Skip to main content

Set up a Q4OS Remote Desktop Server

Administrator guide for configuring remote desktop access to Q4OS systems.

Overview

This guide covers setting up remote desktop access to Q4OS systems using various protocols including VNC, RDP, and SSH. Remote desktop access allows administrators and users to connect to Q4OS machines from anywhere on the network.

Supported Remote Access Methods

  • VNC (Virtual Network Computing): Cross-platform desktop sharing
  • RDP (Remote Desktop Protocol): Microsoft's remote desktop protocol
  • SSH (Secure Shell): Command-line access with X11 forwarding
  • NoMachine NX: High-performance remote desktop

Prerequisites

  • Q4OS system with administrative access
  • Network connectivity between client and server
  • Firewall configuration access
  • Understanding of basic networking concepts

VNC Server Setup

Installing VNC Server

Install TightVNC server package:

sudo apt update
sudo apt install tightvncserver

Initial VNC Configuration

  1. Start VNC server for the first time to create configuration files: 
    vncserver :1
  2. Set a VNC password when prompted (6-8 characters)
  3. Choose whether to set a view-only password
  4. Stop the VNC server: 
    vncserver -kill :1

Configuring VNC Startup Script

Edit the VNC startup script to use Trinity desktop:

nano ~/.vnc/xstartup

Replace the contents with:

#!/bin/bash
xrdb $HOME/.Xresources
starttrinity &

Make the script executable:

chmod +x ~/.vnc/xstartup

Starting VNC Server

Start VNC server with specific resolution:

vncserver :1 -geometry 1024x768 -depth 24

Creating VNC Service

Create a systemd service for automatic startup:

sudo nano /etc/systemd/system/vncserver@.service

Add the following content:

[Unit]
Description=Start TightVNC server at startup
After=syslog.target network.target

[Service]
Type=forking
User=your-username
PAMName=login
PIDFile=/home/your-username/.vnc/%H:%i.pid
ExecStartPre=-/usr/bin/vncserver -kill :%i > /dev/null 2>&1
ExecStart=/usr/bin/vncserver -depth 24 -geometry 1024x768 :%i
ExecStop=/usr/bin/vncserver -kill :%i

[Install]
WantedBy=multi-user.target

Enable and start the service:

sudo systemctl daemon-reload
sudo systemctl enable vncserver@1.service
sudo systemctl start vncserver@1.service

RDP Server Setup

Installing XRDP

Install XRDP for RDP protocol support:

sudo apt update
sudo apt install xrdp

Configuring XRDP

Configure XRDP to use Trinity desktop:

echo "starttrinity" > ~/.xsession

Start and enable XRDP service:

sudo systemctl start xrdp
sudo systemctl enable xrdp

XRDP Security Configuration

Configure SSL certificate for encryption:

sudo openssl req -x509 -newkey rsa:2048 -nodes -keyout /etc/xrdp/key.pem -out /etc/xrdp/cert.pem -days 365

Edit XRDP configuration:

sudo nano /etc/xrdp/xrdp.ini

Update the SSL settings:

security_layer=tls
certificate=/etc/xrdp/cert.pem
key_file=/etc/xrdp/key.pem

Restart XRDP service:

sudo systemctl restart xrdp

SSH Server Setup

Installing SSH Server

Install OpenSSH server:

sudo apt update
sudo apt install openssh-server

SSH Configuration

Edit SSH configuration for security:

sudo nano /etc/ssh/sshd_config

Recommended security settings:

Port 22
Protocol 2
PermitRootLogin no
PasswordAuthentication yes
PubkeyAuthentication yes
X11Forwarding yes
X11DisplayOffset 10

Restart SSH service:

sudo systemctl restart ssh

SSH Key Authentication (Recommended)

Generate SSH key pair on client:

ssh-keygen -t rsa -b 4096

Copy public key to server:

ssh-copy-id username@server-ip

X11 Forwarding for GUI Applications

Connect with X11 forwarding enabled:

ssh -X username@server-ip

Launch GUI applications remotely:

firefox &
kate &

NoMachine NX Setup

Installing NoMachine

Download NoMachine from the official website:

wget https://download.nomachine.com/download/7.10/Linux/nomachine_7.10.1_1_amd64.deb
sudo dpkg -i nomachine_7.10.1_1_amd64.deb

NoMachine Configuration

NoMachine works out of the box with minimal configuration. The service starts automatically after installation.

Check service status:

sudo systemctl status nxserver

NoMachine Client Connection

Download NoMachine client on remote computer and connect using:

  • Server address: Q4OS machine IP
  • Port: 4000 (default)
  • Authentication: System username/password

Firewall Configuration

UFW Firewall Rules

Configure UFW firewall to allow remote desktop connections:

Enable UFW:

sudo ufw enable

Allow VNC connections:

sudo ufw allow 5901/tcp  # VNC display :1
sudo ufw allow 5902/tcp  # VNC display :2

Allow RDP connections:

sudo ufw allow 3389/tcp

Allow SSH connections:

sudo ufw allow 22/tcp

Allow NoMachine connections:

sudo ufw allow 4000/tcp

Network-Specific Rules

Restrict access to specific networks for security:

sudo ufw allow from 192.168.1.0/24 to any port 5901
sudo ufw allow from 192.168.1.0/24 to any port 3389

Client Connections

VNC Clients

  • TightVNC Viewer: Free cross-platform VNC client
  • RealVNC Viewer: Professional VNC client
  • Remmina: Linux remote desktop client
  • Built-in clients: Many operating systems include VNC viewers

VNC connection format:

server-ip:5901  # For display :1
server-ip:5902  # For display :2

RDP Clients

  • Windows: Built-in Remote Desktop Connection
  • Linux: Remmina, Vinagre, FreeRDP
  • macOS: Microsoft Remote Desktop
  • Mobile: RD Client apps

RDP connection settings:

  • Computer: server-ip:3389
  • Username: Q4OS username
  • Password: Q4OS password

Security Considerations

Authentication

  • Use strong passwords for all accounts
  • Enable SSH key authentication when possible
  • Consider two-factor authentication
  • Disable unused user accounts

Network Security

  • Use VPN for connections over internet
  • Restrict access to specific IP ranges
  • Change default ports when possible
  • Enable logging and monitor access

Encryption

  • Enable TLS/SSL encryption for RDP
  • Use SSH tunneling for VNC connections
  • Consider VNC over SSH for added security

VNC over SSH Tunnel

Create secure VNC connection through SSH tunnel:

ssh -L 5901:localhost:5901 username@server-ip

Then connect VNC client to localhost:5901

Troubleshooting

Common VNC Issues

  • Gray screen: Check xstartup script configuration
  • Connection refused: Verify VNC server is running and firewall allows connections
  • Authentication failure: Reset VNC password with vncpasswd

Common RDP Issues

  • Black screen: Check .xsession file and Trinity desktop installation
  • Certificate errors: Verify SSL certificate configuration
  • Connection drops: Check network stability and XRDP logs

Log Files

Check these log files for troubleshooting:

  • VNC: ~/.vnc/*.log
  • XRDP: /var/log/xrdp.log
  • SSH: /var/log/auth.log
  • System: /var/log/syslog

Performance Optimization

VNC Performance

  • Use lower color depth (16-bit instead of 24-bit)
  • Reduce screen resolution for slower connections
  • Enable compression in VNC client
  • Disable desktop effects and animations

RDP Performance

  • Adjust connection speed settings in RDP client
  • Disable desktop wallpaper and animations
  • Use lower color quality for slow connections
  • Enable bitmap caching

Network Optimization

  • Use wired connection when possible
  • Ensure adequate bandwidth
  • Configure QoS for remote desktop traffic
  • Monitor network latency