(speaks Spanish) - [Instructor] This video
has the ultimate goal for us to figure out how to use Microsoft's Remote Desktop protocol, or the Microsoft Terminal Services Client, to connect to an Ubuntu instance or a Linux instance on AWS,
Amazon Web Services EC2. That way we can have a GUI
on the Ubuntu instance. A lot of people complain
that they don't like using the Linux instances on AWS because they can't connect
to them with a GUI. So the steps we're going to
use to accomplish that goal is first off we're
gonna start from scratch and configure a Free Tier
Ubuntu instance on AWS. This is step one right here. If you did not know, you
can have a Free Tier Linux and a Free Tier Windows instance
both running simultaneously for one year when you
first sign up for AWS EC2. So it's a pretty good deal, especially if you want to get familiar with Amazon Web Services as well as maybe Ubuntu or Windows Server 2016, et cetera. So first off we'll set that up, then we'll connect to the instance using Secure Shell, which is port 22. That's the only port open by default. We'll use Putty for that. Putty is a Secure Shell client. Then we will, once we've
Secure Shelled into Ubuntu we'll use apt get to install some options and we'll make sure we have the GUI options enabled on Ubuntu. Then what we'll do is
we'll configure Putty to tunnel our Microsoft
Terminal Services Client or RDP traffic through
the Secure Shell tunnel, and that will give us the remote GUI. So those are the steps we're
gonna do to accomplish this. So the first thing I'm gonna do over here is start up a new instance. I'm gonna click on Launch Instance, and this is the AWS EC2 console. We have a video that
goes over how to set up this console if you
haven't done it before. I'm gonna select the Ubuntu
server instance right here. Click on Select, the Free
Tier's already selected. Click on Review and Launch and Launch. I already have a key pair selected. Again, we go over how to generate
this in a previous video. Click on Launch Instances, and
these launch pretty quickly. I'm gonna click on View Instances here and look at the one I just launched. I've got a few right here, but this is the one I just launched. You can see it spinning right there. I'm gonna label it (clears throat) Ubuntu. We'll do Ubuntu GUI Test. And that one looks like
it's already running, so I have it highlighted. Here is our public IP address for the instance we just stood up. I need the public IP address
so I can Secure Shell into it. By default, if I go here
to the Launch Wizard, the security group, the
only port open is 22. This is the way we're going to keep it. It's much more secure if we tunnel our port 3389 traffic through port 22, so we don't have to open another
port on the EC2 firewall. All right, so let's go
back to our instances and I'm gonna copy that IP address. This is it right here, Ubuntu GUI Test. Here's the public IP address. Gonna highlight it,
right-click on it, copy, then I'm gonna open Putty. I'm gonna do a control + V right here and paste the public IP address. You could use the DNS name
if you wanted to as well. I'm gonna change a couple
settings here in Putty. First off, I like to get things set up, so I'm gonna name this
session as Ubuntu GUI Test. I'm gonna save it, so
that right now will save the IP address and
anything else I configure. I'm gonna change the font size to be a little bit larger here. I'll make it 16 so you can read it. I'm gonna change the colors to have the foreground I'm gonna make black, and then I'm gonna make
the background white, so we'll have a black on white background. It's a little bit easier to
read than the white on black. All right, background needs to be white. Okay, I also have to configure the private key for this session, so if I click on Secure Shell
here I can click on Off. Here is where you browse
to select the private key. This is my private key right there, and that's all I'm gonna select right now, but before I click on Connect I'm gonna go back here and save this again so all the stuff I just
configured is saved. Now I'm gonna click on Open.
(soft dings) I got this message right here, which is to be expected
the first time you connect. Click on Yes. Now we're prompted for the logon. Since we set up an Ubuntu instance, the default logon is Ubuntu, and it's gonna ask you for
the passphrase you used when you generated your
private key or the key pair. This is a much more secure way to log on to the system than a
username and password. So now I'm on the system, and this is the private IP
address for that system. I'm gonna cheat a little bit here, and there is an article
right here, this is the URL. I will put this URL beneath the video, but this kind of walks
you through at least quite a few steps as far as how to set up the Ubuntu instance for Windows, a GUI, and then the GUI we're gonna use is the xfce. (clears throat) So it's a good idea, unless you like to just type things out. I prefer to copy the commands and paste them into the window, so this is just gonna
update the repository, the software repository
there and upgrade it, upgrade any existing packages. So when that's done I'm gonna say yes, there's a few packages
that need to be updated. Shouldn't take too long. When that's done I'm gonna copy this, which allows us to do
password authentication because we have to do
password authentication since we're using the Windows
Remote Desktop Client, as it mentions right there,
that doesn't support, in this configuration it doesn't support a private public key pair. So when this is done I'm gonna copy and paste this over there. 99%, again copy, right-click, pasted. Okay, now I need to
restart the SSH daemon, so copy this, paste. I didn't paste right, copy, paste. Now we need to set a password. Since we enabled password authentication we need to set a password
for the Ubuntu account. So go ahead and type in a password if you're following along. Looks like it was changed successfully. Now we need to install
(clears throat) these options, which gives us the GUI functionality. Then we need to make xfce the default window manager for RDP connections, so if you Remote Desktop into it, this is the windowing system
you'll be presented with. So I'm gonna copy that, and when this is finished
I will paste that. So that finished, now we
want to continue here. I'm gonna copy the echo command
right here and paste it. If you get this error,
that's not a big deal. We'll validate it works
at the end of this. Then we'll copy this part right here. I mean basically you can just
copy all these commands over. These work, I have validated it. They will tell you at the very beginning that it will only work with, that it's only tested with
a specific ami version, but the one we're using
is not that same version and it still works, so
don't worry about that. (clears throat) So the
next thing I need to do is this last command
right here, copy this. And it looks like it's configured, and the rest of this stuff here is somewhat applicable but not entirely. So now I need to go to Putty. We need to change a
couple things on Putty, so I'm gonna go ahead
and close this session. So I just type in exit here, and sometimes this does not work unless we reboot the server. So I'm gonna go ahead and reboot it just to avoid having to do it again later. (soft dings) So it's rebooting, we
lost our Putty session. So while that is rebooting we're gonna configure the tunnel in Putty. Remember, we want to use a tunnel so we don't have to set
up an additional port for the Windows environment
or the GUI environment through the EC2 firewall. We ultimately want everything to go through port 22 only Secure Shell, and this is our inbound rule, port 22. There are other ways to do this. You can open up port 3389, but again, you're exposing yourself to, the more ports you open
up the more exposure you have to attacks, the
larger your attack surface. So I'm gonna go ahead and
load what we saved before, and what we're gonna do here
in Putty is add a tunnel, so under Secure Shell here and tunnels we're gonna do a source port, and the whole purpose of this is if somebody connects to a specific port it's gonna forward that
port to the destination. So the source port I'm
gonna use here is... The source port, we can make
this whatever we want to. I'm gonna use let's just say 8888. Our destination will be
the private IP address of our Ubuntu system, so if we go back to Instances over here on the management console, this is the Ubuntu one,
we scroll over here. (clears throat) Here is
the private IP address. We copy that, I'm gonna
paste that right here, and then I'm going to put colon 3389. What this does is if the local system sees any traffic destined to port 8888, it's gonna forward it through
the Secure Shell tunnel to this IP address on port
3389, so let's click on Add. So local port 8888 goes to this IP address on the other end of the
tunnel on port 3389. So let's go ahead and
click on, scroll up here. I'm gonna save this again,
save, click on Open. Now we're gonna log on. We have to first establish the tunnel before we can connect to
it with Remote Desktop, so again, the logon is
Ubuntu with your passphrase. This is why it's more secure. And now just to check let's
do a netstat dash antp, and you notice we are
listening on port 3389. So this is where the tunnel
is going to be established. This is what we set up earlier when we ran through these steps over here on Amazon. We set up this to listen on port 3389. That was not running before. So now that we have the tunnel
established via Secure Shell, the next step is to use the
Terminal Services Client or Remote Desktop Client right here, and we're gonna connect to 127.0.0, or you could also type in
local host, on port 8888. This is what I set the tunnel, so now since Putty is listening for local traffic on port 8888, if it sees the traffic
it's gonna push it through the Secure Shell tunnel, the SSH tunnel, and then will connect to this IP address right here on port 3389. That's the way it should work, so let's validate it works that way. So I'm gonna click on Connect. Initiating connection... We can go ahead and click on Yes, so it looks like we've connected or otherwise we wouldn't
have gotten that message. Now we have xrdp, so this is
where you put in the password for Ubuntu earlier when you
were on this step over here where it asks you for, we
created a password for Ubuntu. The password you typed in twice
is the password over here, so Ubuntu with that password. The port can still be
negative one, that's fine. It tells us we connected
on port 3350 right there. So now it looks like we've connected. We can use the default
config, that's fine. If we look under Applications
you see we're running xfce, and you've got a GUI now on
your Ubuntu instance on AWS EC2. You can do anything through the GUI, but you have to have the
backend applications installed. In this case this is
looking for a web browser, but there's not one installed, so to fix that we can go
to a terminal emulator and we can do sudo apt
get install firefox. Yes, and when that's done (clears throat) the GUI should automatically
choose Firefox, but you see while that's
going you can browse around, use the file manager and the other tools. When that's done I can go to
Applications, Web Browser, now it should know that
Firefox is installed, and you notice we have a web browser on our Ubuntu instance on EC2, and we can validate our IP address. So what is my IP. (clears throat) You see it's 18.222.59.229. That over here on a management
console, 18.222.59.229, so it is the instance obviously. So that way we've got a Windows system. We can add other items to it, we can add LibreOffice if
you wanted to or whatever, but you've got a GUI on
your Ubuntu instance on AWS. So that was the purpose of this video was to show you how to set up a GUI fairly quickly and easily. There's a lot more that
you can do with that, but this solves the issue a
lot of people complain about, at least I hear them complain about it, is they don't want to use a Linux instance on Amazon EC2 because there's no GUI. Well, we've solved that
problem right here. If you have any questions or comments please leave them beneath the video, and if you have any
thoughts on another topic you'd like to hear in the future go ahead and leave that as well. Hopefully you enjoyed this video and good luck using AWS EC2. We'll talk to you later. (speaks Spanish)
