Apache Guacamole for Secure Remote Access to your Computers

Apache Guacamole is an HTML 5 based tool that allows both full GUI connections and ssh console connections to Desktops and Virtual Machines through a secure and audited web interface.

Guacamole provides a web page front end to define and connect to systems and the remote access to the system graphical user interface (GUI) or command line is through the web interface as well.

To install “Apache Guacamole”, create or connect to an Ubuntu 20.04 instance.

Installing guacamole:

sudo apt update

sudo apt upgrade

sudo apt-get install software-properties-common

wget -O guac-install.sh https://git.io/fxZq5

chmod +x guac-install.sh

./guac-install.sh

Username: guacadmin
password: guacadmin

After logging in to guacamole, be sure to change the default credentials or create a new user account with admin rights and delete the “guacadmin” user for security reasons. By default, Guacamole requires two factor authentication security.

I have a Windows VM, an LXC Ubuntu instance, and an Ubuntu VM on my Labnet testing and teaching VLAN.

To use Guacamole to connect to these three machines, I created three guacamole profiles in a “Labnet” group that define access to my three instances on my 192.168.50.x Labnet VLAN.

image

The Labnet-LXC-Ubuntu-GUI is an LXC container running Ubuntu 20.04 with a full up desktop.

To achieve this, I created a regular LXC Ubuntu 18.04 container and upgraded it to 20.04.

I sshed to it and performed the following:

ssh apt install tasksel

Next Install a display manager:

sudo apt install lightdm

Finally, run “tasksel” and choose a desktop environment. I chose “Ubuntu Desktop”

tasksel

To enable RDP:

wget https://www.c-nergy.be/downloads/xrdp-installer-1.2.2.zip
unzip xrdp-installer-1.2.2.zip
bash xrdp-installer-1.2.2.sh

At this point, Labnet-LXC-Ubuntu-GUI has a fully functional desktop on an LXC container.

In Guacamole, I created a new connection:
image
image

I can now use Guacamole to sign in:

image

LabnetUbuntuVM looks the same as the LXC container, but it is a Virtual Machine.

Since the VM already has a Desktop GUI, I did not need to install it, but I do need to install the RDP support.

To enable RDP:

wget https://www.c-nergy.be/downloads/xrdp-installer-1.2.2.zip
unzip xrdp-installer-1.2.2.zip
bash xrdp-installer-1.2.2.sh

In Guacamole, I created a new connection:
image

image

Here is Guacamole signing into the Ubuntu 20.04 VM via RDP:

image

Labnet-Windows is a Windows 10 VM. It is not possible to make a Windows instance inside of an LXC container because LXC supports only Linux.

After creating the Windows VM, add a new Guacamole connection for it.

image

image

image

All three of the machines I created above are on my Labnet VLAN which is a testing/teaching environment.

You can create non-privileged users in Guacamole that are authorized into particular systems.

image

image

I use NginX Reverse Proxy Manager (https://nginxproxymanager.com/) to provide access to my Guacamole Server via my domain name and SSL for security.

By default, Guacamole uses two factor authentication for security. All three machines above are virtual templates that I can clone to provide instances for other users.

Oh, and by the way, to avoid the hosting web browser from intersecting keystrokes meant for the system that the guacamole console is connected to, CTRL-ALT-Shift.
image
There are clipboard management options on this menu as well as an on screen keyboard option to pass through special controls.

1 Like