A Remote Access Alternative
+ a guide for setting up Guacamole 1.5.1
Does your remote control tool have these options?
- Disabling clipboard access: This prevents unauthorized copying and pasting of sensitive data, ensuring that confidential information remains secure.
- Graphical session recording: This feature allows managers and employers to review sessions in detail, which can be crucial for accountability and resolving any disputes that may arise.
- TOTP two-factor authentication: Enhancing login security by requiring an additional layer of authentication, such as a one-time password generated by a user’s mobile device, significantly reduces the risk of unauthorized access.
- Account restrictions: Employers can set limits on user accounts, such as restricting access to specific resources or setting time-based access rules. This level of control helps maintain a secure remote work environment and prevents abuse.
if your existing remote access software doesn't have all the features listed above you're opening you and your company up to unnessary liability. Give us a call to discuss a solution that can increase security and convenience. (615) 200-8045.
Before diving into the setup instructions, I want to emphasize that these instructions are intended for IT admins and technical staff to help with their setups. My intention for providing these instructions is to offer a clear and up-to-date guide on getting Guacamole up and running, as many online tutorials are either outdated or require Docker. I strongly recommend that you only attempt this if you have experience with hosting, virtualization/hypervisors, and Linux. Proceeding without the necessary background and understanding could result in unintended consequences. Furthermore, once you have the Guacamole site up and running, you should look into hardening the security of the web app.
With this understanding, please note the following assumptions for this guide:
A fresh Debian 11 installation on a VM
Native installation, not Docker
Tomcat9 or earlier is required, as the latest version of Tomcat is not compatible
I will not be providing further instructions for security hardening the install, like forcing HTTPS and network restrictions
This guide is for the latest version of Guacamole, 1.5.1
With that said, let’s get started.
- A fresh Debian 11 installation on a VM
- Native installation, not Docker
- Tomcat9 or earlier is required, as the latest version of Tomcat is not compatible
- I will not be providing further instructions for security hardening the installation, like forcing HTTPS and network restrictions
- This guide is for the latest version of Guacamole, 1.5.1
With That Said, Let's Get Started!
# Update all the things
sudo apt update
sudo apt upgrade
#If you run into permissions or sudoer problems you can either login as root using "su -" or temporarily add your user to the sudoers group. (which is what I did)
apt-get install adduser
apt-get install sudo
sudo apt install passwd
sudo usermod -aG sudo Yourusername
#After adding the user to the sudo group, you can switch back to the mct user with the following command:
su - Yourusername
#You can confirm if the permissions to the user were applied correctly by running the following:
sudo -l -U Yourusername
#Install the required packages
sudo apt install default-jdk maven libjpeg-dev libpng-dev libtool-bin autoconf automake make libcairo2-dev libjpeg62-turbo-dev libpng-dev libossp-uuid-dev freerdp2-dev ghostscript libavcodec-dev libavutil-dev libswscale-dev libtelnet-dev libvncserver-dev libpulse-dev libssl-dev libwebsockets-dev libtool-bin tomcat9 tomcat9-admin tomcat9-common tomcat9-docs tomcat9-examples
# Download Guacamole 1.5.1
tar -xzf guacamole-server-1.5.1.tar.gz
#Change directory into the extracted folder
#Build and install Guacamole Server:
sudo make install
#Download Guacamole Client source code:
tar -xzf guacamole-client-1.5.1.tar.gz
#Build Guacamole Client:
If the build fails due to a Java issue you’ll need to verify the path of the java environment
$ export JAVA_HOME=/path/to/java
then set the JAVA_HOME variable appropriately. For me, it was /usr
Now when you run “mvn package” the build should be successful.
#Move up a folder:
#Deploy Guacamole, this puts the web app into the directory tomcat will serve:
sudo cp guacamole-client-1.5.1/guacamole/target/guacamole-1.5.1.war /var/lib/tomcat9/webapps/guacamole.war
sudo systemctl restart tomcat9
sudo systemctl start guacd
That should do it! Now to access Guacamole you’ll just need to open a browser and navigate to the IP or Hostname address of your server using the default port 8080. By default the guacmole app is not in the root of the tomcat folder so make sure to add the /guacamole after the port as well.