How to Install and Configure Guacamole on Fedora 29

2
4538

This guide describes how to install and configure Guacamole on Fedora 29. We have covered similar setups in our previous guides on Debian 9.8 and Ubuntu 18.04. You can check them by following the links below.

If you also need to learn how to transfer files over Guacamole, check our tutorial here;

Install and Configure Guacamole on Fedora 29

The installation covers installation and setup of Guacamole-server as well Guacamole client. Guacamole server (guacd) provides contains all the required server-side components required by Guacamole to connect to remote desktops. Guacamole-client on the other hand provides all the all Java and JavaScript components of Guacamole that make up the web application which serves the HTML5 Guacamole client to users that connect to Guacamole server.

Installing Guacamole Server on Fedora 29

Luckily, the latest release of the Guacamole server (v 0.9.14) is available on the default Fedora 29 repositories. Just power up your terminal and execute the following commands to install Guacamole server (guacd) and all the other required packages for the remote connection protocols that Guacamole server supports.

Disable SELinux or set it up on permissive mode but be cautious of the repercussions of this. Otherwise, leave it on enforcing mode if at all you understand how it functions.

sed -i 's/=enforcing/=permissive/' /etc/selinux/config
systemctl reboot -i

After that, proceed to install Guacamole server.

dnf update
dnf install guacd libguac-client-rdp libguac-client-ssh libguac-client-vnc libguac-client-telnet

Once the installation is done, start and enable Guacamole server (guacd) to run on system reboot.

systemctl start guacd
systemctl enable guacd

By default, Guacamole server listens on TCP port 4822. You need to open this port on firewall.

Installing Apache Tomcat

Once the server is installed, run the command below to install Tomcat Java servelet container that serves Guacamole client and all the required dependencies.

dnf install tomcat tomcat-webapps

Start and enable Tomcat.

systemctl start tomcat
systemctl enable tomcat

Apache Tomcat listens on TCP port 8080. Hence open access to this port on firewall by running the command below;

firewall-cmd --permanent --add-port=8080/tcp
firewall-cmd --reload

Verify that Tomcat is ready to server the client requests by navigating to the browser and entering the URL, http://IP_Address:8080 and you should land on the Tomcat test page.

Installing Guacamole Client on Fedora 29

The Guacamole client is available as a binary. To install it, just pull it from the Guacamole binaries downloads page as shown below.

wget https://sourceforge.net/projects/guacamole/files/current/binary/guacamole-0.9.14.war

To install the Guacamole client binary, just move it to the main configuration directory renaming it as follows.

mv guacamole-0.9.14.war /etc/guacamole/guacamole.war

After that, link the Guacamole client to Apache Tomcat webapps configuration directory.

ln -s /etc/guacamole/guacamole.war /var/lib/tomcat/webapps/

Configuring Guacamole Server

After the installation of the Guacamole server daemon, you need define how to Guacamole client will connect to the Guacamole server (guacd) under the /etc/guacamole/guacamole.properties configuration file. Within this configuration, you need to simply define Guacamole server hostname, port, user mapping configuration file, authentication provider.

vim /etc/guacamole/guacamole.properties
guacd-hostname: localhost
guacd-port:    4822
user-mapping:    /etc/guacamole/user-mapping.xml
auth-provider:    net.sourceforge.guacamole.net.basic.BasicFileAuthenticationProvider

you need to configure authentication method and create users who can access Guacamole server. To begin with, create the Guacamole general configuration directory. This file is reference by the Guacamole home environment variable, GUACAMOLE_HOME.

mkdir /etc/guacamole

In regards to authentication methods, Guacamole supports LDAP, backend databases, local file etc. Reading users and connection details from local file, usually user-mapping.xml, is the default method used by Guacamole. We are going to use the default authentication method in this guide.

Configure default authentication

The default authentication method for Guacamole involves reading usernames and passwords from an XML file, /etc/guacamole/user-mapping.xml.

vim /etc/guacamole/user-mapping.xml
<user-mapping>
        
    <!-- Per-user authentication and config information -->

    <!-- A user using md5 to hash the password
         amos user and its md5 hashed password below is used to 
             login to Guacamole Web UI-->
    <authorize 
            username="amos"
            password="602361b61d6818197680784e1112e3ee"
            encoding="md5">
    </authorize>

</user-mapping>

For every defined user, you need generate MD5 hashed password. The MD5 password hashes can be generated as shown below;

echo -n Your_Password | openssl md5
(stdin)= 602361b61d6818197680784e1112e3ee

You can as well specify authorized connections for each user.

<user-mapping>
        
    <!-- Per-user authentication and config information -->

    <!-- A user using md5 to hash the password
         amos user and its md5 hashed password below is used to 
             login to Guacamole Web UI-->
    <authorize 
            username="amos"
            password="602361b61d6818197680784e1112e3ee"
            encoding="md5">
        <connection name="SSH Connection">
            <protocol>ssh</protocol>
            <param name="hostname">192.168.43.203</param>
            <param name="port">22</param>
            <param name="username">amos</param>
        </connection>
        <connection name="RDP connection">
            <protocol>rdp</protocol>
            <param name="hostname">192.168.43.73</param>
            <param name="port">3389</param>
            <param name="username">mibeyki</param>
        </connection>

    </authorize>

</user-mapping>

Next, the Apache Tomcat servelet container should  be able to read all the configurations defined under /etc/guacamole directory. Hence, add the GUACAMOLE_HOME environment variable to the serverlet configuration file as shown below;

echo "GUACAMOLE_HOME=/etc/guacamole" >> /etc/default/tomcat

Restart both Tomcat and Guacamole server.

systemctl restart tomcat
systemctl restart guacd

Guacamole UI can be accessed with the URL, http://Server_IP:8080/guacamole.

Install and Configure Guacamole on Fedora 29

When you login, you should be able to see the two connections defined above.

Install and Configure Guacamole on Fedora 29

To initiate a connection, click on the connection type. For example, if I click on the SSH connection, this will take me to Password prompt. After successful authentication, you should get into the remote server’s terminal.

Install and Configure Guacamole on Fedora 29

To ensure that you got good fonts, install the following fonts.

dnf install terminus-fonts terminus-fonts-console dejavu-sans-mono-fonts

Well, that is a basic introduction into how to install and configure Guacamole on Fedora 29. You can learn more about Guacamole and its configuration by following the reference link below.

Reference

2 COMMENTS

LEAVE A REPLY

Please enter your comment!
Please enter your name here