Step1:在Centos7上检查是否安装了epel库
执行命令:rpm -qa|grep epel
示例:
[root@master ~]# rpm -qa|grep epel
[root@master ~]#
从上面结果可知未安装epel库。
Step2:安装 epel库
执行命令:yum install epel-release
示例:
[root@master ~]# yum install epel-release
已加载插件:fastestmirror, langpacks, product-id, search-disabled-repos, subscription-manager
This system is not registered with an entitlement server. You can use subscription-manager to register.
Determining fastest mirrors
* base: mirrors.cqu.edu.cn
* extras: mirrors.cqu.edu.cn
* updates: mirrors.cqu.edu.cn
base | 3.6 kB 00:00:00
extras | 2.9 kB 00:00:00
updates | 2.9 kB 00:00:00
(1/4): base/7/x86_64/group_gz | 153 kB 00:00:00
(2/4): extras/7/x86_64/primary_db | 243 kB 00:00:00
(3/4): base/7/x86_64/primary_db | 6.1 MB 00:00:01
(4/4): updates/7/x86_64/primary_db | 12 MB 00:00:02
正在解决依赖关系
--> 正在检查事务
---> 软件包 epel-release.noarch.0.7-11 将被 安装
--> 解决依赖关系完成
依赖关系解决
==================================================================================
Package 架构 版本 源 大小
==================================================================================
正在安装:
epel-release noarch 7-11 extras 15 k
事务概要
==================================================================================
安装 1 软件包
总下载量:15 k
安装大小:24 k
Is this ok [y/d/N]: y
Downloading packages:
epel-release-7-11.noarch.rpm | 15 kB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
正在安装 : epel-release-7-11.noarch 1/1
验证中 : epel-release-7-11.noarch 1/1
已安装:
epel-release.noarch 0:7-11
完毕!
Step3:安装xrdp
执行命令:yum install xrdp
示例:
[root@master ~]# yum install xrdp
已加载插件:fastestmirror, langpacks, product-id, search-disabled-repos, subscription-manager
This system is not registered with an entitlement server. You can use subscription-manager to register.
Loading mirror speeds from cached hostfile
epel/x86_64/metalink | 8.6 kB 00:00:00
* base: mirrors.cqu.edu.cn
* epel: mirrors.bfsu.edu.cn
* extras: mirrors.cqu.edu.cn
* updates: mirrors.cqu.edu.cn
epel | 4.7 kB 00:00:00
(1/3): epel/x86_64/group_gz | 96 kB 00:00:00
(2/3): epel/x86_64/updateinfo | 1.0 MB 00:00:00
(3/3): epel/x86_64/primary_db | 7.0 MB 00:00:01
正在解决依赖关系
--> 正在检查事务
---> 软件包 xrdp.x86_64.1.0.9.17-2.el7 将被 安装
--> 解决依赖关系完成
依赖关系解决
==================================================================================
Package 架构 版本 源 大小
==================================================================================
正在安装:
xrdp x86_64 1:0.9.17-2.el7 epel 450 k
事务概要
==================================================================================
安装 1 软件包
总下载量:450 k
安装大小:2.2 M
Is this ok [y/d/N]: y
Downloading packages:
警告:/var/cache/yum/x86_64/7/epel/packages/xrdp-0.9.17-2.el7.x86_64.rpm: 头V4 RSA/SHA256 Signature, 密钥 ID 352c64e5: NOKEY
xrdp-0.9.17-2.el7.x86_64.rpm 的公钥尚未安装
xrdp-0.9.17-2.el7.x86_64.rpm | 450 kB 00:00:01
从 file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7 检索密钥
导入 GPG key 0x352C64E5:
用户ID : "Fedora EPEL (7) <epel@fedoraproject.org>"
指纹 : 91e9 7d7c 4a5e 96f1 7f3e 888f 6a2f aea2 352c 64e5
软件包 : epel-release-7-11.noarch (@extras)
来自 : /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
是否继续?[y/N]:y
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
正在安装 : 1:xrdp-0.9.17-2.el7.x86_64 1/1
验证中 : 1:xrdp-0.9.17-2.el7.x86_64 1/1
已安装:
xrdp.x86_64 1:0.9.17-2.el7
完毕!
Step4:安装tigervnc-server
执行命令:yum install tigervnc-server
示例:
[root@master ~]# yum install tigervnc-server
已加载插件:fastestmirror, langpacks, product-id, search-disabled-repos, subscription-manager
This system is not registered with an entitlement server. You can use subscription-manager to register.
Loading mirror speeds from cached hostfile
* base: mirrors.cqu.edu.cn
* epel: mirrors.bfsu.edu.cn
* extras: mirrors.cqu.edu.cn
* updates: mirrors.cqu.edu.cn
正在解决依赖关系
--> 正在检查事务
---> 软件包 tigervnc-server.x86_64.0.1.8.0-22.el7 将被 安装
--> 解决依赖关系完成
依赖关系解决
==================================================================================
Package 架构 版本 源 大小
==================================================================================
正在安装:
tigervnc-server x86_64 1.8.0-22.el7 updates 211 k
事务概要
==================================================================================
安装 1 软件包
总下载量:211 k
安装大小:498 k
Is this ok [y/d/N]: y
Downloading packages:
tigervnc-server-1.8.0-22.el7.x86_64.rpm | 211 kB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
正在安装 : tigervnc-server-1.8.0-22.el7.x86_64 1/1
验证中 : tigervnc-server-1.8.0-22.el7.x86_64 1/1
已安装:
tigervnc-server.x86_64 0:1.8.0-22.el7
完毕!
Step5:为用户root设置vnc密码
执行命令:vncpasswd root
示例:
[root@master ~]# vncpasswd root
Password:
Verify:
Would you like to enter a view-only password (y/n)? n
A view-only password is not used
Step6:配置xrdp.ini文件,修改XRDP最大连接数(可保持默认,不进行设置)
xrdp.ini文件所在位置:/etc/xrdp/xrdp.ini
执行命令:vi /etc/xrdp/xrdp.ini
示例:在xrdp.ini文件中找到“max_bpp”,该值即为设置XRDP服务器最大连接数,默认值即为32。
allow_channels=true
allow_multimon=true
bitmap_cache=true
bitmap_compression=true
bulk_compression=true
#hidelogwindow=true
max_bpp=32
new_cursors=true
Step7:配置或关闭SELinux
(1)查看SELinux状态:
执行命令:sestatus
示例:
[root@master ~]# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 31
上述示例当前SElinux是有效的,打开的,需要进行关闭。
(2)临时关闭SElinux:
执行命令:setenforce 0
示例:
[root@master ~]# setenforce 0
[root@master ~]# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: permissive
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 31
若需要打开SElinux,则执行命令:setenforce 1
示例:
[root@master ~]# setenforce 1
[root@master ~]# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 31
(3)永久关闭:则需要修改selinux的配置文件
执行命令:vim /etc/selinux/config
示例:修改selinux配置文件config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
# SELINUX=enforcing
SELINUX=disabled
# SELINUXTYPE= can take one of three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
[root@master ~]# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: disabled
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 31
Step8:防火墙配置
防火墙配置有两种方式:一种是直接关闭,另一种是打开XRDP服务的端口。
(1)直接关闭防火墙
防火墙的操作:状态查询、关闭、开启、开机状态、开机不启动、开机启动
防火墙的状态查询:systemctl status firewalld.service
防火墙的关闭:systemctl stop firewalld.service
防火墙的开启:systemctl start firewalld.service
防火墙开机状态查询:systemctl list-unit-files |grep fire
防火墙开机不启动:systemctl disable firewalld.service
防火墙开机启动:systemctl enable firewalld.service
(2)直接打开XRDP服务的端口
XRDP服务端口为3389,防火墙直接打开此端口即可。推荐采用该种方式。
执行命令1:firewall-cmd --permanent --zone=public --add-port=3389/tcp
执行命令2:firewall-cmd --reload
示例:
[root@master ~]# firewall-cmd --permanent --zone=public --add-port=3389/tcp
success
[root@master ~]# firewall-cmd --reload
success
Step9:启动xrdp服务,并且设置为开机启动
启动服务命令:systemctl start xrdp
开机启动命令:systemctl enable xrdp
查看状态命令:systemctl status xrdp
示例:
[root@master ~]# systemctl start xrdp
[root@master ~]# systemctl enable xrdp
Created symlink from /etc/systemd/system/multi-user.target.wants/xrdp.service to /usr/lib/systemd/system/xrdp.service.
[root@master ~]# systemctl status xrdp
● xrdp.service - xrdp daemon
Loaded: loaded (/usr/lib/systemd/system/xrdp.service; enabled; vendor preset: disabled)
Active: active (running) since 日 2021-11-14 14:52:43 CST; 38s ago
Docs: man:xrdp(8)
man:xrdp.ini(5)
Main PID: 8506 (xrdp)
CGroup: /system.slice/xrdp.service
└─8506 /usr/sbin/xrdp --nodaemon
11月 14 14:52:43 master systemd[1]: Started xrdp daemon.
11月 14 14:52:43 master xrdp[8506]: [INFO ] starting xrdp with pid 8506
11月 14 14:52:43 master xrdp[8506]: [INFO ] address [0.0.0.0] port [3389] mode 1
11月 14 14:52:43 master xrdp[8506]: [INFO ] listening to port 3389 on 0.0.0.0
11月 14 14:52:43 master xrdp[8506]: [INFO ] xrdp_listen_pp done
Step10:Windows远程连接
1)Win系统按下“Win+R”键,在弹出的“运行”框中输入“mstsc“命令,
2)按“确定”,打开Windows远程连接,输入IP地址开始远程连接,
3)在弹出的Xrdp用户验证窗口中输入CentOS7的用户名和密码登录即可。
远程连接如下所示:
(1)第1步:在“运行”框中输入“mstsc“命令
(2)第2步:键入IP
(3)第3步:账户登录
(4)第4步:桌面查看
