A Beginner-Friendly Guide for Linux / Start Learning Linux Quickly...

Install Guacamole for Remote Linux/Windows Access in Ubuntu

Categories Open Source 70 Comments

As a system administrator, you may find yourself (today or in the future) working in an environment where Windows and Linux coexist.

It is no secret that some big companies prefer (or have to) run some of their production services in Windows boxes and others in Linux servers.

[ You might also like: 11 Best Tools to Access Remote Linux Desktop ]

If that is your case, you will welcome this guide with open arms (otherwise go ahead and at least make sure to add it to your bookmarks).

Install Guacamole for Remote Desktop and SSH Access
Install Guacamole for Remote Desktop and SSH Access

In this article, we will introduce you to guacamole, a remote desktop gateway powered by Tomcat that only needs to be installed on a central server.

[ You might also like: How to Access Remote Linux Desktop Using TightVNC ]

Guacamole will provide a web-based control panel that will allow you to switch quickly from one machine to another – all within the same web browser window.

Testing Environment

In this article, we have used the following machines. We will install Guacamole in an Ubuntu box and use it to access a Windows 10 box over Remote Desktop Protocol (RDP) and an RHEL box using SSH network protocol:

Guacamole server: Ubuntu 20.04 - IP 192.168.0.100
Remote SSH box: RHEL 8 – IP 192.168.0.18
Remote desktop box: Windows 10 – IP 192.168.0.19

That said, let’s get started.

Installing Guacamole Server in Ubuntu

1. Before installing guacamole, you will need to take care of its dependencies first.

$ sudo apt update
$ sudo apt install -y gcc vim curl wget g++ libcairo2-dev libjpeg-turbo8-dev libpng-dev \
libtool-bin libossp-uuid-dev libavcodec-dev libavutil-dev libswscale-dev build-essential \
libpango1.0-dev libssh2-1-dev libvncserver-dev libtelnet-dev freerdp2-dev libwebsockets-dev \
libssl-dev libvorbis-dev libwebp-dev tomcat9 tomcat9-admin tomcat9-user

2. Download and extract the tarball. As of early February 2021, the latest version of Guacamole is 1.3.0. You can refer to the Guacamole Downloads page to find out the latest version at a given time.

$ wget https://dlcdn.apache.org/guacamole/1.3.0/source/guacamole-server-1.3.0.tar.gz 
$ tar zxf guacamole-server-1.3.0.tar.gz

3. Compile the software.

$ cd guacamole-server-1.3.0/
$ ./configure

As it is to be expected, configure will check your system for the presence of the required dependencies and for supported communication protocols (as can be seen in the highlighted square, Remote Desktop Protocol (RDP) and SSH are supported by the dependencies installed earlier).

If everything goes as expected you should see this when it completes (otherwise, make sure you installed all the necessary dependencies):

Guacamole Server Installation
Guacamole Server Installation

As the last line in the above image suggests, run make and make install to compile the program:

$ make 
$ sudo make install

4. Update the cache of installed libraries.

$ sudo ldconfig

and hit Enter.

Installing Guacamole Client in Ubuntu

After completing the above steps, the guacamole server will have been installed. The following instructions will now help you to set up guacd (the proxy daemon that integrates Javascript with communication protocols such as RDP or SSH) and guacamole.war (the client), the component that makes up the final HTML5 application that will be presented to you.

Note that both components (guacamole server and client) need to be installed on the same machine – there is no need to install a so-called client on the machines you want to connect to).

To download the client, follow these steps:

5. Download the web application archive and change its name to guacamole.war.

Note: Depending on your distribution, the Tomcat libraries directory may be located at /var/lib/tomcat.

$ cd /var/lib/tomcat9/
$ sudo wget https://dlcdn.apache.org/guacamole/1.3.0/binary/guacamole-1.3.0.war
$ sudo mv guacamole-1.3.0.war webapps/guacamole.war

6. Create the configuration file (/etc/guacamole/guacamole.properties). This file contains the instructions for Guacamole to connect to guacd:

$ sudo mkdir /etc/guacamole
$ sudo mkdir /usr/share/tomcat9/.guacamole
$ sudo nano /etc/guacamole/guacamole.properties

Insert the following contents to /etc/guacamole/guacamole.properties. Note that we are referencing a file we will create in the next step (/etc/guacamole/user-mapping.xml):

guacd-hostname: localhost
guacd-port:    4822
user-mapping:    /etc/guacamole/user-mapping.xml
auth-provider:    net.sourceforge.guacamole.net.basic.BasicFileAuthenticationProvider
basic-user-mapping:    /etc/guacamole/user-mapping.xml

And create a symbolic link for Tomcat to be able to read the file:

$ sudo ln -s /etc/guacamole/guacamole.properties /usr/share/tomcat9/.guacamole/

7. Guacamole uses the user-mapping.xml, create this file to define which users are allowed to authenticate to the Guacamole web interface (between <authorize> tags) and which connections they can use (between <connection> tags):

$ sudo nano /etc/guacamole/user-mapping.xml

The following user mapping grants access to the Guacamole web interface to a user tecmint with password tecmint01. Then, inside the SSH connection, we need to place a valid username to log in to the RHEL box (you will be prompted to enter the corresponding password when Guacamole initiates the connection).

In the case of the Windows 10 box, there is no need to do that as we will be presented with the login screen over RDP.

To obtain the md5 hash of the password tecmint01, type the following command:

# printf '%s' "tecmint01" | md5sum

Then insert the output of the command in the password field inside the <authorize> tags:

<user-mapping>
        <authorize 
                username="tecmint" 
                password="8383339b9c90775ac14693d8e620981f" 
                encoding="md5">
                <connection name="RHEL 8">
                        <protocol>ssh</protocol>
                        <param name="hostname">192.168.0.18</param>
                        <param name="port">22</param>
                        <param name="username">gacanepa</param>
                </connection>
                <connection name="Windows 10">
                        <protocol>rdp</protocol>
                        <param name="hostname">192.168.0.19</param>
                        <param name="port">3389</param>
                </connection>
        </authorize>
</user-mapping>

As it is the case with all files that contain sensitive information, it is important to restrict the permissions and change the ownership of the user-mapping.xml file:

$ sudo chmod 600 /etc/guacamole/user-mapping.xml
$ sudo chown tomcat:tomcat /etc/guacamole/user-mapping.xml

Start Tomcat and guacd.

$ sudo service tomcat9 start
$ sudo /usr/local/sbin/guacd &

Launching the Guacamole Web Interface

8. To access the Guacamole web interface, launch a browser and point it to http://server:8080/guacamole where the server is the hostname or IP address of your server (in our case it is http://192.168.0.100:8080/guacamole) and log in with the credentials given earlier (username: tecmint, password: tecmint01):

Apache Guacamole Login
Apache Guacamole Login

9. After clicking on Login, you will be taken to the administrative interface where you will see the list of connections user tecmint has access to, as per user-mapping.xml:

Guacamole User Connections
Guacamole User Connections

10. Go ahead and click on the RHEL 8 box to log in as gacanepa (the username specified in the connection definition).

Note how the connection source is set to 192.168.0.100 (the IP of the Guacamole server), regardless of the IP address of the machine that you use to open the web interface:

Guacamole: Access Remote Linux
Guacamole: Access Remote Linux

11. If you want to close the connection, type exit and hit Enter. You will be prompted to return to the main interface (Home), reconnect, or log out from Guacamole:

Guacamole Session Disconnection
Guacamole Session Disconnection

12. Now it’s time to try the remote desktop connection to Windows 10:

Connect Windows Machine from Linux
Connect Windows Machine from Linux

Congratulations! Now you can access a Windows 10 machine and an RHEL 8 server from within a web browser.

Summary

In this article, we have explained how to install and configure Guacamole to allow access to remote machines over RDP and SSH. The official website provides extensive documentation to help you set up access using other protocols, such as VNC and other authentication mechanisms, such as DB-based…

As always, don’t hesitate to drop us a note if you have any questions or suggestions about this article. We also look forward to hearing your success stories.

If you read this far, tweet to the author to show them you care. Tweet a thanks

Previous article:

How to Access Remote Desktop from Browser Using TightVNC

Next article:

How to Install ModSecurity for Nginx on Debian/Ubuntu
Photo of author
Gabriel Cánepa
Gabriel Cánepa is a GNU/Linux sysadmin and web developer from Villa Mercedes, San Luis, Argentina. He works for a worldwide leading consumer product company and takes great pleasure in using FOSS tools to increase productivity in all areas of his daily work.

Each tutorial at TecMint is created by a team of experienced Linux system administrators so that it meets our high-quality standards.

Join the TecMint Weekly Newsletter (More Than 156,129 Linux Enthusiasts Have Subscribed)
Was this article helpful? Please add a comment or buy me a coffee to show your appreciation.

Related Posts

70 thoughts on “Install Guacamole for Remote Linux/Windows Access in Ubuntu”

  1. Thanks and very help full post. thank you so much. But I want to run only application on web, please help how we can access windows or Linux application from web browsers. i know one method that is using SSH in which we can access apps from Linux to windows and vice versa by enabling x11 forwarding in ssh conf file. but that uses commands, but i want to make access to those apps using GUI. either from browser or app. So can you help me with that?

    Reply

  2. Thanks and very help full post. thank you so much. But I want to run only application on web, please help how we can access windows or Linux application from web browsers.

    Reply

  3. Hi,
    I have done the same steps, but finally i am facing 404 status error.

    HTTP Status 404 – /guacamole

    type Status report

    message /guacamole

    description The requested resource is not available.
    Apache Tomcat/7.0.64 (Ubuntu)

    any idea where am i missed something?

    Reply

  4. Hello,
    Thanks for the post but Im having the error HTTP Status 404 – /guacamole, im using linux mint as server.

    thanks.

    Reply

  5. Hi Gabriel,

    I have followed your instructions in a Google Cloud Platform. Put Guaca in a ubuntu box. And I have to other instances, Linux, and windows which I am trying to reach. I can see the Linux machine, but the other windows instance, no success. It even doesn’t appear in the connections dashboard. It says connections error. Any ide? Thanks in advance!

    Reply

  6. Hi Gabriel,

    How do we connect to Connection Machine without Guacamole authorized user, once we generate the link can we connect to it without login?

    Thanks,
    Gulab Pasha

    Reply

  9. Hi Gabriel,

    thanks for the tut. Unfortunately I can’t login. The user mapping seems to be unrecognized even when I link the guacamole.properties file to .guacamole folder in tomcat7s home dir, /usr/share/tomcat7/.guacamole. I’m running Debian 8.5 and installed the server via apt-get install instead of compiling it myself.

    Do you have any idea?

    Reply

  10. For anyone else stuck on this where you get a 404 status.

    Move the guacamole.war file to the Webapps folder within your “tomcat7” folder.

    Reply

Leave a Reply to svartes Cancel reply

Have a question or suggestion? Please leave a comment to start the discussion. Please keep in mind that all comments are moderated and your email address will NOT be published.