LoginSignup
2
1

More than 1 year has passed since last update.

@daikichi298

[未完] Ubuntu Server 22.04 on LXDにデスクトップ環境を入れ、gnome-remote-desktopを使いたい [🍊]

Last updated at Posted at 2022-09-09

動機
lxc launch で作成したubuntu server 22.04にデスクトップ環境を入れてRDPで接続したい (headlessはできないのか?)

早速、色々設定するコンテナに入り、ubuntu-desktopを入れる
※パッケージは20.04のときになんとなく選定したもので、音は要らんとか割り切っている

~$ sudo apt install --no-install-recommends ubuntu-desktop fonts-roboto fonts-noto ibus-mozc

※上記でgnome-remote-desktopも入った状態となっている

GUIじゃないほうが後々楽なので、gnome-remote-desktopの設定をCLIで進める

どこかで見かけた grdctl を使う
以前はgrdctlもなかったようだ

~$ grdctl status
RDP:
	Status: disabled
	TLS certificate:
	TLS key:
	View-only: yes
	Username: (empty)
	Password: (empty)
VNC:
	Status: disabled
	Auth method: password
	View-only: no
	Password: (empty)

上記のRDPの項目を埋めていったらよさそう?

~$ grdctl rdp enable
~$ grdctl rdp disable-view-only
~$ grdctl status
RDP:
	Status: enabled
	TLS certificate:
	TLS key:
	View-only: no
	Username: (empty)
	Password: (empty)
VNC:
	Status: disabled
	Auth method: password
	View-only: no
	Password: (empty)
~$
~$ systemctl --user restart gnome-remote-desktop.service
~$ systemctl --user status gnome-remote-desktop.service
● gnome-remote-desktop.service - GNOME Remote Desktop
     Loaded: loaded (/usr/lib/systemd/user/gnome-remote-desktop.service; disabled; vendor preset: enabled)
     Active: active (running) since Fri 2022-09-09 13:40:29 UTC; 41s ago
   Main PID: 498 (gnome-remote-de)
     CGroup: /user.slice/user-xxxxxx.slice/user@xxxxxx.service/app.slice/gnome-remote-desktop.service
             └─498 /usr/libexec/gnome-remote-desktop-daemon

Sep 09 13:40:29 lxdgst systemd[191]: Stopped GNOME Remote Desktop.
Sep 09 13:40:29 lxdgst systemd[191]: Starting GNOME Remote Desktop...
Sep 09 13:40:29 lxdgst systemd[191]: Started GNOME Remote Desktop.
~$

# 別のマシンから、リッスンしてない・・?
~$ telnet 192.168.12.34 3389
Trying 192.168.12.34...
telnet: Unable to connect to remote host: Connection refused
~$

設定を進める

~$ grdctl rdp set-credentials username_plain password_plain
Object does not exist at path ?/org/freedesktop/secrets/collection/login?

わからんエラー・・ぐぐって以下で設定できた

# pamの設定をいじった意味があったのかどうかよく考えていないのでわからん
~$ grep gnome /etc/pam.d/login
auth       optional     pam_gnome_keyring.so
session    optional     pam_gnome_keyring.so        auto_start
~$ 
# なんとかなったらしい
~$ dbus-run-session -- bash --noprofile --norc
bash-5.1$
bash-5.1$ echo 'db' | gnome-keyring-daemon --unlock
SSH_AUTH_SOCK=/run/user/xxxxxx/keyring/ssh
bash-5.1$
bash-5.1$ grdctl rdp set-credentials username_plain password_plain
bash-5.1$
bash-5.1$ grdctl status
RDP:
	Status: enabled
	TLS certificate:
	TLS key:
	View-only: no
	Username: (hidden)
	Password: (hidden)
VNC:
	Status: disabled
	Auth method: password
	View-only: no
	Password: (empty)
bash-5.1$

雑証明書づくり

~$ mkdir -p ~/.config/remote-desktop
~$ cd ~/.config/remote-desktop
~/.config/remote-desktop$ openssl genrsa -out tls.key 4096
~/.config/remote-desktop$ openssl req -new -key tls.key -out tls.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:JP
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
~/.config/remote-desktop$ openssl x509 -req -days 730 -signkey tls.key -in tls.csr -out tls.crt
Certificate request self-signature ok
subject=C = JP, ST = Some-State, O = Internet Widgits Pty Ltd
~/.config/remote-desktop$ ls
tls.crt  tls.csr  tls.key
~/.config/remote-desktop$ grdctl rdp set-tls-cert "$HOME/.config/remote-desktop/tls.crt"
~/.config/remote-desktop$ grdctl rdp set-tls-key "$HOME/.config/remote-desktop/tls.key"
~/.config/remote-desktop$
~/.config/remote-desktop$ grdctl status
RDP:
	Status: enabled
	TLS certificate: /home/username/.config/remote-desktop/tls.crt
	TLS key: /home/username/.config/remote-desktop/tls.key
	View-only: no
	Username: (empty)
	Password: (empty)
VNC:
	Status: disabled
	Auth method: password
	View-only: no
	Password: (empty)
~/.config/remote-desktop$

~$ systemctl --user restart gnome-remote-desktop.service
~$ systemctl --user status gnome-remote-desktop.service
● gnome-remote-desktop.service - GNOME Remote Desktop
     Loaded: loaded (/usr/lib/systemd/user/gnome-remote-desktop.service; disabled; vendor preset: enabled)
     Active: active (running) since Fri 2022-09-09 14:49:39 UTC; 1s ago
   Main PID: 510 (gnome-remote-de)
     CGroup: /user.slice/user-xxxxxx.slice/user@xxxxxx.service/app.slice/gnome-remote-desktop.service
             └─510 /usr/libexec/gnome-remote-desktop-daemon

Sep 09 14:49:39 lxdgst systemd[191]: Starting GNOME Remote Desktop...
Sep 09 14:49:39 lxdgst systemd[191]: Started GNOME Remote Desktop.
~$

# 別のマシンから、やっぱりだめなのか
~$ telnet 192.168.12.34 3389
Trying 192.168.12.34...
telnet: Unable to connect to remote host: Connection refused
~$

追記 @2022.09.11

tigervncserverを入れ、VNCでアクセスしてみたら上記の設定は反映されていなかった。
しかしながら、VNCでアクセス中にGUIでremote-desktopに設定すると、RDP待ちが行われるように。

~$ sudo lsof -iTCP:3389
COMMAND    PID     USER   FD   TYPE   DEVICE SIZE/OFF NODE NAME
gnome-rem 3494 username    8u  IPv6 16705330      0t0  TCP *:ms-wbt-server (LISTEN)
~$

その後VNCサーバをkillするとRDP待ちなどしていなかったかのように知らんぷりされてしまった・・headless・・

~$ sudo lsof -iTCP:3389
~$

tigervncserverを実行せずとも、 $ gnome-sell コマンドで画面を追加すると動くのかも (未確認)

2
1
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
2
1