Barebone Ubuntu 14.04 Cloud Desktop

Since I have found some issues with my previous LXQT setup in real-life work I decided to fall back to standard Lubuntu for my cloud desktop. As part of this I also switched to TightVNC which seems a lot easier to configure.

Add local user account

adduser USERNAME
adduser USERNAME sudo

Install Lubuntu Desktop

sudo apt-get install --no-install-recommends lubuntu-desktop tightvncserver

TightVNC Configuration

sudo vim /etc/lightdm/lightdm.conf

#
# VNC Server configuration
#
# enabled = True if VNC connections should be allowed
# port = TCP/IP port to listen for connections on
#
[VNCServer]
enabled=true
port=5900
width=1366
height=768
depth=24

sudo /etc/init.d/lightdm restart

Connect to the remote system

ssh -L 5900:localhost:5900 -i /path/to/your/aws/keyfile.pem YOUR.EC2.IP.ADDRESS

tightvnc

 

If you are using a Chromebook then this article might help.

Accessing your cloud desktop from Chromebook

One of the main reasons for setting up a cloud desktop is that I tend to use a lot of different devices some of which are not very powerful.

One of my favorite devices of late has been a HP 11 Chromebook. I originally bought it for a new employee and wanted to check myself how this thing stacks up to do day-to-day computing tasks more efficiently than a standard laptop without all the headaches of running Windows (viruses, endless driver installs, bloatware, malware, …). We already have several people at work working exclusively from Chromebooks and they absolutely love them. Long story short – I ended up keeping the Chromebook for myself as it’s an absolutely great secondary device for me. I can carry it with me everywhere (doesn’t weigh much more than a tablet, roughly the same size as a tablet & has a keyboard and is so much more useful than a tablet).

Initially I was using it more as a secondary device, but lately I have been thinking that I will not even take my main notebook at all for travels. The problem with this is that I do (sometimes – very infrequently) need access to software not available on such a limited device.

Accessing your Cloud Desktop via SSH (I know there seem to be people allowing direct VNC access – but that is just asking for trouble) is highly recommended. I also use RSA keys instead of password authentication.

Copy SSH Private Key (generated on desktop and public key added to authorized_keys on the cloud-server) to the Chromebook,

Unfortunately (unless you want to set you Chromebook into developer mode which has all sorts of other downsides) the inbuilt CROSH shell is very limited. However it gives you enough to securely connect to a cloud-server and you can use the whole tool-set from there

crosh> ssh
ssh> host example.com
ssh> user <username>
ssh> key <rsa_key_filename>
ssh> forward 8000:localhost:5901
ssh> connect

You can now use the RealVNC Chrome App to connect to your cloud desktop.

RealVNC

EDIT (2014-11-10): Found a better Chrome Extension which can handle the port forwarding and RSA certificate authentication which will save the config without having to type the commands each time.

Chrome Secure Shell

ChormeOS - Secure Shell

Installing Poptop (pptpd) VPN Server on CentOS 6

For roaming mobile clients PPTP (Point-to-Point Tunneling Protocol) is still the quickest way to get VPN connections to tunnel traffic over a secure link.

Installation

I always prefer installation via a yum repository as this will ensure patches are applied during regular system updates

sudo rpm --import http://poptop.sourceforge.net/yum/RPM-GPG-KEY-PPTP
sudo rpm -Uvh http://poptop.sourceforge.net/yum/stable/rhel6/pptp-release-current.noarch.rpm
sudo yum install ppp pptpd -y

Configuration

Note: replace $USERNAME and $PASSWORD with actual values

IP configuration
echo "localip 192.168.0.1" >> /etc/pptpd.conf
echo "remoteip 192.168.0.100-199" >> /etc/pptpd.conf

DNS configuration
echo "ms-dns 8.8.8.8" >> /etc/ppp/options.pptpd
echo "ms-dns 4.2.2.1" >> /etc/ppp/options.pptpd

Authentication configuration
echo "$USERNAME pptpd $PASSWORD *" >> /etc/ppp/chap-secrets

Firewall config
service iptables start
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
sysctl -p
echo "iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE" >> /etc/rc.local
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
service iptables restart
service iptables save
chkconfig iptables on

Start ppptd
chkconfig pptpd on
service pptpd start