Ubuntu Minimal遠程桌面設置方法

Prerequisites for Remote Desktop on Ubuntu Minimal
Ubuntu Minimal is a headless (GUI-less) system, so you must first install a lightweight desktop environment (to support graphical sessions) and a remote desktop service (to enable remote access). Common choices include:

• Desktop Environments: XFCE (recommended for servers due to low resource usage), GNOME (default but heavier), or LXQt (ultra-lightweight).
• Remote Desktop Services: XRDP (supports RDP protocol, compatible with Windows/macOS/Linux clients) or VNC (e.g., TigerVNC, x11vnc, for cross-platform graphical access).

Method 1: Using XRDP (Recommended for Most Users)
XRDP is the most widely used solution for remote desktop access on Ubuntu, as it uses the standard RDP protocol (familiar to Windows users).

1. Install a Lightweight Desktop Environment
   Update your system and install XFCE (or another lightweight desktop) to ensure smooth performance:

   sudo apt update && sudo apt upgrade -y
   sudo apt install xfce4 -y  # Replace with 'ubuntu-desktop' for GNOME if resources allow
   

2. Install XRDP Server
   Install the XRDP package to enable remote desktop connections:

   sudo apt install xrdp -y
   

3. Configure XRDP to Use Your Desktop Environment
   XRDP needs to know which desktop environment to launch. For XFCE, create a .xsession file in your home directory:

   echo xfce4-session > ~/.xsession
   

4. Start and Enable XRDP
   Enable XRDP to start on boot and launch it immediately:

   sudo systemctl enable xrdp
   sudo systemctl start xrdp
   

5. Configure Firewall (If UFW is Enabled)
   Allow RDP traffic (port 3389) through the firewall to permit external connections:

   sudo ufw allow 3389/tcp
   

6. Connect from a Client

   • Windows: Open the Remote Desktop Connection app (press Win + R, type mstsc), enter your Ubuntu server’s IP address, and click Connect. Log in with your Ubuntu username and password.
   • Linux/macOS: Use Remmina (install via sudo apt install remmina on Linux) or Microsoft Remote Desktop. Enter the IP address and credentials to connect.

Method 2: Using VNC (Alternative for Graphical Access)
VNC provides cross-platform graphical access but is less secure than XRDP (use SSH tunneling for encryption).

1. Install a Lightweight Desktop Environment
   As with XRDP, install XFCE (or another lightweight desktop):

   sudo apt install xfce4 -y
   

2. Install a VNC Server
   Install TigerVNC (a stable, high-performance VNC server):

   sudo apt install tigervnc-standalone-server -y
   

3. Set a VNC Password
   Set a password for VNC access (max 8 characters, required when connecting):

   vncpasswd
   

4. Configure the VNC Server
   Create a systemd service file to autostart VNC when you log in:

   mkdir -p ~/.config/systemd/user
   cat <<EOF > ~/.config/systemd/user/x11vnc.service
   [Unit]
   Description=Start x11vnc at startup.
   After=graphical.target
   [Service]
   Type=simple
   ExecStart=/usr/bin/x11vnc -display :0 -auth /home/your_username/.Xauthority -forever -loop -noxdamage -repeat -rfbauth /home/your_username/.vnc/passwd -rfbport 5900 -shared
   Restart=on-failure
   [Install]
   WantedBy=default.target
   EOF
   

   Replace your_username with your actual username.

5. Enable and Start the VNC Service
   Enable the service to start on login and start it now:

   systemctl --user enable x11vnc.service
   systemctl --user start x11vnc.service
   

6. Configure Firewall (If UFW is Enabled)
   Allow VNC traffic (port 5900) through the firewall:

   sudo ufw allow 5900/tcp
   

7. Connect from a Client

   • Windows: Use VNC Viewer (download from RealVNC’s website), enter your Ubuntu server’s IP address (e.g., 192.168.1.100:5900), and log in with your VNC password.

Security Recommendations

• Use SSH Tunneling: For VNC, encrypt traffic by tunneling it through SSH (e.g., ssh -L 5900:localhost:5900 user@ubuntu-ip).
• Update Regularly: Keep your system and remote desktop software up to date to patch security vulnerabilities.
• Limit Access: Restrict RDP/VNC ports to trusted IP addresses using your firewall (e.g., sudo ufw allow from 192.168.1.0/24 to any port 3389).