Hi all,
I have decided to slowly step away from Ubuntu. Why? Well, I don't like the way they have the snap store, and for desktop I wanted a bit different.
Fedora is something that has been recommended to me by a lot of different sources and research.
So what I'm doing is making a small tutorial for people who never done it, and want just the steps simple on a "one pager".
What I will have and use for this tutorial is as follows:
- Promox as a Virtual server with the settings as follows
- Start at boot
- Linux - version 6.x (2.6 kernel)
- Machine: q35
- Qemu Agent Enabled
- OVMF (UEFI)
- Pre-enrolled keys
- 150 GB SSD
- 8 Cores
- type: Host
- 8 GB RAM
- Fedora 43
Important to note. You will have 2 different types of users:
- System users
- RDP users
The system users are the users that are actually on the system (logged into the desktop, use programs etc.
The RDP users is the user you used to login via RDP, which *THEN* allows you to login to the rest of the system.
I will use both of them, since I want multiple users to login. This also means that it's not a "Desktop" (or admin) session, but a virtual session.
So after creating start the machine, and install it using the steps you want yourself. I wouldn't recommend doing the encryption on the disk myself unless it's installed on the physical hardware itself, so I will not do this, nor cover it in this guide. (If you want to see it; use the contact page, I might add it in the future :) )
Once installation finished, don't forget to unmount the ISO file, and reboot.
Follow the first few steps after the reboot (create your account etc), and afterwards the first few things I do is:
- update the hostname
- set static IP (important if you want to connect to it remotely)
- enable SSH
Afterwards I don't think it's needed but I did a reboot just in case. The reason I enable SSH is because I don't like to copy & paste into the SPICE view, and noVNC can't copy & paste easy. So let's use SSH for the commands. You can use the same commands also on the system itself.
So now a few steps for the RDP configuration. This will create a "RDP user", which is shared for all users that will login.
- Create the configuration directory for the system RDP user
sudo mkdir -p /var/lib/gnome-remote-desktop/.local/share/gnome-remote-desktop
Generate a self-signed TLS certificate
sudo openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 \
-subj "/C=NL/ST=Noord-holland/L=Amsterdam/O=NA/CN=fedora-rdp" \
-keyout /var/lib/gnome-remote-desktop/.local/share/gnome-remote-desktop/tls.key \
-out /var/lib/gnome-remote-desktop/.local/share/gnome-remote-desktop/tls.crt
Set correct ownership so the service can read them, but others can't
sudo chown -R gnome-remote-desktop:gnome-remote-desktop /var/lib/gnome-remote-desktop
sudo chmod 600 /var/lib/gnome-remote-desktop/.local/share/gnome-remote-desktop/tls.key
Tell the system to use these specific files
sudo grdctl --system rdp set-tls-key /var/lib/gnome-remote-desktop/.local/share/gnome-remote-desktop/tls.key
sudo grdctl --system rdp set-tls-cert /var/lib/gnome-remote-desktop/.local/share/gnome-remote-desktop/tls.crt
Now we configure the RDP user (warnings with TPM you can ignore, if you don't mind not using TPM)
sudo dbus-run-session grdctl --system rdp set-credentials <remoteuser> <yourremoteuserpassword>
Enable the service to run always
sudo dbus-run-session grdctl --system rdp enable
Ensure the system stays in graphical mode even if no monitor is attached
sudo systemctl set-default graphical.target
Disable auto-suspend for the system RDP user
sudo -u gnome-remote-desktop dbus-run-session gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-ac-type 'nothing'
Enable the service and start it
sudo systemctl daemon-reload
sudo systemctl enable gnome-remote-desktop
sudo systemctl start gnome-remote-desktop
And one final step to allow remote connections is to allow the firewall
sudo firewall-cmd --permanent --add-service=rdp
sudo firewall-cmd --reload
And we're done!
If you want to see the status you can run the following command
sudo grdctl --system status
I decided on not to use TPM configuration in here, so if you got any warnings for TPM, those are expected. I have found that the way that I tried to configure this with TPM gave way more errors than it could possibly solve for me. This could have to do with it being a VM, but I am not sure.
On to the next one!