Organize yourself safe workplace at a remote virtualke using x2go

For a long time I came across a very interesting thing – x2go.
In essence, this is another way to fuck myself with the remote desktop linux-machine. Here only this time – a way smartly enough, fast working. And in our case, more useful, and that it tunnels out of the box all traffic through ssh.
The game play does not, by itself, but through Youtube I watched quite a)

Of the nice goodies – transmission of sound, printers, resize the window (if you do not use native system X-server), the presence of an intelligent client for windows, authorization by ssh-keys, the ability to disconnect from the session and leave it all running. Traditionally, running under Windows not all (particularly failed posharit directory and printer), but overall positive impression. You can work comfortably on the remote server in the Netherlands with the car in Russia.

Why is it necessary to tell, I think, is not necessary. Let’s just say, to start Firefox with the bot for the browser game. Or to pay the credit cards from an untrusted network.

In fact, buying any Dev / do it yourself in a normal country. Remember that for the normal operation of Firefox / Iceweasel need gigabytes of RAM (otherwise it will fall on the OOM). Logins on it by ssh, start to have fun.

The manual is relevant to the current versions of Ubuntu / Debian (debian 7+, ubuntu 12.04+) – respectively, Dev need them. In OpenVZ due to the kernel module will not work, most likely.

First, create a user that we will continue to use x2go:
root @ server: ~ # adduser username

Along the way, we asked 2 times your password, introduce some fairly complicated. The rest can be left blank.

Next, we encrypt the user’s home directory. We put the necessary software:
root @ server: ~ # apt-get update; apt-get install ecryptfs-utils

Loadable kernel module for encryption:
root @ server: ~ # modprobe ecryptfs

That it loads at startup file / etc / modules need to add the line:

Encrypt your home directory:
root @ server: ~ # ecryptfs-migrate-home -u username

Check that it is encrypted:
root @ server: ~ # ls / home / username
Access-Your-Private-Data.desktop README.txt

Loginov our users by ssh, check that it can work properly with your home directory:
username @ server: ~ $ touch ~ / testfile; ls ~; rm ~ / testfile; ls ~

If everything works fine, then run the following command:
username @ server: ~ $ ecryptfs-unwrap-passphrase

In response, you will be given a key by which you can recover encrypted data if you forget the master password. I, in general, never handy =) But if you choose to save it – do it on a piece of paper, which will be stored at home in a table without any comment on it.

Note that the files in your home directory will be available to all users for reading (especially rue), when your user is logged in the system. Therefore, if you have reason to encrypt the home directory – then do it all the same to virtualke to which no one has access except for you. In addition, if you put in an encrypted home directory files (eg, website), and then log out – that these files will no longer be available.

Well, actually, you can begin to put x2go. First, we configure the server. For starters write about Debian Wheezy. Create /etc/apt/sources.list.d/x2go.list file with this content:
deb wheezy main

Add the key repository in:
root @ server: ~ # apt-key adv –recv-keys –keyserver E1F958385BFE2B6E; apt-get update

For Ubuntu. Add the ppa x2go in:
root @ server: ~ # apt-get update; apt-get install python-software-properties; add-apt-repository ppa: x2go / stable; apt-get update

We put the necessary software to run remote desktop. I’ll bet xfce (it works quite well remotely), unless you have a lot Expo – put anything. The main thing is not Unity or KDE (with brakes, because they need a full vidyuha).
root @ server: ~ # apt-get install x2goserver xfce4 xfce4-xkb-plugin

For ubuntu is better to do so:
root @ server: ~ # apt-get install x2goserver xubuntu-desktop

Once again, that to put it all on the server where the spinning something else is not recommended. To eat a lot of space and memory.

In general, this server is ready. Well, you can put there even firefox / iceweasel, if no longer. Or jabber-client. Or skype-client (although the voice chat does not work, probably). Next we set / configure the client.
For Windows, simply go here and there to poke link «mswin», then put the client.
For Ubuntu and Debian 7+ 12.04+ following command (it’s on the desktop, if someone does not understand):
root @ server: ~ # apt-get install x2goclient

However, coming from repositories rather old version (although working), so I recommend to repeat on the desktop the same steps that you did on the server (/etc/apt/sources.list.d/x2go.list create a file, and so on) just put one x2goclient, instead x2goserver.

Just need to know what to linux-ah x2goclient offered for himself and starts the openssh-server. He needs to work x2go-client, but he does not need to listen to the external interfaces (in this case, ssh-server will be unavailable to all others except you). Therefore, overweight it on localhost:
root @ server: ~ # sed ‘s /.* ListenAddress. * / ListenAddress’ / etc / ssh / sshd_config
root @ server: ~ # /etc/init.d/ssh restart

Now you can safely run x2go-client. In it we stamp a menu Session -> New Session.
Change icon in the cool pictures, create a session to connect.
In the Host write ip-dns-address or the name of our server.
In the User – user name, which we created (and which encrypt the folder).
SSH port – 22 standard, if I’m – you know what to write)
If you know about ssh-keys, then I strongly recommend that you use for authorization in x2go key name (however, there is no place to save your password there, so it is not soprut. Is that keyloggers).
Session Type – XFCE, if you put xfce. If something else – you select the right;)
Next, go to the Connection tab. They choose ADSL, compression method 16m-jpeg, Quality – 9.
In the tab “Settings” and turn off the sound of the printer (the sound on leased Dev will not work, most likely), if they are not needed.
Export directory – to taste.

Truncated, click connect, enter the password from the user / key enjoy. If you just close the window x2go – the session will remain hanging in the background. Unless explicitly click access to XFCE – the session is completed. Just do not forget that if you do not complete the session, the files in the home directory for the root will remain unencrypted.

After the first login to XFCE need to add some applets on the panel (the panel on the passenger-kilometers -> Panel -> add new item). You need to add Actions buttons (to be able to do logout), and Keyboard layouts. In the settings you need to configure the last key for switching the layout and add a second layout, if necessary.

More useful feature for hamsters – launch a separate application for x2go. Choose the type of session, “Application”, the command / executable file and password. These applications appear under Ubuntu natively enough (especially if you customize the appearance of the server-side), that’s only when you start the browser in a way I fell ‘X =) The rest will start.