Complete Guide: Setting Up GUI Remote Desktop (RDP) on Linux VMs (Azure & AWS)

This guide provides step-by-step instructions for setting up a graphical user interface (GUI) on a Linux virtual machine and accessing it remotely using Remote Desktop Protocol (RDP). This works for both Azure VMs and AWS EC2 instances.

Video Tutorial

For a visual walkthrough of this process, check out our YouTube tutorial:
🎬 Hate Command Line? Get a FULL GUI on Your Linux Cloud VM Instead!

Key Definitions

• GUI (Graphical User Interface): The visual way to interact with your computer using windows, icons, and menus instead of text commands.
• RDP (Remote Desktop Protocol): Microsoft's protocol that allows you to connect to and control a remote computer as if you were sitting in front of it.
• XRDP: An open-source implementation of the RDP protocol that allows RDP clients to connect to Linux machines.
• XFCE: A lightweight desktop environment for Linux that works well on virtual machines with limited resources.
• NSG/Security Group: Azure's Network Security Groups or AWS Security Groups act as virtual firewalls that control what network traffic is allowed to and from your VM.

Why Setup RDP on a Linux VM

Setting up RDP on your Linux VM offers several key advantages:

• Graphical Interface: Access Linux through a familiar desktop environment without using command line
• GUI Applications: Use software that requires a graphical interface (IDEs, browsers, office applications)
• Easier Administration: Some system management and configuration tools are more intuitive with a GUI
• File Management: Drag-and-drop file operations and visual file browsing
• Remote Work: Access your full Linux desktop from anywhere with an internet connection

Prerequisites

• A Linux VM on Azure or an EC2 instance on AWS (Ubuntu/Debian-based)
• SSH access to your VM
• Administrative (sudo) privileges on the VM
• Access to Azure Portal or AWS Console to configure security rules

Step 1: Install Desktop Environment and XRDP

1. SSH into your Linux VM:

   ssh username@your-vm-ip

1. Update your system:

   sudo apt update && sudo apt upgrade -y

1. Install XFCE desktop environment (lightweight, works well for VMs):

   sudo apt install -y xfce4 xfce4-goodies

1. Install XRDP service:

   sudo apt install -y xrdp

Step 2: Fix "Too Many Open Files" Issue

This is a common issue with XRDP on Linux VMs. Follow these steps to resolve it:

1. Update system file descriptor limits:

   sudo nano /etc/security/limits.conf

1. Add these lines at the end of the file (before "# End of file"):

   # Added file descriptor limits
   *               soft    nofile          65535
   *               hard    nofile          65535
   root            soft    nofile          65535
   root            hard    nofile          65535

1. Create systemd limits configuration:

   sudo mkdir -p /etc/systemd/system.conf.d/
   sudo nano /etc/systemd/system.conf.d/limits.conf

1. Add this content:

   [Manager]
   DefaultLimitNOFILE=65535

1. Create XRDP-specific service override:

   sudo mkdir -p /etc/systemd/system/xrdp.service.d/
   sudo nano /etc/systemd/system/xrdp.service.d/override.conf

1. Add this content:

   [Service]
   LimitNOFILE=65535

Step 3: Configure XRDP for XFCE

1. Configure XRDP to use XFCE:

   echo xfce4-session > ~/.xsession

1. Modify XRDP configuration to change port and color depth:

   sudo sed -i 's/port=3389/port=3390/g' /etc/xrdp/xrdp.ini
   sudo sed -i 's/max_bpp=32/max_bpp=16/g' /etc/xrdp/xrdp.ini

Note: We're changing to port 3390 to avoid potential conflicts. You can keep the default 3389 if desired.

1. Reload systemd and restart services:

   sudo systemctl daemon-reload
   sudo reboot

Step 4: Configure Security Rules

For Azure VMs

1. Log in to the Azure Portal
2. Navigate to your VM
3. Select "Networking" from the left sidebar
4. Click "Add inbound port rule"
5. Configure the rule:
   • Protocol: TCP
   • Destination port ranges: 3390 (or 3389 if you kept the default port)
   • Priority: 1000 (or any available number)
   • Name: AllowRDP3390
   • Action: Allow
6. Click "Add"

For AWS EC2 Instances

1. Log in to the AWS Management Console
2. Navigate to EC2 → Security Groups
3. Select the security group associated with your instance
4. Click "Edit inbound rules"
5. Click "Add rule"
6. Configure the rule:
   • Type: Custom TCP
   • Port range: 3390 (or 3389 if you kept the default port)
   • Source: Your IP address or Custom (0.0.0.0/0 for anywhere - less secure)
   • Description: RDP Access
7. Click "Save rules"

Step 5: Connect Using Remote Desktop

1. On your Windows computer, open Remote Desktop Connection

   • Press Windows+R, type mstsc and press Enter

2. In the Computer field, enter:
   

   your-vm-public-ip:3390

(Use :3389 if you kept the default port)

1. Click "Connect"

2. When prompted, enter your Linux VM username and password

3. You should now see the XFCE desktop environment

Troubleshooting

XRDP Won't Start or Shows Failed Status

Check the service status:

sudo systemctl status xrdp

If it shows failed, check the logs:

sudo journalctl -u xrdp

Black Screen After Connecting

1. Verify your xsession file:

   cat ~/.xsession

It should contain only: xfce4-session

1. Try a different desktop environment:

   sudo apt install -y lxde
   echo lxsession > ~/.xsession
   sudo systemctl restart xrdp

Connection Refused

If you get "connection refused" errors:

1. Make sure XRDP is running:

   sudo systemctl restart xrdp
   sudo systemctl status xrdp

1. Check if the port is listening:

   sudo netstat -tuln | grep 3390

1. Verify your NSG rule in Azure Portal

Poor Performance

1. Reduce color depth further:

   sudo sed -i 's/max_bpp=16/max_bpp=8/g' /etc/xrdp/xrdp.ini
   sudo systemctl restart xrdp

1. Consider using a lightweight desktop environment like LXDE:

   sudo apt install -y lxde
   echo lxsession > ~/.xsession
   sudo systemctl restart xrdp

Additional Tips

• Install additional software as needed:

  sudo apt install -y firefox gedit vlc

• To enable copy/paste between your local machine and the remote desktop:

  sudo apt install -y xrdp-pulseaudio-installer
  sudo xrdp-build-pulse-modules

• For automatic startup of applications, add them to:

  ~/.config/autostart/

• If you need to change back to the standard port:

  sudo sed -i 's/port=3390/port=3389/g' /etc/xrdp/xrdp.ini
  sudo systemctl restart xrdp

Security Considerations

• RDP traffic is not encrypted by default. Consider using a VPN or SSH tunneling for additional security
• Limit RDP access to specific IP addresses in your NSG rules
• Consider setting up multi-factor authentication for your Azure account
• Keep your system updated with the latest security patches

This guide should help you successfully set up and connect to a GUI environment on your Linux Azure VM. If you encounter any issues not covered in the troubleshooting section, refer to the Azure documentation or XRDP GitHub repository for more information.