Keep Your Desktop in the Cloud with X2Go on Debian 9
Most administrators that run compute instances in the cloud will use a Linux distribution that doesn’t include a graphical user interface. The interface is not required since it’s much more efficient to interact with the operating system through the command line. Furthermore, we save disk space and system resources by not installing and running additional programs that are necessary to host a graphical interface. And a system with less utilities will have a much smaller attack surface, leading to better security overall.
In some cases though, users may need to install a desktop environment on their servers. This can be either because an application they’re using requires a graphical interface (e.g., some game servers) or simply because they need a full-blown desktop. For example, programmers can install a desktop environment such as Xfce on their server and keep all of their projects there, in a local Git environment, edit code, compile their projects, test them in a local Apache or Nginx webserver, and everything else they would do on a regular Windows desktop.
With a cloud’s guarantee of (at least) 99.9% uptime, replication of data and other measures to keep the system reliable and available, you can access your desktop from anywhere in the world and continue to work where you left off. This is advantageous since even if you forget your laptop at home, you can connect from another computer and access the same environment and same projects, without having to set up each local machine, install the same programs, synchronize files, etc. And since electrical power is much more reliable in datacenters than it is in residential areas, you can let the system process something for days or weeks and just log in to check progress from time to time. You can also quickly scale, adding more CPUs, RAM or disk space as your project’s necessities grow or shrink. This means that you could attach 12 CPUs and 48GB of RAM to your instance before compiling a large project such as Android and then scale back down when it’s finished. Doing so will greatly speed up the job and also save on costs.
Some users may be familiar with remote desktop solutions such as VNC for Linux. The big advantage with VNC is that it works with almost any desktop environment. But this advantage comes at a cost since the protocol basically sends “pictures” of what is currently happening on the remote desktop. Transferring this data introduces significant lag, making VNC sluggish. This is acceptable for work that doesn’t require quick responsiveness. But, for example, running a code editor on the remote instance this way won’t be satisfactory because of the delay between the time you are writing something and the moment it will appear on your screen. A better solution for such workflows is X2Go, a protocol that is optimized to be much more responsive, even on Internet connections with smaller bandwidths. X2Go is also secure by default since it uses the SSH protocol to tunnel the session, which encrypts data in transit and has a solid login mechanism with a good history of protecting servers from unauthorized access attempts, if strong passwords or private keys are used and the OpenSSH daemon is correctly setup.
You will need at least 2GB of RAM on your instance to run a desktop environment comfortably. Even if lighter GUI applications can lower this requirement, using less than 2GB increases the likelihood of running into Out of Memory errors, which will force kill applications and might make you lose work progress unexpectedly.
The other requirements like disk space and number of CPU cores are entirely dependent on what you intend to run on your instance. Most desktop environments will require between a few hundred megabytes and at most 4GB of additional disk space.
For better performance, it’s recommended to avoid using instances with burstable CPUs.
Create an Alibaba ECS Instance
In the next step, where you’ll be configuring networking settings, you can adjust the slider for the maximum outbound bandwidth to 25M or more, like in the following picture:
X2Go will probably use much less than that at most times, but you want to avoid possible choke points.
Now check the rules of the Security Group applied to this instance. Only port 22 and ICMP should be allowed, but the default rules are fine too. The desktop environment of your choice may install programs that will be listening on various ports. By applying the security rules here, you can make sure that Alibaba’s firewall blocks unwanted connections to these programs.
In the next step, System Configurations, use SSH keys (Key Pair) for logging in since they are much more secure than passwords.
Launch your instance, connect to it with an SSH client and log in as root.
Install X2Go Server
Upgrade all packages installed on your system:
apt update && apt upgrade
If you get prompts like these, press ENTER to choose the default answer:
Reboot the server:
Wait 30 seconds, or so, until the server has time to reinitialize and then log back in as the root user, through your SSH client.
Debian 9, codenamed Stretch doesn’t currently include x2goserver in its default software repositories, so we’ll have to add a third party repository managed by the X2Go developers:
echo 'deb http://packages.x2go.org/debian stretch extras main' > /etc/apt/sources.list.d/x2go.list
Add the cryptographic key that will be used to check that the packages have valid signatures:
apt install dirmngr && apt-key adv --recv-keys --keyserver keys.gnupg.net E1F958385BFE2B6E
Update the package manager so that it picks up on this new repository:
Finally, install x2goserver:
apt install x2goserver x2goserver-xsession
Install a Desktop Environment
X2Go works with desktop environments like LXDE, XFCE and MATE, out of the box. Other environments like Gnome and Cinnamon either won’t work at all or they will require workarounds. Generally, whatever uses fancy graphics tricks like compositing windows and relies on the video card for processing the desktop in the 3D engine will have trouble with X2Go.
You have three options when choosing the graphical user interface you want to use:
- Install a metapackage that automatically pulls in all packages required to build a minimal desktop environment. After the minimum requirements are installed, you can add whatever additional components you need (e.g., calculator utilities, code editors, browsers, etc.)
- Install a metapackage that automatically pulls in packages to build a complete desktop environment that will include all kinds of utilities the user might expect on a system, such as: text editors, browsers, PDF readers, image viewers, video players, music players, etc.
- Build your own desktop environment by installing all graphical components yourself, one by one. You can see a list of components required to build a desktop here: https://wiki.archlinux.org/index.php/desktop_environment#Custom_environments.
Let’s explore the first method and install the MATE desktop environment with a simple command:
apt install mate-desktop-environment
Or, if you prefer the second method, you can run:
apt install task-mate-desktop
To find out the names of the metapackages you need, to pull in your preferred desktop environment, you can consult this page: Debian Desktop Environments.
Create a Regular User
Logging in as root to a desktop session isn’t recommended. To create a regular user, enter the following command, replacing your_username with whatever name you prefer:
Optional: If you want to grant your user sudo privileges run
adduser your_username sudo.
If you’ve followed the recommendation in this tutorial, you will only be able to log in through SSH with a private key, even if this user has a password set. Temporarily log in to the regular user environment:
su - your_username
Generate a public and a private key:
Press enter to save the file in the default location, at this prompt:
Enter file in which to save the key (/home/your_username/.ssh/id_rsa):
Display the contents of the private key:
Make sure that the terminal window is wide enough so that the text fits without being clipped. Select the text with your mouse cursor and copy it to the clipboard. If you’re using PuTTY this is done automatically when releasing the mouse button. Now open a text editing application (e.g., Notepad) on your local computer and paste the contents there.
Save the file. You will need it later to access your remote desktop.
To allow this user to log in through SSH, which is needed to be able to access the remote desktop, since X2Go tunnels the connection through SSH:
cp .ssh/id_rsa.pub .ssh/authorized_keys
Optionally, you can delete the private key with
rm .ssh/id_rsa since this only meant for you to access your instance remotely and there's no need for it to sit on the Alibaba ECS instance.
Log out from the regular user’s environment and return to your root user:
Install X2Go Client
At this point, you’re done with setting up the server. To connect to your remote desktop you will need to install a client application on your local computer. At the time of writing this tutorial, the link to the X2Go client for Windows was http://code.x2go.org/releases/X2GoClient_latest_mswin32-setup.exe. If the link becomes invalid, you can access the download page here: https://wiki.x2go.org/doku.php/download:start. X2Go clients for OS X and Linux distributions are also available but since Windows is currently the most popular operating system, we will cover that here.
Set Up the Connection to Your Remote Desktop
Note: At the time of writing, depending on your Windows version, a bug in the Pulseaudio component prevents sound from being tunneled from the remote server to the local computer.
After you’ve installed X2Go, when you first run the program you should be greeted with a window where you can configure remote connection settings. In our case, we only have to customize four fields:
- In the Host field fill in the public IP of your instance.
- In the Login field enter the username you’ve created in the previous step.
- On the line that says Use RSA/DSA key for ssh connection click on the browse icon on the far right and select the file where you have saved your SSH private key created in the previous section.
- Last, click on the dropdown list under Session type and select MATE as your desktop environment.
Here is a picture exemplifying how these fields should be configured:
After you click OK, in the main Window of X2Go you will find your session saved in the top-right side of the interface, as shown in the following picture:
To edit the session, click on the menu icon that has been highlighted with a red circle in the previous picture and then select Session preferences…
To launch the session and connect to your remote desktop, click on the gray rectangle highlighted with yellow. If everything is configured correctly, your desktop should be displayed in less than 30 seconds. Here’s an example of what it would look like when a few applications are opened:
Clicking on the top right close button (the X icon) will leave the session running in the background on the Alibaba ECS instance. For example, if you initiated a compile job, you can close the main window that contains your remote desktop and the compiler will continue to work unhindered. When you reconnect to the session, you will find everything as you left it, with the same windows active on the desktop.
If, however, you want to terminate all applications in the desktop session, you can click on System in the top-left menu and then log out.
If you have any trouble with a session that locks up, you can force close it by going to the main window in X2Go, where session information is displayed, and clicking on the standby icon.