{"id":578,"date":"2017-11-27T17:35:26","date_gmt":"2017-11-27T16:35:26","guid":{"rendered":"http:\/\/snakenet.eu\/blog\/?p=578"},"modified":"2022-03-13T11:50:45","modified_gmt":"2022-03-13T10:50:45","slug":"serveur-xrdp-sur-un-vps-ovh-debian-9","status":"publish","type":"post","link":"https:\/\/snakenet.eu\/blog\/serveur-xrdp-sur-un-vps-ovh-debian-9\/578\/","title":{"rendered":"Serveur xRDP sur un VPS (ovh) Debian 9"},"content":{"rendered":"

create administrative account<\/strong><\/p>\n

useradd MyUsername -s \/bin\/bash -G sudo -m
\necho MyUsername:MyVerySecurePassword | chpasswd<\/p>\n

Prevent root from login using SSH<\/strong><\/p>\n

sed -i ‘s\/PermitRootLogin yes\/PermitRootLogin no\/g’ \/etc\/ssh\/sshd_config
\nservice ssh restart<\/p>\n

Install programs<\/strong><\/p>\n

apt-get update
\napt-get install -y xrdp mate-core mate-desktop-environment mate-notification-daemon tigervnc-standalone-server<\/p>\n

\/etc\/init.d\/xrdp stop
\n\/etc\/init.d\/xrdp start<\/p>\n

Tune XRDP tu use XVNC in priority<\/strong><\/p>\n

vi \/etc\/xrdp\/xrdp.ini and permut Xorg and Xvnc block’s in the config file.<\/p>\n

[Xvnc]
\nname=Xvnc
\nlib=libvnc.so
\nusername=ask
\npassword=ask
\nip=127.0.0.1
\nport=-1
\n#xserverbpp=24
\n#delay_ms=2000<\/p>\n

[Xorg]
\nname=Xorg
\nlib=libxup.so
\nusername=ask
\npassword=ask
\nip=127.0.0.1
\nport=-1
\ncode=20<\/p>\n

S\u00e9curiser le tout<\/strong><\/p>\n

apt-get install fail2ban<\/p>\n

Install Firefox and test performance…<\/strong><\/p>\n

apt-get install firefox-esr firefox-esr-l10n-fr<\/p>\n

Faire de la place sur le disque<\/strong><\/p>\n

On a un petit VPS, autant \u00e9conomiser la place…<\/p>\n

apt-get clean<\/p>\n

Tuning<\/strong><\/p>\n

xrdp.ini :<\/p>\n

ls_background_image \u00e0 doit indiquer un fichier present dans \/usr\/share\/xrdp\/
\nls_top_window_bg_color=1a4384
\nls_height=350
\nls_bg_color=e4e3e8
\nls_btn_ok_y_pos=300
\nls_btn_cancel_y_pos=300<\/p>\n

\/etc\/init.d\/xrdp stop && \/etc\/init.d\/xrdp start<\/p>\n

openVPN<\/strong><\/p>\n

sudo apt-get install curl
\ncurl -O https:\/\/raw.githubusercontent.com\/Angristan\/openvpn-install\/master\/openvpn-install.sh
\nchmod +x openvpn-install.sh
\n.\/openvpn-install.sh<\/p>\n

S\u00e9curiser<\/strong><\/p>\n

cat > \/etc\/fail2ban\/filter.d\/openvpn.local <<EOF
\n# Fail2Ban filter for selected OpenVPN rejections
\n#
\n#<\/p>\n

[Definition]<\/p>\n

# Example messages (other matched messages not seen in the testing server’s logs):
\n# Fri Sep 23 11:55:36 2016 TLS Error: incoming packet authentication failed from [AF_INET]59.90.146.160:51223
\n# Thu Aug 25 09:36:02 2016 117.207.115.143:58922 TLS Error: TLS handshake failed<\/p>\n

failregex = ^ TLS Error: incoming packet authentication failed from \\[AF_INET\\]<HOST>:\\d+$
\n^ <HOST>:\\d+ Connection reset, restarting
\n^ <HOST>:\\d+ TLS Auth Error
\n^ <HOST>:\\d+ TLS Error: TLS handshake failed$
\n^ <HOST>:\\d+ VERIFY ERROR<\/p>\n

ignoreregex =
\nEOF<\/p>\n

cat > \/etc\/fail2ban\/jail.d\/openvpn <<EOF
\n# Fail2Ban configuration fragment for OpenVPN<\/p>\n

[openvpn]
\nenabled = true
\nport = 1194
\nprotocol = udp
\nfilter = openvpn
\nlogpath = \/var\/log\/openvpn.log
\nmaxretry = 3
\nEOF<\/p>\n

To effect the configuration change:
\nservice fail2ban restart<\/p>\n

Wireshark<\/strong><\/p>\n

apt-get -y install wireshark
\ngpasswd -a MyUsername<\/span> wireshark<\/p>\n","protected":false},"excerpt":{"rendered":"

create administrative account useradd MyUsername -s \/bin\/bash -G sudo -m echo MyUsername:MyVerySecurePassword | chpasswd Prevent root from login using SSH sed -i ‘s\/PermitRootLogin yes\/PermitRootLogin no\/g’ \/etc\/ssh\/sshd_config service ssh restart Install programs apt-get update apt-get install -y xrdp mate-core mate-desktop-environment mate-notification-daemon tigervnc-standalone-server \/etc\/init.d\/xrdp stop \/etc\/init.d\/xrdp start Tune XRDP tu use XVNC in priority vi \/etc\/xrdp\/xrdp.ini and […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-578","post","type-post","status-publish","format-standard","hentry","category-non-classe"],"_links":{"self":[{"href":"https:\/\/snakenet.eu\/blog\/wp-json\/wp\/v2\/posts\/578","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/snakenet.eu\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/snakenet.eu\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/snakenet.eu\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/snakenet.eu\/blog\/wp-json\/wp\/v2\/comments?post=578"}],"version-history":[{"count":24,"href":"https:\/\/snakenet.eu\/blog\/wp-json\/wp\/v2\/posts\/578\/revisions"}],"predecessor-version":[{"id":699,"href":"https:\/\/snakenet.eu\/blog\/wp-json\/wp\/v2\/posts\/578\/revisions\/699"}],"wp:attachment":[{"href":"https:\/\/snakenet.eu\/blog\/wp-json\/wp\/v2\/media?parent=578"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/snakenet.eu\/blog\/wp-json\/wp\/v2\/categories?post=578"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/snakenet.eu\/blog\/wp-json\/wp\/v2\/tags?post=578"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}