Step1:在Centos7上檢查是否安裝了epel庫
執行命令:rpm -qa|grep epel
示例:
[root@master ~]# rpm -qa|grep epel
[root@master ~]#
從上面結果可知未安裝epel庫。
Step2:安裝 epel庫
執行命令:yum install epel-release
示例:
[root@master ~]# yum install epel-release
已加載插件:fastestmirror, langpacks, product-id, search-disabled-repos, subscription-manager
This system is not registered with an entitlement server. You can use subscription-manager to register.
Determining fastest mirrors
* base: mirrors.cqu.edu.cn
* extras: mirrors.cqu.edu.cn
* updates: mirrors.cqu.edu.cn
base | 3.6 kB 00:00:00
extras | 2.9 kB 00:00:00
updates | 2.9 kB 00:00:00
(1/4): base/7/x86_64/group_gz | 153 kB 00:00:00
(2/4): extras/7/x86_64/primary_db | 243 kB 00:00:00
(3/4): base/7/x86_64/primary_db | 6.1 MB 00:00:01
(4/4): updates/7/x86_64/primary_db | 12 MB 00:00:02
正在解決依賴關系
--> 正在檢查事務
---> 軟件包 epel-release.noarch.0.7-11 將被 安裝
--> 解決依賴關系完成
依賴關系解決
==================================================================================
Package 架構 版本 源 大小
==================================================================================
正在安裝:
epel-release noarch 7-11 extras 15 k
事務概要
==================================================================================
安裝 1 軟件包
總下載量:15 k
安裝大小:24 k
Is this ok [y/d/N]: y
Downloading packages:
epel-release-7-11.noarch.rpm | 15 kB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
正在安裝 : epel-release-7-11.noarch 1/1
驗證中 : epel-release-7-11.noarch 1/1
已安裝:
epel-release.noarch 0:7-11
完畢!
Step3:安裝xrdp
執行命令:yum install xrdp
示例:
[root@master ~]# yum install xrdp
已加載插件:fastestmirror, langpacks, product-id, search-disabled-repos, subscription-manager
This system is not registered with an entitlement server. You can use subscription-manager to register.
Loading mirror speeds from cached hostfile
epel/x86_64/metalink | 8.6 kB 00:00:00
* base: mirrors.cqu.edu.cn
* epel: mirrors.bfsu.edu.cn
* extras: mirrors.cqu.edu.cn
* updates: mirrors.cqu.edu.cn
epel | 4.7 kB 00:00:00
(1/3): epel/x86_64/group_gz | 96 kB 00:00:00
(2/3): epel/x86_64/updateinfo | 1.0 MB 00:00:00
(3/3): epel/x86_64/primary_db | 7.0 MB 00:00:01
正在解決依賴關系
--> 正在檢查事務
---> 軟件包 xrdp.x86_64.1.0.9.17-2.el7 將被 安裝
--> 解決依賴關系完成
依賴關系解決
==================================================================================
Package 架構 版本 源 大小
==================================================================================
正在安裝:
xrdp x86_64 1:0.9.17-2.el7 epel 450 k
事務概要
==================================================================================
安裝 1 軟件包
總下載量:450 k
安裝大小:2.2 M
Is this ok [y/d/N]: y
Downloading packages:
警告:/var/cache/yum/x86_64/7/epel/packages/xrdp-0.9.17-2.el7.x86_64.rpm: 頭V4 RSA/SHA256 Signature, 密鑰 ID 352c64e5: NOKEY
xrdp-0.9.17-2.el7.x86_64.rpm 的公鑰尚未安裝
xrdp-0.9.17-2.el7.x86_64.rpm | 450 kB 00:00:01
從 file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7 檢索密鑰
導入 GPG key 0x352C64E5:
用戶ID : "Fedora EPEL (7) <epel@fedoraproject.org>"
指紋 : 91e9 7d7c 4a5e 96f1 7f3e 888f 6a2f aea2 352c 64e5
軟件包 : epel-release-7-11.noarch (@extras)
來自 : /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
是否繼續?[y/N]:y
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
正在安裝 : 1:xrdp-0.9.17-2.el7.x86_64 1/1
驗證中 : 1:xrdp-0.9.17-2.el7.x86_64 1/1
已安裝:
xrdp.x86_64 1:0.9.17-2.el7
完畢!
Step4:安裝tigervnc-server
執行命令:yum install tigervnc-server
示例:
[root@master ~]# yum install tigervnc-server
已加載插件:fastestmirror, langpacks, product-id, search-disabled-repos, subscription-manager
This system is not registered with an entitlement server. You can use subscription-manager to register.
Loading mirror speeds from cached hostfile
* base: mirrors.cqu.edu.cn
* epel: mirrors.bfsu.edu.cn
* extras: mirrors.cqu.edu.cn
* updates: mirrors.cqu.edu.cn
正在解決依賴關系
--> 正在檢查事務
---> 軟件包 tigervnc-server.x86_64.0.1.8.0-22.el7 將被 安裝
--> 解決依賴關系完成
依賴關系解決
==================================================================================
Package 架構 版本 源 大小
==================================================================================
正在安裝:
tigervnc-server x86_64 1.8.0-22.el7 updates 211 k
事務概要
==================================================================================
安裝 1 軟件包
總下載量:211 k
安裝大小:498 k
Is this ok [y/d/N]: y
Downloading packages:
tigervnc-server-1.8.0-22.el7.x86_64.rpm | 211 kB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
正在安裝 : tigervnc-server-1.8.0-22.el7.x86_64 1/1
驗證中 : tigervnc-server-1.8.0-22.el7.x86_64 1/1
已安裝:
tigervnc-server.x86_64 0:1.8.0-22.el7
完畢!
Step5:為用戶root設置vnc密碼
執行命令:vncpasswd root
示例:
[root@master ~]# vncpasswd root
Password:
Verify:
Would you like to enter a view-only password (y/n)? n
A view-only password is not used
Step6:配置xrdp.ini文件,修改XRDP最大連接數(可保持默認,不進行設置)
xrdp.ini文件所在位置:/etc/xrdp/xrdp.ini
執行命令:vi /etc/xrdp/xrdp.ini
示例:在xrdp.ini文件中找到“max_bpp”,該值即為設置XRDP服務器最大連接數,默認值即為32。
allow_channels=true
allow_multimon=true
bitmap_cache=true
bitmap_compression=true
bulk_compression=true
#hidelogwindow=true
max_bpp=32
new_cursors=true
Step7:配置或關閉SELinux
(1)查看SELinux狀態:
執行命令:sestatus
示例:
[root@master ~]# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 31
上述示例當前SElinux是有效的,打開的,需要進行關閉。
(2)臨時關閉SElinux:
執行命令:setenforce 0
示例:
[root@master ~]# setenforce 0
[root@master ~]# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: permissive
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 31
若需要打開SElinux,則執行命令:setenforce 1
示例:
[root@master ~]# setenforce 1
[root@master ~]# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 31
(3)永久關閉:則需要修改selinux的配置文件
執行命令:vim /etc/selinux/config
示例:修改selinux配置文件config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
# SELINUX=enforcing
SELINUX=disabled
# SELINUXTYPE= can take one of three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
[root@master ~]# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: disabled
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 31
Step8:防火牆配置
防火牆配置有兩種方式:一種是直接關閉,另一種是打開XRDP服務的端口。
(1)直接關閉防火牆
防火牆的操作:狀態查詢、關閉、開啟、開機狀態、開機不啟動、開機啟動
防火牆的狀態查詢:systemctl status firewalld.service
防火牆的關閉:systemctl stop firewalld.service
防火牆的開啟:systemctl start firewalld.service
防火牆開機狀態查詢:systemctl list-unit-files |grep fire
防火牆開機不啟動:systemctl disable firewalld.service
防火牆開機啟動:systemctl enable firewalld.service
(2)直接打開XRDP服務的端口
XRDP服務端口為3389,防火牆直接打開此端口即可。推薦采用該種方式。
執行命令1:firewall-cmd --permanent --zone=public --add-port=3389/tcp
執行命令2:firewall-cmd --reload
示例:
[root@master ~]# firewall-cmd --permanent --zone=public --add-port=3389/tcp
success
[root@master ~]# firewall-cmd --reload
success
Step9:啟動xrdp服務,並且設置為開機啟動
啟動服務命令:systemctl start xrdp
開機啟動命令:systemctl enable xrdp
查看狀態命令:systemctl status xrdp
示例:
[root@master ~]# systemctl start xrdp
[root@master ~]# systemctl enable xrdp
Created symlink from /etc/systemd/system/multi-user.target.wants/xrdp.service to /usr/lib/systemd/system/xrdp.service.
[root@master ~]# systemctl status xrdp
● xrdp.service - xrdp daemon
Loaded: loaded (/usr/lib/systemd/system/xrdp.service; enabled; vendor preset: disabled)
Active: active (running) since 日 2021-11-14 14:52:43 CST; 38s ago
Docs: man:xrdp(8)
man:xrdp.ini(5)
Main PID: 8506 (xrdp)
CGroup: /system.slice/xrdp.service
└─8506 /usr/sbin/xrdp --nodaemon
11月 14 14:52:43 master systemd[1]: Started xrdp daemon.
11月 14 14:52:43 master xrdp[8506]: [INFO ] starting xrdp with pid 8506
11月 14 14:52:43 master xrdp[8506]: [INFO ] address [0.0.0.0] port [3389] mode 1
11月 14 14:52:43 master xrdp[8506]: [INFO ] listening to port 3389 on 0.0.0.0
11月 14 14:52:43 master xrdp[8506]: [INFO ] xrdp_listen_pp done
Step10:Windows遠程連接
1)Win系統按下“Win+R”鍵,在彈出的“運行”框中輸入“mstsc“命令,
2)按“確定”,打開Windows遠程連接,輸入IP地址開始遠程連接,
3)在彈出的Xrdp用戶驗證窗口中輸入CentOS7的用戶名和密碼登錄即可。
遠程連接如下所示:
(1)第1步:在“運行”框中輸入“mstsc“命令
(2)第2步:鍵入IP
(3)第3步:賬戶登錄
(4)第4步:桌面查看
