Amazon Web Services Tips

Remote Desktop to an Amazon EC2 Instance

by Jeff Hunter, Sr. Database Administrator

Contents

• Introduction
• Add GNOME Desktop and X Window System
• Install NX Free Edition for Linux to Amazon EC2 Instance
• Install NX Client on Your Local Machine
• Log In to Remote Graphical Desktop using NX
• About the Author

Introduction

In most cases, the Linux servers I setup as Amazon EC2 instances are used to host the Oracle database software and only require use of the operating system Command-Line Interface (CLI). This is beneficial because I only need register an Amazon Machine Image (AMI) with a Minimal or Basic Server OS installation and can add only those required Linux packages needed to support the database. However, there are situations where I need to access a graphical desktop in order to install or run certain Graphical User Interface (GUI) applications.

This guide provides the steps needed to add the GNOME Desktop to a Red Hat Enterprise Linux 6.2 AMI where the OS was installed without the X Window System. Although there are several options to enable a remote desktop on an EC2 instance, I prefer to use NX Free Edition (FreeNX).

FreeNX is a program which allows users to run remote X11 sessions from clients running on Windows, Linux, Mac OS X and Solaris platforms to servers running, at present, on Linux or Solaris.

This guide assumes you have an Amazon Web Services account and know how to create new EC2 instances from an AMI, key-pairs and security groups within the AWS Management Console.

Add GNOME Desktop and X Window System

The Red Hat Enterprise Linux 6.2 AMI, like most community AMIs, does not include the GNOME Desktop or X Window System software. In this section, the required GUI packages will be installed to the running instance using yum.

Install Desktop Packages

# yum -y groupinstall "Desktop" "Desktop Platform" "X Window System" "Fonts"

You can also install the following optional GUI packages.

# yum -y groupinstall "Graphical Administration Tools" # yum -y groupinstall "Internet Browser" # yum -y groupinstall "General Purpose Desktop" # yum -y groupinstall "Office Suite and Productivity" # yum -y groupinstall "Graphics Creation Tools"

Finally, if you wanted to add the K Desktop Environment (KDE).

# yum -y groupinstall kde-desktop

When using yum groupinstall, the groupinstall option only installs default and mandatory packages from the group. There are times when you also want to include optional packages within a group. I have not figured out (yet) how to control which package types to install (group package "policy") from the command-line using yum. The only method I know of to also include optional packages is to edit the /etc/yum.conf file and add the following to the [main] section:

# vi /etc/yum.conf ... group_package_types=default mandatory optional ...

The reason I mention this is because I wanted to install "Terminal emulator for the X Window System" (xterm) which is under the group "Legacy X Window System compatibility". xterm happens to be an optional package and did not get installed until I added group_package_types=default mandatory optional to /etc/yum.conf.

# yum -y groupinstall "Legacy X Window System compatibility"

I did find a plug-in for yum that allows users to specify which package types within a package group should be installed when using yum groupinstall.

http://projects.robinbowes.com/yum-grouppackagetypes/trac

Enable GNOME

Since the server was previously running on CLI mode, we need to change the initialization process for the machine to boot up in GUI mode.

Open /etc/inittab using a text editor and change following line:

id:3:initdefault:

To:

id:5:initdefault:

After making the change, reboot the machine.

# init 6

Install NX Free Edition for Linux to Amazon EC2 Instance

In this section, NX Free Edition for Linux - x86_64 will be installed on the EC2 instance.

Note that the installation instructions for Red Hat Enterprise Linux (RHEL) and CentOS are not the same.

RHEL EC2 Instance

Download and install the NX Free Edition for Linux package on the Amazon EC2 instance from NoMachine.

• NX Free Edition for Linux - i386
• NX Free Edition for Linux - x86_64

# rpm -i nxclient-3.5.0-7.x86_64.rpm # rpm -i nxnode-3.5.0-9.x86_64.rpm # rpm -i nxserver-3.5.0-11.x86_64.rpm

The NX service can be controlled by the command /usr/NX/bin/nxserver --status|--start|--stop|--restart. For example,

[root@ip-10-29-162-247 ~]# /usr/NX/bin/nxserver --status NX> 900 Connecting to server ... NX> 110 NX Server is running. NX> 999 Bye.

Additional commands are available to configure the server. Try /usr/NX/bin/nxserver --help for more options. To learn more, download and read the NX Server Administrator's Guide.

Start by navigating to the /usr/NX/etc directory and making a backup of the server.cfg file.

# cd /usr/NX/etc # cp server.cfg server.cfg.backup2

Edit the server.cfg file to enable EnablePasswordDB = "1".

# EnablePasswordDB = "0" EnablePasswordDB = "1"

Modify the /etc/ssh/sshd_config file and make sure the following entries are set.

... PasswordAuthentication yes ...

After modifying the SSH configuration, restart the SSHD and NX services.

# service sshd restart # /usr/NX/bin/nxserver --restart

Setup SSH key.

# /usr/NX/bin/nxserver --install --setup-nomachine-key NX> 701 Updating: server at: Sun Jun 10 18:36:10 2012. NX> 701 Autodetected system: redhat. NX> 701 Update log is: /usr/NX/var/log/update. NX> 701 Checking NX server configuration using /usr/NX/etc/server.cfg file. NX> 701 Running: chkconfig to remove init script. NX> 701 Verifying that all init scripts have been removed. NX> 723 Cannot start NX statistics: NX> 709 NX statistics are disabled for this server. NX> 701 Version '3.5.0-11' update completed. NX> 701 Bye.

Create a new user on the RHEL EC2 instance that will be used to log in through remote desktop.

# useradd -m -d /home/jhunter -s /bin/bash jhunter # passwd jhunter

Using nxserver, add the user that you just created and set the password (this is the user the NX client will log in with).

# /usr/NX/bin/nxserver --useradd jhunter NX> 900 Setting password for user: jhunter. NX> 102 Password: xxxxxxxxx NX> 102 Confirm password: xxxxxxxxx NX> 110 Password for user: jhunter added to the NX password DB. NX> 900 Adding public key for user: jhunter to the authorized keys file. NX> 900 Verifying public key authentication for NX user: jhunter. NX> 900 Public key authentication succeeded. NX> 301 User: jhunter enabled in the NX user DB. NX> 999 Bye.

CentOS EC2 Instance

When using CentOS, a version of FreeNX is available from the CentOS Extras repository which is typically shipped with CentOS and enabled by default. If are using a CentOS AMI then there is no need to download the FreeNX software from the NoMachine website.

# yum -y install nx freenx

Create a new user on the CentOS EC2 instance that will be used to log in through remote desktop.

Start by navigating to the /etc/nxserver directory and making a backup of the node.conf file.

# cd /etc/nxserver # cp node.conf node.conf.backup

Edit the node.conf file to enable ENABLE_PASSDB_AUTHENTICATION="1".

# This adds the passdb to the possible authentication methods #ENABLE_PASSDB_AUTHENTICATION="0" ENABLE_PASSDB_AUTHENTICATION="1"

Modify the /etc/ssh/sshd_config file and sure the following entries are set.

... PasswordAuthentication yes ...

After modifying the SSH configuration, restart the SSHD and NX services.

# service sshd restart # nxserver --restart

Create a new user on CentOS and set the password that will be logging in via remote desktop.

# useradd -m -d /home/jhunter -s /bin/bash jhunter # passwd jhunter

Using nxserver, add the user that you just created and set the password (this is the user the NX client will log in with).

# nxserver --adduser jhunter NX> 100 NXSERVER - Version 3.2.0-74-SVN OS (GPL, using backend: not detected) NX> 1000 NXNODE - Version 3.2.0-74-SVN OS (GPL, using backend: not detected) NX> 716 Public key added to: /home/jhunter/.ssh/authorized_keys2 NX> 1001 Bye. NX> 999 Bye # nxserver --passwd jhunter NX> 100 NXSERVER - Version 3.2.0-74-SVN OS (GPL, using backend: not detected) New password: Password changed. NX> 999 Bye

Install NX Client on Your Local Machine

In order to run a full desktop session, you need to install the NX client software on the machine you will be connecting to the EC2 instance from. Download the free NX Client software from NoMachine for you client platform.

• NX Client for Windows
• NX Client for Linux
• NX Client for Mac OS X
• NX Client for Solaris

NX Client for Windows Install

C:\Software> nxclient-3.5.0-9.exe

Log In to Remote Graphical Desktop using NX

To setup a new remote desktop connection from the client machine, start the NX Connection Wizard using Start > All Programs > NX Client for Windows > NX Connection Wizard.

Fill in the values as shown below. Make sure that you put in your server address in the host field which is the address of your launched instance.

Provide the desktop type appropriate for your environment (i.e. GNOME).

Click [Finish] to complete the wizard.

CentOS EC2 Users

In order for freeNX to function securely we need to copy the ssh key from the remote server system to the local machines NoMachine client session.

Log in to the EC2 instance using a terminal session and display the SSH key.

# cat /var/lib/nxserver/home/.ssh/client.id_dsa.key -----BEGIN DSA PRIVATE KEY----- MIIBuwIBAAKBgQD3ReoqSxOnuVli7Acx8hX3VmXWyA/x4/yOLFctqVkJhx2uBLXc ioXHoAAyn8PZKw2Py4253VtQjKiHy8RLkZXRWJ/oLdAngVbNRkilczBSMb/icSYs PETNqTVWrixf72UXsZjBg/e+kXdZpmDzmakv3tT9JljuYANmNOQwOgl2iwIVAISF PbtKi9uBcQMSqECFbm583NkFAoGBAIzXCOFlCU5XfZrtmL7kjRJyW5FAwLiVs62i OC/QHo32XgOQyeoA73SbxymKt7Ls9eeVyBSpuQh1/bVNBDWeNortkgVo/9O/R2re 3Zh0dPPHIkF/Fpowk8+GerDsMv/GUTeGxVosCQnADU6hIeGurH5y9A1JsVR/W99I dRUxk623AoGAB0xHB3PCYNpEQ0gX5cINiru8zJSfTvXPg0rcId/K7q8j20LbJu6O 0QiPg5N8rE7dfORwfqMAkBj2GmsBHFrjlMXZWw7CKAYpbycTUgnt03YTITSjmFtQ dD1Jd67feG8/PG6hZhind6T3euqEzoIRW/vcgKQAMVOjOSzv2DKyBp4CFCXovg9/ Roei4IdnypiuW56+JW/x -----END DSA PRIVATE KEY-----

Open the NX Client for Windows software using Start > All Programs > NX Client for Windows > NX Client for Windows. Select the correct session in the Session pull-down and click the [Configure] button.

Under the General tab, click the [Key] button. Clear the previous contents and Paste the contents from the remote system /var/lib/nxserver/home/.ssh/client.id_dsa.key.

RHEL and CentOS EC2 Users

Log in to the EC2 instance using the NX Client.

You should now be able to access the GNOME remote desktop.

How to use NX Keyboard Shortcuts

If you want to switch back from a full screen session to your native OS desktop, you can click on the 'magic pixel' on the upper right edge of your screen.

Keystrokes Available in NX 3.x

• Ctrl + Alt + Shift + Esc to get rid of a not responding session

• Ctrl + Alt + T to terminate a session

• Ctrl + Alt + F to switch to full screen/windowed (Note: This feature is not available on Windows)

• Ctrl + Alt + Shift + F to switch to multi-monitor full screen/windowed (Note: This feature is not available on Windows)

• Ctrl + Alt + M to minimize or maximize full screen window

• Ctrl + Alt + arrow keys to view-port navigation

• Ctrl + Alt + keypad arrow keys to view-port navigation (Note: this action is performed also by keeping Ctrl + Alt pressed and dragging the content of the main window by the pointer)

• Ctrl + Alt + R to switch "auto-resize/view-port" mode. The agent starts in auto-resize mode, so users can resize the desktop simply by resizing the main window. In view-port mode, resizing the main window doesn't make the desktop resize itself, but users can navigate the desktop by moving the view-port (Note: the auto-resize feature will be available on Windows starting with NX 4.0.0)

• Ctrl + Alt + E to toggle the lazy encoding

• Ctrl + Alt + J to force a drawable synchronization, in order to attempt a fix for a visualization problem

• Alt + F4 when the window manager is present, it allows you to suspend or terminate a session

• Ctrl + Alt + K enable/disable the catching of Alt+Tab and Print Screen keys

About the Author

Jeffrey Hunter is an Oracle Certified Professional, Java Development Certified Professional, Author, and an Oracle ACE. Jeff currently works as a Senior Database Administrator for The DBA Zone, Inc. located in Pittsburgh, Pennsylvania. His work includes advanced performance tuning, Java and PL/SQL programming, developing high availability solutions, capacity planning, database security, and physical / logical database design in a UNIX, Linux, and Windows server environment. Jeff's other interests include mathematical encryption theory, programming language processors (compilers and interpreters) in Java and C, LDAP, writing web-based database administration tools, and of course Linux. He has been a Sr. Database Administrator and Software Engineer for over 18 years and maintains his own website site at: http://www.iDevelopment.info. Jeff graduated from Stanislaus State University in Turlock, California, with a Bachelor's degree in Computer Science.