Setting Up Web-Based Guacamole Tool to Access Remote Linux/Windows Machines
In this article we will introduce you to guacamole, a remote desktop gateway powered by Tomcat that only needs to be installed on a central server.
Guacamole will provide a web-based control panel that will allow you to switch quickly from one machine to another – all within the same web browser window.
Testing Environment
In this article we have used the following machines. We will install Guacamole in an Ubuntu box and use it to access a Windows 10 box over Remote Desktop Protocol (RDP) and a RHEL 7 box using SSH:
That said, let’s get started.
Installing Guacamole Server
1. Before installing guacamole, you will need to take care of its dependencies first.
In Debian and Ubuntu (use sudo):
In RHEL / CentOS / Fedora 18-21:
In Fedora 22-23:
2. Download and extract the tarball.
As of early February, 2016, the latest version of Guacamole is 0.9.9. You can refer to the Downloads page to find out the latest version at a given time.
As of early February, 2016, the latest version of Guacamole is 0.9.9. You can refer to the Downloads page to find out the latest version at a given time.
3. Compile the software.
As it is to be expected, configure will check your system for the presence of the required dependencies and for supported communication protocols (as can be seen in the highlighted square, Remote Desktop Protocol (RDP) and SSH are supported by the dependencies installed earlier).
If everything goes as expected you should see this when it completes (otherwise, make sure you installed all the necessary dependencies):
As the last line in the above image suggests, run
make
and make install
to compile the program:
4. Update the cache of installed libraries.
and hit Enter.
Installing Guacamole Client
After completing the above steps, the guacamole server will have been installed. The following instructions will now help you to set up guacd (the proxy daemon that integrates Javascript with communication protocols such as RDP or SSH) and guacamole.war (the client), the component that makes up the final HTML5 application that will be presented to you.
Note that both components (guacamole server and client) need to be installed on the same machine – there is no need to install a so-called client on the machines you want to connect to).
To download the client, follow these steps:
5. Download the web application archive and change its name to guacamole.war.
Note: Depending on your distribution, the Tomcat libraries directory may be located at /var/lib/tomcat.
6. Create the configuration file (/etc/guacamole/guacamole.properties). This file contains the instructions for Guacamole to connect to guacd:
Insert the following contents to /etc/guacamole/guacamole.properties. Note that we are referencing a file we will create in the next step (/etc/guacamole/user-mapping.xml):
And create a symbolic link for Tomcat to be able to read the file:
7. Guacamole uses the user-mapping.xml, create this file to define which users are allowed to authenticate to the Guacamole web interface (between
<authorize>
tags) and which connections they can use (between<connection>
tags):
The following user mapping grants access to the Guacamole web interface to user
tecmint
with passwordtecmint01. Then, inside the SSH connection we need to place a valid username to log in to the RHEL box (you will be prompted to enter the corresponding password when Guacamole initiates the connection).
In the case of the Windows 10 box, there is no need to do that as we will be presented with the login screen over RDP.
To obtain the md5 hash of the password tecmint01, type the following command:
Then insert the output of the command in the password field inside the
<authorize>
tags:
As it is the case with all files that contain sensitive information, it is important to restrict the permissions and change the ownership of the
user-mapping.xml
file:
Start Tomcat and guacd.
Launching the Guacamole Web Interface
8. To access the Guacamole web interface, launch a browser and point it to
http://server:8080/guacamole
where server is the hostname or IP address of your server (in our case it ishttp://192.168.0.100:8080/guacamole
) and login with the credentials given earlier (username: tecmint, password: tecmint01):
9. After clicking on Login, you will be taken to the administrative interface where you will see the list of connections user tecmint has access to, as per
user-mapping.xml
:
10. Go ahead and click on the RHEL 7 box to login as gacanepa (the username specified in the connection definition).
Note how the connection source is set to 192.168.0.100 (the IP of the Guacamole server), regardless of the IP address of the machine that you use to open the web interface:
11. If you want to close the connection, type exit and hit Enter. You will prompted to return to the main interface(Home), reconnect, or logout from Guacamole:
12. Now it’s time to try the remote desktop connection to Windows 10:
Congratulations! Now you can access a Windows 10 machine and a RHEL 7 server from within a web browser.
Thanks buddy.
ReplyDelete