user who you have set  (mine was root) set the vnc password
# clearly not the same as your user password please!
vncpasswd
Password:
Verify:

# check password is installed
ls -l /root/.vnc/passwd
-rw-------. 1 root root 8 Aug 13 13:30 /root/.vnc/passwd


# start server 57 and create some necessary files
vncserver :57

New 'centos7:57 (root)' desktop is centos7:57

Starting applications specified in /root/.vnc/xstartup
Log file is /root/.vnc/centos7:57.log


# setup for automatic starts
systemctl daemon-reload
systemctl enable vncserver@:57.service
ln -s '/etc/systemd/system/vncserver@:57.service' '/etc/systemd/system/multi-user.target.wants/vncserver@:57.service'
systemctl start vncserver@:57.service


# check it is really running
systemctl status vncserver@:57.service
vncserver@:57.service - Remote desktop service (VNC)
   Loaded: loaded (/etc/systemd/system/vncserver@:57.service; enabled)
   Active: active (running) since Wed 2014-08-13 13:37:12 CEST; 59s ago

# check port is listening on
netstat -an | grep 5957
tcp        0      0 0.0.0.0:5957            0.0.0.0:*               LISTEN

# check my VNC port is used again
yum install nmap nmap-frontend
nmap --all 127.0.0.1
Nmap scan report for localhost.localdomain (127.0.0.1)
Host is up (0.0000070s latency).
Not shown: 995 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
5957/tcp open  unknown




So then from my local tightVNC  I asked to goto host:5957 and then I put in the password that I previously created and I was in.

You can see that our blogpage is .nl because this cloud server is hosted in the Netherlands.

All done.

Links
TightVNC