Configure the Amazon Linux 2 MATE desktop connection
The MATE desktop environment
xrdp is the remote desktop software bundled in the AMI. By default,
xrdp uses a self-signed TLS certificate to encrypt remote desktop
sessions. Neither AWS nor the xrdp maintainers recommend using
self-signed certificates in production. Instead, obtain a certificate from an
appropriate certificate authority (CA) and install it on your instances. For more
information about TLS configuration, see TLS security
layerxrdp wiki.
Prerequisite
To run the commands shown in this topic, you must install the AWS Command Line Interface (AWS CLI) or AWS Tools for Windows PowerShell, and configure your AWS profile.
Options
-
Install the AWS CLI – For more information, see Installing the AWS CLI and Configuration basics in the AWS Command Line Interface User Guide.
-
Install the Tools for Windows PowerShell – For more information, see Installing the AWS Tools for Windows PowerShell and Shared credentials in the AWS Tools for Windows PowerShell User Guide.
Configure the RDP connection
Follow these steps to set up a Remote Desktop Protocol (RDP) connection from your local machine to an Amazon Linux 2 instance running the MATE desktop environment.
-
To get the ID of the AMI for Amazon Linux 2 that includes MATE in the AMI name, use the describe-images
command from your local command line tool. aws ec2 describe-images --filters "Name=name,Values=amzn2*MATE*" --query "Images[*].[ImageId,Name,Description]"[ [ "ami-0123example0abc12", "amzn2-x86_64-MATEDE_DOTNET-2020.12.04", ".NET Core 5.0, Mono 6.12, PowerShell 7.1, and MATE DE pre-installed to run your .NET applications on Amazon Linux 2 with Long Term Support (LTS)." ], [ "ami-0456example0def34", "amzn2-x86_64-MATEDE_DOTNET-2020.04.14", "Amazon Linux 2 with .Net Core, PowerShell, Mono, and MATE Desktop Environment" ] ]Choose the AMI that is appropriate for your use.
-
Launch an EC2 instance with the AMI that you located in the previous step. Configure the security group to allow for inbound TCP traffic to port 3389. For more information about configuring security groups, see Security groups for your VPC. This configuration enables you to use an RDP client to connect to the instance.
-
Connect to the instance using SSH. Run the following command on your Linux instance to set the password for
ec2-user.[ec2-user ~]$sudo passwd ec2-user -
Install the certificate and key.
If you already have a certificate and key, copy them to the
/etc/xrdp/directory as follows:-
Certificate —
/etc/xrdp/cert.pem -
Key —
/etc/xrdp/key.pem
If you do not have a certificate and key, use the following command to generate them in the
/etc/xrdpdirectory.$sudo openssl req -x509 -sha384 -newkey rsa:3072 -nodes -keyout /etc/xrdp/key.pem -out /etc/xrdp/cert.pem -days 365Note This command generates a certificate that is valid for 365 days.
-
-
Open an RDP client on the computer from which you will connect to the instance (for example, Remote Desktop Connection on a computer running Microsoft Windows). Enter
ec2-useras the user name and enter the password that you set in the previous step.
To disable the MATE Desktop Environment on your Amazon EC2 instance
You can turn off the GUI environment at any time by running one of the following commands on your Linux instance.
[ec2-user ~]$sudo systemctl disable xrdp
[ec2-user ~]$sudo systemctl stop xrdp
To enable the MATE Desktop Environment on your Amazon EC2 instance
To turn the GUI back on, you can run one of the following commands on your Linux instance.
[ec2-user ~]$sudo systemctl enable xrdp
[ec2-user ~]$sudo systemctl start xrdp
