Initiating a connection to an Amazon EC2 Linux instance with desktop functionality using PuTTY provides terminal access but does not permit access to desktop functionality.

This article describes how to connect to the desktop of an Amazon EC2 Linux instance running Ubuntu 16.04 with the Windows Remote Desktop client. These steps install a remote desktop protocol (RDP) server (xrdp), a lightweight desktop environment (xfce4 with several plug-ins) and a graphical desktop sharing system (tightvncserver). These steps also describe how to route RDP client requests to the appropriate desktop environment session. These steps are specific to an Amazon EC2 Linux instance of Ubuntu 16.04. The Amazon Machine Image (AMI) used for this article is ami-835b4efa. For more information about locating Linux AMIs see Finding a Linux AMI.

Important: It is considered a security best practice to use port forwarding and tunnel RDP client connections through SSH when remotely accessing an EC2 Linux instance desktop. For more information about tunneling RDP client connections to an instance of EC2 Linux via SSH see How can I securely connect to an Amazon EC2 Linux instance with desktop functionality from Windows?

Note: Amazon Linux does not provide any Desktop GUI functionality. Therefore EC2 Linux instances that are running the Amazon version of Linux cannot be configured for connectivity from an RDP client.

1.    If you do not already have an instance of Ubuntu 16.04 LTS, complete step 1 of Getting Started with Amazon EC2 Linux Instances, ensure that you launch an instance of Ubuntu 16.04 LTS.

2.    Verify that you can connect to your instance as described at Connecting to Your Linux Instance from Windows Using PuTTY. Specify the username 'ubuntu' when you connect to the instance.

3.    Consider creating a 'baseline' backup of your EC2 instance before configuring the instance for RDP client access. You do this by creating a snapshot of the Amazon EBS volume that serves as the root device for your instance as described at Creating an Amazon EBS Snapshot. Note that as a best practice, you should always stop an EC2 instance before you create a snapshot of the EBS volume that serves as the root device for the instance. You can restart the EC2 instance after successfully creating the snapshot.

4.    Connect or re-connect to your EC2 Linux instance.

5.    Run the following commands from the terminal to check for updates and install upgrades.

sudo apt update && sudo apt upgrade

6.    Because you will be connecting from Windows Remote Desktop, edit the sshd_config file on your Linux instance to allow password authentication.

sudo sed -i 's/^PasswordAuthentication no/PasswordAuthentication yes/' /etc/ssh/sshd_config

7.    Restart the SSH daemon to make this change take effect.

sudo /etc/init.d/ssh restart

8.    Temporarily gain root privileges and change the password for the ubuntu user to a complex password to enhance security. Press the Enter key after typing the command sudo passwd ubuntu, and you will be prompted to enter the new password twice.

sudo passwd ubuntu

9.    Install xrdp, the xfce4 desktop environment with some plug-ins and a virtual network computer (vnc) server.

sudo apt install xrdp xfce4 xfce4-goodies tightvncserver

10.   Make xfce4 the default window manager for RDP connections.

echo xfce4-session> /home/ubuntu/.xsession

11.   Copy .xsession to the /etc/skel folder so that xfce4 is set as the default window manager for any new user accounts that are created.

sudo cp /home/ubuntu/.xsession /etc/skel

12.   Run the sed command to update the [xrdp1] section of /etc/xrdp/xrdp.ini to allow changing of the host port you will connect to.

sudo sed -i '0,/-1/s//ask-1/' /etc/xrdp/xrdp.ini

This command changes the first occurrence of '-1' to 'ask-1' so that the [xrdp1] section of /etc/xrdp/xrdp.ini reads as follows:
[xrdp1]
name=sesman-Xvnc
lib=libvnc.so
username=ask
password=ask
ip=127.0.0.1
port=ask-1

13.   Restart xrdp.

sudo service xrdp restart

14.   On Windows, open the Remote Desktop Connection client, paste the fully qualified name of your Amazon EC2 instance for the Computer, and then choose Connect.
Note: If you are using the Remote Desktop Connection client from an Apple Macintosh computer you may receive a dialog box with the title Connection Log and an error message "error - problem connecting". If this occurs, choose OK to dismiss the Connection Log dialog box and when the Login to xrdp dialog box is displayed, enter your credentials, specify a port value of -1 and click OK to connect to your EC2 Linux instance.

15.   When prompted to Login to xrdp, ensure that the sesman-Xvnc module is selected, and enter the username ubuntu with the new password that you created in step 8. When you start a session, the port number is -1.

16.   When the system connects, several status messages are displayed on the Connection Log screen. Pay close attention to these status messages and make note of the VNC port number displayed. If you want to return to a session later, specify this number in the port field of the xrdp login dialog box.  

xrdp port number

Important: Because the default user account can gain administrative rights to your instance, consider creating a less privileged user account with a strong password for purposes of remotely accessing your EC2 instance. For more information about adding new user accounts to your instance see How do I add new user accounts with SSH access to my Amazon EC2 Linux instance? Since you are enabling password authentication for your instance you may also consider renaming the default user account to something other than 'Ubuntu,' which is the default user account for all EC2 Linux instances running Ubuntu.


Did this page help you? Yes | No

Back to the AWS Support Knowledge Center

Need help? Visit the AWS Support Center.

Published: 2017-09-29