動機
lxc launch で作成したubuntu server 22.04にデスクトップ環境を入れてRDPで接続したい (headlessはできないのか?)
早速、色々設定するコンテナに入り、ubuntu-desktopを入れる
※パッケージは20.04のときになんとなく選定したもので、音は要らんとか割り切っている
~$ sudo apt install --no-install-recommends ubuntu-desktop fonts-roboto fonts-noto ibus-mozc
※上記でgnome-remote-desktopも入った状態となっている
GUIじゃないほうが後々楽なので、gnome-remote-desktopの設定をCLIで進める
どこかで見かけた grdctl を使う
※以前はgrdctlもなかったようだ
~$ grdctl status
RDP:
Status: disabled
TLS certificate:
TLS key:
View-only: yes
Username: (empty)
Password: (empty)
VNC:
Status: disabled
Auth method: password
View-only: no
Password: (empty)
上記のRDPの項目を埋めていったらよさそう?
~$ grdctl rdp enable
~$ grdctl rdp disable-view-only
~$ grdctl status
RDP:
Status: enabled
TLS certificate:
TLS key:
View-only: no
Username: (empty)
Password: (empty)
VNC:
Status: disabled
Auth method: password
View-only: no
Password: (empty)
~$
~$ systemctl --user restart gnome-remote-desktop.service
~$ systemctl --user status gnome-remote-desktop.service
● gnome-remote-desktop.service - GNOME Remote Desktop
Loaded: loaded (/usr/lib/systemd/user/gnome-remote-desktop.service; disabled; vendor preset: enabled)
Active: active (running) since Fri 2022-09-09 13:40:29 UTC; 41s ago
Main PID: 498 (gnome-remote-de)
CGroup: /user.slice/user-xxxxxx.slice/user@xxxxxx.service/app.slice/gnome-remote-desktop.service
└─498 /usr/libexec/gnome-remote-desktop-daemon
Sep 09 13:40:29 lxdgst systemd[191]: Stopped GNOME Remote Desktop.
Sep 09 13:40:29 lxdgst systemd[191]: Starting GNOME Remote Desktop...
Sep 09 13:40:29 lxdgst systemd[191]: Started GNOME Remote Desktop.
~$
# 別のマシンから、リッスンしてない・・?
~$ telnet 192.168.12.34 3389
Trying 192.168.12.34...
telnet: Unable to connect to remote host: Connection refused
~$
設定を進める
~$ grdctl rdp set-credentials username_plain password_plain
Object does not exist at path ?/org/freedesktop/secrets/collection/login?
わからんエラー・・ぐぐって以下で設定できた
# pamの設定をいじった意味があったのかどうかよく考えていないのでわからん
~$ grep gnome /etc/pam.d/login
auth optional pam_gnome_keyring.so
session optional pam_gnome_keyring.so auto_start
~$
# なんとかなったらしい
~$ dbus-run-session -- bash --noprofile --norc
bash-5.1$
bash-5.1$ echo 'db' | gnome-keyring-daemon --unlock
SSH_AUTH_SOCK=/run/user/xxxxxx/keyring/ssh
bash-5.1$
bash-5.1$ grdctl rdp set-credentials username_plain password_plain
bash-5.1$
bash-5.1$ grdctl status
RDP:
Status: enabled
TLS certificate:
TLS key:
View-only: no
Username: (hidden)
Password: (hidden)
VNC:
Status: disabled
Auth method: password
View-only: no
Password: (empty)
bash-5.1$
雑証明書づくり
~$ mkdir -p ~/.config/remote-desktop
~$ cd ~/.config/remote-desktop
~/.config/remote-desktop$ openssl genrsa -out tls.key 4096
~/.config/remote-desktop$ openssl req -new -key tls.key -out tls.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:JP
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
~/.config/remote-desktop$ openssl x509 -req -days 730 -signkey tls.key -in tls.csr -out tls.crt
Certificate request self-signature ok
subject=C = JP, ST = Some-State, O = Internet Widgits Pty Ltd
~/.config/remote-desktop$ ls
tls.crt tls.csr tls.key
~/.config/remote-desktop$ grdctl rdp set-tls-cert "$HOME/.config/remote-desktop/tls.crt"
~/.config/remote-desktop$ grdctl rdp set-tls-key "$HOME/.config/remote-desktop/tls.key"
~/.config/remote-desktop$
~/.config/remote-desktop$ grdctl status
RDP:
Status: enabled
TLS certificate: /home/username/.config/remote-desktop/tls.crt
TLS key: /home/username/.config/remote-desktop/tls.key
View-only: no
Username: (empty)
Password: (empty)
VNC:
Status: disabled
Auth method: password
View-only: no
Password: (empty)
~/.config/remote-desktop$
~$ systemctl --user restart gnome-remote-desktop.service
~$ systemctl --user status gnome-remote-desktop.service
● gnome-remote-desktop.service - GNOME Remote Desktop
Loaded: loaded (/usr/lib/systemd/user/gnome-remote-desktop.service; disabled; vendor preset: enabled)
Active: active (running) since Fri 2022-09-09 14:49:39 UTC; 1s ago
Main PID: 510 (gnome-remote-de)
CGroup: /user.slice/user-xxxxxx.slice/user@xxxxxx.service/app.slice/gnome-remote-desktop.service
└─510 /usr/libexec/gnome-remote-desktop-daemon
Sep 09 14:49:39 lxdgst systemd[191]: Starting GNOME Remote Desktop...
Sep 09 14:49:39 lxdgst systemd[191]: Started GNOME Remote Desktop.
~$
# 別のマシンから、やっぱりだめなのか
~$ telnet 192.168.12.34 3389
Trying 192.168.12.34...
telnet: Unable to connect to remote host: Connection refused
~$
追記 @2022.09.11
tigervncserverを入れ、VNCでアクセスしてみたら上記の設定は反映されていなかった。
しかしながら、VNCでアクセス中にGUIでremote-desktopに設定すると、RDP待ちが行われるように。
~$ sudo lsof -iTCP:3389
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
gnome-rem 3494 username 8u IPv6 16705330 0t0 TCP *:ms-wbt-server (LISTEN)
~$
その後VNCサーバをkillするとRDP待ちなどしていなかったかのように知らんぷりされてしまった・・headless・・
~$ sudo lsof -iTCP:3389
~$
tigervncserverを実行せずとも、 $ gnome-sell コマンドで画面を追加すると動くのかも (未確認)