Installing Guacamole on CentOS 7

scottalanmiller

yum -y update
yum -y install cairo-devel libjpeg-devel libpng-devel uuid-devel freerdp-devel pango-devel libssh2-devel libssh-dev tomcat tomcat-admin-webapps tomcat-webapps vncserver-devel wget gcc
cd /tmp
wget http://sourceforge.net/projects/guacamole/files/current/source/guacamole-server-0.9.9.tar.gz
tar -xzvf guacamole-server-0.9.9.tar.gz
cd guacamole-server-0.9.9 
./configure
make; make install; ldconfig
cd /var/lib/tomcat/webapps
wget http://sourceforge.net/projects/guacamole/files/current/binary/guacamole-0.9.9.war
mv guacamole-0.9.9.war guacamole.war
mkdir /etc/guacamole
mkdir /usr/share/tomcat/.guacamole

cat > /etc/guacamole/guacamole.properties <<EOF
guacd-hostname: localhost
guacd-port:    4822
user-mapping:    /etc/guacamole/user-mapping.xml
auth-provider:    net.sourceforge.guacamole.net.basic.BasicFileAuthenticationProvider
basic-user-mapping:    /etc/guacamole/user-mapping.xml
EOF

ln -s /etc/guacamole/guacamole.properties /usr/share/tomcat/.guacamole/

Use the md5sum tool to get a password. I'll give an example here, you'll need to make your own.

printf '%s' "mysecretpassword" | md5sum
4cab2a2db6a3c31b01d804def28276e6  -

Now we need to configure out XML User Mapping file. This file maps users to passwords and assigns them a list of systems to which they can connect. In a more complex deployment we could replace this file with a MariaDB or similar database, but XML is so easy to deal with that at least for now, we will stick with that. For just a couple of users, this is very easy to deal with and the file should be self explanatory.

cat > /etc/guacamole/user-mapping.xml <<EOF
<user-mapping>
<authorize 
username="mangolassi" 
password="4cab2a2db6a3c31b01d804def28276e6" 
encoding="md5">
<connection name="CentOS 7 GitLab">
<protocol>ssh</protocol>
<param name="hostname">192.168.1.59</param>
<param name="port">22</param>
<param name="username">scott</param>
</connection>
<connection name="Windows 8.1 Lab 1">
<protocol>rdp</protocol>
<param name="hostname">192.168.1.194</param>
<param name="port">3389</param>
</connection>
<connection name="Windows 8.1 Lab 2">
<protocol>rdp</protocol>
<param name="hostname">192.168.1.195</param>
<param name="port">3389</param>
</connection>
</authorize>
</user-mapping>
EOF

chmod 600 /etc/guacamole/user-mapping.xml
chown tomcat:tomcat /etc/guacamole/user-mapping.xml
systemctl enable tomcat
systemctl start tomcat
/usr/local/sbin/guacd &

hobbit666

What is it?

VoodooRabbit87

Appears to be a Linux RDP gateway, see below:

http://guacamole.incubator.apache.org/

dafyre

How's the Performance on this?

wirestyle22

This looks very useful. Does it run well?

travisdh1

@scottalanmiller is so tempting me to drop this onto my jumpbox.

scottalanmiller

@hobbit666 said in Installing Guacamole on CentOS 7:

What is it?

Remote access gateway, aggregator and web translator. So remote users need only sign into the web page, no need for any remote access tools. It takes connections like RDP, VNC, SSH, Telnet and turns them into an HTML 5 page.

scottalanmiller

@VoodooRabbit87 said in Installing Guacamole on CentOS 7:

Appears to be a Linux RDP gateway, see below:

http://guacamole.incubator.apache.org/

And more.

scottalanmiller

@dafyre said in Installing Guacamole on CentOS 7:

How's the Performance on this?

Surprisingly good. And I'm running VM based desktops, over a small Guacamole server, over ZeroTier, across the country.

scottalanmiller

@wirestyle22 said in Installing Guacamole on CentOS 7:

This looks very useful. Does it run well?

So far, yeah, very well. Some weird font issues if you are using it for SSH display, but that's a fringe use case. Works fine, just gives me goofy fonts.

But RDP is like 90% of use cases and VNC is 9% and SSH is .9% and Telnet is... well, just a theory.

scottalanmiller

@travisdh1 said in Installing Guacamole on CentOS 7:

@scottalanmiller is so tempting me to drop this onto my jumpbox.

Yup, it's absolutely perfect for that.

RojoLoco

I was expecting a pic of some mashed up avocados on top of a server.... disappointed.

scottalanmiller

@RojoLoco said in Installing Guacamole on CentOS 7:

I was expecting a pic of some mashed up avocados on top of a server.... disappointed.

That's their next product... Avocado Toast.

travisdh1

Does it support a password hash other than md5?

scottalanmiller

@travisdh1 said in Installing Guacamole on CentOS 7:

Does it support a password hash other than md5?

Yes, but I don't know which options. The only XML one shown is MD5 that I came across. If you want more than that, normally you'd be using a database.

travisdh1

@scottalanmiller said in Installing Guacamole on CentOS 7:

@travisdh1 said in Installing Guacamole on CentOS 7:

Does it support a password hash other than md5?

Yes, but I don't know which options. The only XML one shown is MD5 that I came across. If you want more than that, normally you'd be using a database.

I'm trying it with sha256 (using sha256sum), we'll see. Now where'd that web interface go?

dafyre

@travisdh1 lol. It took me a minute to figure that out... http://ip.add.ress:8080/guacamole 8-)

The Windows RDP seems to be pretty good. The SSH session does funny things with my fonts...

dafyre

I see this could be huge though. It does seem to work rather well, the only thing I find that is missing is the ability to capture the Windows short cuts like Windows +R, or Windows +D, etc.

scottalanmiller

@dafyre said in Installing Guacamole on CentOS 7:

@travisdh1 lol. It took me a minute to figure that out... http://ip.add.ress:8080/guacamole 8-)

The Windows RDP seems to be pretty good. The SSH session does funny things with my fonts...

Same issue with the fonts for me.

bbigford

Cool tool. Did you have to figure out the setup on your own or was there any documentation you worked off of?