In this article, I will tell you how to set up an AWS ec2 Linux server instance and connect to it from windows remote desktop.
1. Configure XRDP Desktop Service In EC2 Linux Instance.
1.1 Prerequisites.
- First, you should ensure you have installed the Mate GUI in your AWS ec2 Linux instance.
- You can confirm this when you launch a new AWS EC2 Linux instance.
- Go to your amazon AWS ec2 console page.
- Click the Launch Instance button on the page’s top right corner.
- Select the Amazon Linux OS image in the Application and OS Images section.
- Then select the item Amazon Linux 2 with .NET 6, PowerShell, Mono, and MATE Desktop Environment from the Amazon Machine Image(AMI) drop-down list.
- The above item will install the MATE desktop environment in the Linux instance.
- Then you can connect to it using Windows remote desktop.
1.2 Make Sure XRDP Service Is Started.
- Using an SSH client such as PuTTY to connect to the SSH server.
- Then run the command sudo systemctl status xrdp to get the xrdp service status like below.
$ sudo systemctl status xrdp ● xrdp.service - xrdp daemon Loaded: loaded (/usr/lib/systemd/system/xrdp.service; enabled; vendor preset: disabled) Active: active (running) since Thu 2023-03-30 06:50:30 UTC; 6min ago Docs: man:xrdp(8) man:xrdp.ini(5) Main PID: 3007 (xrdp) CGroup: /system.slice/xrdp.service └─3007 /usr/sbin/xrdp --nodaemon Mar 30 06:51:34 ip-172-31-2-49.ap-south-1.compute.internal xrdp[3104]: [INFO ] Using default X.509 certificate: /etc/xrdp/cert.pem Mar 30 06:51:34 ip-172-31-2-49.ap-south-1.compute.internal xrdp[3104]: [ERROR] Cannot read certificate file /etc/xrdp/cert.pem: No such file or directory Mar 30 06:51:34 ip-172-31-2-49.ap-south-1.compute.internal xrdp[3104]: [INFO ] Using default X.509 key file: /etc/xrdp/key.pem Mar 30 06:51:34 ip-172-31-2-49.ap-south-1.compute.internal xrdp[3104]: [ERROR] Cannot read private key file /etc/xrdp/key.pem: No such file or directory Mar 30 06:51:34 ip-172-31-2-49.ap-south-1.compute.internal xrdp[3104]: [WARN ] TLSv1.3 enabled by config, but not supported by system OpenSSL Mar 30 06:51:34 ip-172-31-2-49.ap-south-1.compute.internal xrdp[3104]: [ERROR] Cannot accept TLS connections because certificate or private key file...y.pem] Mar 30 06:51:34 ip-172-31-2-49.ap-south-1.compute.internal xrdp[3104]: [INFO ] Security protocol: configured [], requested [RDP], selected [] Mar 30 06:51:34 ip-172-31-2-49.ap-south-1.compute.internal xrdp[3104]: [ERROR] xrdp_sec_incoming: xrdp_iso_incoming failed Mar 30 06:51:34 ip-172-31-2-49.ap-south-1.compute.internal xrdp[3104]: [ERROR] xrdp_rdp_incoming: xrdp_sec_incoming failed Mar 30 06:51:34 ip-172-31-2-49.ap-south-1.compute.internal xrdp[3104]: [ERROR] xrdp_process_main_loop: libxrdp_process_incoming failed Hint: Some lines were ellipsized, use -l to show in full.
- The above output means the xrdp service is running and active but needs more configurations.
- Run the command sudo passwd ec2-user to set a password to the user ec2-user.
- Then run the command sudo openssl req -x509 -sha384 -newkey rsa:3072 -nodes -keyout /etc/xrdp/key.pem -out /etc/xrdp/cert.pem -days 365 to generate a TLS certificate that is self-signed.
$ sudo openssl req -x509 -sha384 -newkey rsa:3072 -nodes -keyout /etc/xrdp/key.pem -out /etc/xrdp/cert.pem -days 365 Generating a 3072 bit RSA private key ...................................................................................................++ .............++ writing new private key to '/etc/xrdp/key.pem' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]: State or Province Name (full name) []: Locality Name (eg, city) [Default City]: Organization Name (eg, company) [Default Company Ltd]: Organizational Unit Name (eg, section) []: Common Name (eg, your name or your server's hostname) []: Email Address []:
- Now you need to restart the xrdp service with the commands sudo systemctl stop xrdp and sudo systemctl start xrdp.
2. Connect To AWS EC2 Linux Instance From Windows Remote Desktop.
- Open the windows remote desktop application.
- Input the Linux server IP address in the Computer input text box.
- Input the user name ec2-user in the Username input text box.
- Click the Connect button to connect to the Linux server.
- Input the password you have created for the user ec2-user in the dialog window.
- Then you can log in to the AWS ec2 Linux Mate desktop environment.