X2Go on Ubuntu Server 14.04

In a previous post, I talked about my experience using X2Go with XFCE4 and Lubuntu.

XFCE4 via X2Go

Here is how it was achieved…..

On the Server

Here I’m using Ubuntu 14.04 LTS but you can install X2Go on just about any Linux distro.

Create a User Account

Create a regular user to run the desktop session under.

sudo useradd -m -s /bin/bash andrew
sudo passwd andrew

For your own sanity, I recommend you setup password-less key-based authentication as soon as possible……go, do it now!

Configure SSH

Open the main configuration file for the OpenSSH daemon process.

sudo vim /etc/ssh/sshd_config

Ensure X11 forwarding is enabled.


X11Forwarding yes

Don’t forget to test for configuration errors and restart the SSH service.

sudo sshd -t
sudo service ssh restart

Install Lightweight Desktop Environment

Both Lubuntu and XFCE4 work well, out-the-box with X2go. I installed both side-by-side for testing and both worked well together. You can even pause/suspend your Lubuntu or XFCE4 session and come back to it another time.

For XFCE4

sudo apt-get install xfce4

Note, for some reason you will also need to install the following packages or you will have missing icons.

sudo apt-get install gnome-icon-theme-full tango-icon-theme

For Lubuntu

sudo apt-get install lubuntu-desktop

Along with (a load of) other packages, you will now have XOrg installed. This means, as long as X11 forwarding has been enabled on the client side of the SSH connection, you can now test X11 with a program like firefox if you have it installed already.

Install X2Go Server Software

Install the repository package if it’s not already installed.

sudo apt-get install software-properties-common

Add the X2Go repository and install packages. If using Ubuntu 10.04 or 12.04, install python-software-properties instead of the software-properties-common package.

sudo add-apt-repository ppa:x2go/stable
sudo apt-get update
sudo apt-get install x2goserver x2goserver-xsession

For information about other distributions, see the X2Go server installation page.

DE Bindings

If you installed Lubuntu, you may want to install the following package for Desktop Environment bindings. I don’t believe there is currently a desktop bindings package for XFCE4.

sudo apt-get install x2golxdebindings

This is probably a good place to reboot if like me you’ve installed a lot of new packages.

On the Client

Again, you can install the client on just about anything – including Windows! Here I am using Manjaro i3 Community Linux.

sudo pacman -S x2goclient

X2Go also has some other clients that look useful – like a Python one for example.

SSH Client Configuration

Make sure you have at least ForwardX11 yes in /etc/ssh/ssh_config or ~/.ssh/config.


Host *
  ForwardX11 yes
  ForwardX11Trusted yes

Test X11 Forwarding

You can test that X11 is being forwarded correctly by using SSH to log onto the remove server, from your local Linux desktop, and and issue the following.

andrew@loader:~$ firefox &
[1] 2257

You might also want to setup password-less SSH key-based authentication if you’ve not done so already.

Create Sessions

For Lubuntu, select Custom Desktop and enter the below for the command.

lxsession -e LXDE -s Lubuntu

For XFCE4, you can just select XFCE.

Lubuntu XFCE4

I’m using the i3wm – I found the best result in appearance using the Use whole display option under the Input/Output tab, and then select the display (monitor) you want to use.

i3wm compatible

Resources

https://wiki.archlinux.org/index.php/X2Go
https://www.howtoforge.com/tutorial/x2go-server-ubuntu-14-04/
http://wiki.x2go.org/doku.php/doc:installation:x2goserver
https://bugs.launchpad.net/ubuntu/+source/lubuntu-default-settings/+bug/1241958
http://ubuntuforums.org/showthread.php?t=2228137

Securing an SSH Server

Nobody likes to log into their server and see this!

[andy@bashful ~]$ ssh root@ssh.dummydomains.org.uk
Last failed login: Sun Feb  8 16:31:28 UTC 2015 from 218.65.30.73 on ssh:notty
There were 31673 failed login attempts since the last successful login.
Last login: Tue Feb  3 19:26:42 2015
[root@bashful ~]# 

Over 31,00 failed root login attempts in just a few days!!

Disable Root Logins

By default (on my system atleast), root logins are enabled. Before you disable root logins, make sure you have setup a regular user and can successfully login with that user using either a strong password or key-based authentication.

[root@bashful ~]# vim /etc/ssh/sshd_config

To change the default setting, search for the following and remove the comment….

#PermitRootLogin yes

…and change the value to no like so.

PermitRootLogin no

Don’t forget to restart SSH.

[root@bashful ~]# systemctl restart sshd.service

Lock-down SSH by User

Add each user that is allowed to login using SSH to the AllowUsers list.

[root@bashful ~]# vim /etc/ssh/sshd_config

Add the AllowUsers directive followed by a list of users.

AllowUsers andy james phil sally sarah harry

Again, you need to restart the service.

[root@bashful ~]# systemctl restart sshd.service

For additional security you could of course change the port to something other than the default TCP 22, but in this example, I simply don’t bother.

Related Documents

Disable or Enable SSH Root Login and Limit SSH Access in Linux

First Attempt at Searching for Failed SSH Logins

Nobody likes to log into their server to see there have been over 31,00 failed login attempts in a few days!!

[andy@bashful ~]$ ssh root@ssh.dummydomains.org.uk
Last failed login: Sun Feb  8 16:31:28 UTC 2015 from 218.65.30.73 on ssh:notty
There were 31673 failed login attempts since the last successful login.
Last login: Tue Feb  3 19:26:42 2015
[root@bashful ~]# 

I clearly need to make some improvements here! However first I want to record the number of failed login attempts so I can compare later, after my changes.

Failed SSH login attempts are logged in /var/log/secure. Here we use a number of commands to get the information we want.

First I want to see what date the log file starts from. We do this with the head command and just look at the top line.

[root@bashful ~]# head -n 1 /var/log/secure
Feb  1 04:55:13 bashful sshd[21542]: reverse mapping checking getaddrinfo for 147.4.161.222.adsl-pool.jlccptt.net.cn [222.161.4.147] failed - POSSIBLE BREAK-IN ATTEMPT!

Not too surprisingly it log upto the current date. Here we look at the last line.

[root@bashful ~]# tail -n 1 /var/log/secure
Feb  8 17:53:11 bashful sshd[1748]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.239.228.14  user=root

You can use the less command of course to view the whole file if you wish. From within less, you can use the “Home” and “End” keys to jump from the top of the file to the bottom.

[root@bashful ~]# less /var/log/secure

Another useful tip – to search forward for a particular word, use the forward slash (/) symbol followed by the search pattern. For example, to search for “failed” within less:

...
Feb  1 07:58:01 bashful sshd[25940]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Feb  1 07:58:04 bashful sshd[25940]: Failed password for root from 122.225.103.124 port 3842 ssh2
Feb  1 07:58:04 bashful unix_chkpwd[25948]: password check failed for user (root)
/failed

You can also search, up the way, using the question mark symbol (?) followed by the search string.

Next you might want to see how many failed login attempt there were in just one given day. Here we use grep strip out everything other than the day we are interesting in. Here we pipe it into less because there may be a lot of results.

[root@bashful ~]# grep "Feb  8" /var/log/secure | less

Now we want to search for the failed number of root login attempts. Here we use “-i” to ignore the case. Again we pipe into less to check.

[root@bashful ~]# grep "Feb  8" /var/log/secure | grep -i "failed password for root" | less

It makes sense to count the number of lines to see how many failed attempts there have been. We do this with the wc command giving it the “-l” argument to count the lines.

[root@bast ~]# grep "Feb  8" /var/log/secure | grep -i "failed password for root" | wc -l
5269

You might also want to see what other usernames, (other than root) were tried. The “-v” option does just that. The do need to adjust the second grep search pattern to include all login attempts – “failed password for”.

[root@bashful ~]# grep "Feb  8" /var/log/secure | grep -i "failed password for" | grep -v "root"
Feb  8 06:33:43 bashful sshd[12070]: Failed password for invalid user ubnt from 213.182.43.222 port 5461 ssh2
Feb  8 06:33:47 bashful sshd[12074]: Failed password for invalid user admin from 213.182.43.222 port 5680 ssh2
Feb  8 06:33:54 bashful sshd[12079]: Failed password for invalid user guest from 213.182.43.222 port 6203 ssh2
Feb  8 06:33:58 bashful sshd[12081]: Failed password for invalid user admin from 213.182.43.222 port 6487 ssh2
Feb  8 06:34:02 bashful sshd[12083]: Failed password for invalid user support from 213.182.43.222 port 6709 ssh2
Feb  8 06:34:06 bashful sshd[12085]: Failed password for invalid user test from 213.182.43.222 port 6960 ssh2
Feb  8 06:34:09 bashful sshd[12117]: Failed password for invalid user user from 213.182.43.222 port 7189 ssh2
Feb  8 08:11:34 bashful sshd[14988]: Failed password for invalid user support from 62.4.9.24 port 60782 ssh2
Feb  8 08:11:37 bashful sshd[14991]: Failed password for invalid user admin from 62.4.9.24 port 53004 ssh2
Feb  8 08:12:46 bashful sshd[15033]: Failed password for invalid user ftpuser from 62.4.9.24 port 52349 ssh2
Feb  8 08:13:24 bashful sshd[15055]: Failed password for ftp from 62.4.9.24 port 50704 ssh2
Feb  8 08:13:28 bashful sshd[15058]: Failed password for invalid user admIndian from 62.4.9.24 port 57960 ssh2
Feb  8 08:13:45 bashful sshd[15063]: Failed password for invalid user webmaster from 62.4.9.24 port 58351 ssh2
Feb  8 08:13:58 bashful sshd[15065]: Failed password for invalid user sales from 62.4.9.24 port 51314 ssh2
Feb  8 08:14:10 bashful sshd[15097]: Failed password for invalid user demo from 62.4.9.24 port 53511 ssh2
Feb  8 17:26:41 bashful sshd[407]: Failed password for invalid user paras from 61.132.161.130 port 54894 ssh2
Feb  8 17:26:51 bashful sshd[421]: Failed password for invalid user nan from 61.132.161.130 port 57520 ssh2
Feb  8 17:27:02 bashful sshd[439]: Failed password for invalid user r00t from 61.132.161.130 port 60222 ssh2
Feb  8 17:27:07 bashful sshd[445]: Failed password for invalid user payment from 61.132.161.130 port 33047 ssh2
Feb  8 17:27:17 bashful sshd[461]: Failed password for invalid user xVIRal from 61.132.161.130 port 35380 ssh2
Feb  8 17:27:23 bashful sshd[473]: Failed password for invalid user nan from 61.132.161.130 port 36682 ssh2
[root@bashful ~]# 

For now I am more worried about my root user and want to see how many failed root login attempt there were for each day in the log file, which in this example is the 1st to the 8th of February. We do this by using the same command as before but sticking it in a loop. So the command is:

grep "Feb  8" /var/log/secure | grep -i "failed password for root" | less

But we can put this in a loop like so.

[root@bashful ~]# for i in $(seq 1 8); do grep "Feb  $i" /var/log/secure | grep -i "failed password for root" | wc -l; done
515
388
14042
6815
3536
4307
9200
5269

And just for clarity we add a message on each day using the echo command.

[root@bashful ~]# for i in $(seq 1 8); do echo "Failed root login attempts on Feb $i:"; grep "Feb  $i" /var/log/secure | grep -i "failed password for root" | wc -l; done
Failed root login attempts on Feb 1:
515
Failed root login attempts on Feb 2:
388
Failed root login attempts on Feb 3:
14042
Failed root login attempts on Feb 4:
6815
Failed root login attempts on Feb 5:
3536
Failed root login attempts on Feb 6:
4307
Failed root login attempts on Feb 7:
9200
Failed root login attempts on Feb 8:
5269
[root@bashful ~]# 

Now I need to secure my server!!….but that’s another post folks!

“Spinning up” a Rackspace Cloud Server

Assuming you’ve already created yourself a Rackspace cloud account and that you’ve just logged in, you will see a list of cloud servers (if you have any yet). These are your current servers. If a server is listed here, you will be getting charged for it at an hourly rate. Even if you shutdown your server through the Operating System! To avoid getting charged for something you are not using, take a snapshot and then delete it. You can always build a new server instance from that snapshot at a later point in time when it is required.

Servers tab
Servers tab

To create a new server, you simply click “create server“, then provide the following information.

Server name:
Region:
Image:
Size:
Networks:

Once filled out, kick the build process off by clicking “create server” at the bottom of the page.

Select flavour and instance type
Select flavour and instance type

The server will then go into “building” state until complete when it then goes into “active". Although it only takes a few minutes to be deployed, you are free to continue using other parts of the website. You can even spin up more servers while you wait if you want!!

Building server
Building server

And that is it! Your first cloud server! Easy!

Your new server details
Your new server details

How to connect to your new cloud server depends on what Operating System you chose to install, Windows or Linux? If you chose Linux, you will need to use SSH. If Windows, you can use RDP. Here we chose CentOS – which is essentially just a free, re-branded release of Red Hat Enterprise Linux. If using SSH, issue below command.

[root@server ~]# ssh root@1.2.3.4

Don’t forget to replace 1.2.3.4 with the public IP address of your cloud server!