Desktop Ubuntu in Amazon EC2 - The Right Way

Thursday, 2nd December 2010 - 22 Comments

Hey - good to see you! If you are new here, you can subscribe to the RSS feed for updates on this topic.

Recently I have had to run a Java app on a server which required a GUI front-end to operate. The majority of my experience with servers in "the cloud" has been via command line SSH connection. For this I tend to use the latest LTS release of Ubuntu Server. Ubuntu Server by design is lean and mean, not possessing any native GUI capabilities and hence I needed to find an alternative. It was suggested to me that I give XVNC a go, but that obviously requires an installation of the X system. After reading many tutorials, it seemed that people had became bogged down in X configuration files with screen resolution and persistent monitor issues. I did not want any part of that so I considered whether I could run Ubuntu Desktop instead.

I will be using Amazon EC2 for this demonstration. I keep threatening to write up a full guide to EC2, but until that day I will assume that you have an Amazon Web Services account. I'll also assume you know how to create new instances from an Amazon Machine Image (AMI), key-pairs and security groups within the AWS Management Console. The most recent LTS version of Ubuntu is 10.04 (Lucid Lynx), which is the version I will use for this tutorial. Here is a list of all Canonical Official AMIs. I will use the daily build of Lucid Lynx 10.04 LTS, 32-bit, EBS-backed, which has an AMI code of ami-9f8573f6.

Connecting to the desktop instance will require a means of sending over the X-Windows screen. We will use the NoMachine NX server, which not only allows remote GUI connections but greatly increases the responsiveness of the desktop even over low bandwidth connections. All of the interaction is handled over the SSH protocol, so we will only need to open port 22 on our server machine in order for NX to function.

AMI Installation

The first task is to launch the instance using the Community AMI with code ami-9f8573f6. This AMI is EBS-backed, which means it resides on an Elastic Block Store volume. This ensures that you can Stop/Start the server without losing your data between reboots. Although I still encourage you to backup your data to a service such as S3!

Open up the EC2 management console window and select Launch Instance. You will be presented with the following screen:

EC2 Management Console Launch Instance Screen

Click on Community AMIs and then type in ami-9f8573f6 to the right of the All Images dropdown menu. Be patient as it can take around 10 seconds for Amazon to find the disk image. Once it shows up, click on Select.

Select the Community AMI

The next screen allows you to determine the quantity, type and location of the instance(s) you wish to launch. I am selecting a single small instance in any availability zone. Click on Continue to proceed.

EC2 Instance Details

If you wish to modify the kernal or RAM disk, then this is the screen to do it. You may also wish to enable CloudWatch monitoring, but that costs more! I have gone with the defaults. Click on Continue to proceed.

Kernal or RAM disk modification

Tagging your instances is a good idea, especially if you have a lot of them. I've added a description with the operating system and version number. You may wish to add more. Once you're happy with your tags, click on Continue to proceed.

Tagging your EC2 instances

If you already have a keypair, and more importantly, know where you originally downloaded it, then select Choose From Existing Keypairs, select your keypair and then continue. If you do not have a keypair, then select Create a new Key Pair, name your keypair and download it. You will need to put it somewhere accessible as we will be modifying the permissions of this file later. Once you have copied the keypair information, click Continue to head to the next screen.

Creating a keypair for your EC2 instance

You may already have a security group enabled for your instances. I have chosen to create a new one, which has the rule of only allowing SSH connections (via port 22). You may want to be more restrictive by only allowing a subset or single IP address to access the machine. Adjust the security rules as you see fit, then add your rules. Once they are added make sure to name your security group with something descriptive. I have chosen desktopssh. Click Continue to review your configuration.

Enabling a security group for your EC2 instances

All of the configuration looks nominal, so select Launch to fire up your instance. After half a minute or so it will be activated.

Launch an instance

The final task is to click on your instance and obtain it's Public IP address, which we will use for the connection. It will be of the form ec2-***-***-***-*** where the asterisks represent the IP address of the instance. Note it down as we will require this later when logging in.

Server Configuration

Now that the instance is running, you will need to access it via SSH. I will assume you are usnig a Linux distribution with access to a terminal or equivalently, you can use Putty in Windows.

Earlier we placed the keypair file in the ~/myuser/amazon/ directory. Attempting to use this keypair while logging in will cause SSH to throw an error that the default read permissions on the file are too insecure. Therefore we need to remove the read permissions for groups and others, while retaining it for the user. Thus we change permissions from 644 to 400:

chmod 400 keypair.pem

Now we can SSH into the Amazon instance using the keypair. Remember to replace the asterisks below with your specific host which can be seen from the AWS Management Console:

ssh -i /path/to/keypair.pem ubuntu@ec2-***-***-***-***

Now that we are logged into the Amazon instance, we need to perform some essential system maintenance, which includes updates, an upgrade and installation of some additional packages. I have chosen to install build-essential and Emacs 2.3. If you are comfortable with another text editor, then you can skip the install of emacs23:

sudo apt-get update
sudo apt-get ugrade
sudo apt-get install build-essential emacs23

At this stage you have the choice of creating a new user. Canonical AMIs ship with "ubuntu" as a sudo-enabled user by default, but if you wish to create an alternative, then read the following section, otherwise skip to Desktop Installation below.

The first task is to add the user with name myuser (which you can obviously replace with your choice!). Ubuntu provides a handy shortcut which takes care of home directory creation:

sudo adduser myuser

You will be prompted to enter a password. I won't lecture you about password security, but a long (16-20 characters) random string of punctuation, numbers, lower and upper-case letters is your safest bet here. I do not usually bother entering any of the other information unless I am on a multi-user system. The choice is yours.

If you wish the user to gain sudo administrator privileges, then the user and permissions need to be added to the sudoers file. The safest way to carry this out is to use visudo, which performs sanity checking and parsing on the sudoers file after an edit. Naturally, visudo requires sudo privileges to run:

sudo visudo

Add the following line below the ubuntu user, then save the file and exit:

myuser ALL=(ALL) ALL

The most secure method for authenticating against this user is to use a keypair for password-less logins. However, if you prefer to use a password login then you will need to modify the SSH daemon configuration to allow it. Open up the sshd_config file:

sudo emacs /etc/ssh/sshd_config

Set PasswordAuthentication to "yes" where it says "no", then save and exit. You will have to restart the SSH daemon for this to take effect:

sudo /etc/init.d/ssh restart

You can continue using the ubuntu user from now on or can exit and log back into the server with the myuser account. If you chose password login then it will prompt you for this upon successful SSH connection, else you will need to use the -i flag with your chosen keypair, as above.

Desktop Installation

The next step is to install the Ubuntu Desktop functionality. This essentially means install the X window system and the window manager. My personal choice is Gnome, but Ubuntu ships with KDE among others. The first task is to change the environment variable DEBIAN_FRONTEND to noninteractive so that we do not have to enter any commands while installing. We then run a second update to make sure we can see the correct desktop packages. Finally we install the ubuntu-desktop package. Bear in mind that the last command will take around 15-20 minutes, so grab a coffee while waiting.

export DEBIAN_FRONTEND=noninteractive
sudo -E apt-get update
sudo -E apt-get install -y ubuntu-desktop

You now have a Ubuntu Desktop 10.04 living in the cloud! Although, we can't do much with it yet as we can't connect to it via a GUI remote connection. This is where NoMachine FreeNX comes in.

Installing FreeNX Server

FreeNX is a utility which allows us to connect to the server and start an X session, running a window manager on top. To install it we need to add access to the correct repositories. In Ubuntu 9.10, a handy command line shortcut, add-apt-repository, was added to stop having to poke around in the package universe configuration files. Add the FreeNX repository, update again and install FreeNX via the following commands:

sudo add-apt-repository ppa:freenx-team
sudo apt-get update
sudo aptitude install freenx

There is some minor maintenance to perform before the software will function correctly. Firstly, a setup file must be downloaded. Change to your designated file downloaded directory and then download the following file:


Unpack the file and move it to the NX installation directory. Finally, change the ownership of the file to the root user and install it:

tar zxvf nxsetup.tar.gz
sudo mv nxsetup /usr/lib/nx/nxsetup
sudo chown root:root /usr/lib/nx/nxsetup
sudo /usr/lib/nx/nxsetup --install

You will be asked if you wish to generate a new user key. Type "N", as we have already created a user above. If you have any difficulty with the above steps, there is a more comprehensive installation guide at the Ubuntu Community FreeNX page.

At this stage the server is configured to allow remote GUI connections using FreeNX and possesses all of the necessary window systems and managers in order to provide a cloud-based desktop experience! The next stage is to install a NX client on your local machine so that you can log into the system.

Installing the NX Client

Thankfully, installing the client is extremely straightforward. I've listed all of the download link hierarchies here, so that you can pick the correct package for your operating system. Visit the NoMachine download page and then click on your preferred operating system. As stated above, I am assuming you are using Ubuntu Desktop on your local box, so head to the download linux client page. Then you can select the .deb package which will take you to the debian package download page. Select Download Package and it will ask you to open it with the Ubuntu Software Centre.

NoMachine Download Page

Once the program is installed, it will be in your menu under Applications > Internet > NX Client for Linux > NX Client for Linux. Open it up and then type in your login details, using the username/password combination that you created above. Then type a new session name and hit Configure. Fill in your host name and select the screen resolution that you wish to use. I have selected Gnome as the window manager, but you can change that if you prefer.

Configure your NX client

Connecting to the Server-Desktop

The final step is to click Save and OK and then Connect. After a brief interlude, you should be presented with a full-fledged Ubuntu Desktop in the cloud!

Ubuntu desktop in the cloud!

I've found this to be extremely useful for some applications that I am using. Please let me know in the comments below how you have made use of your desktop in the cloud, as I would be very keen to find new ways of using a setup like this.

22 comments ... read them below or add one

Michael Halls-Moore 7th December 2010 - 8:15 am

Thanks John.

X2Go looks quite interesting. I like the fact it's open source. I believe that NXServer is free as in beer, but not as in speech.

Do you think NeatX-Server will mature?

Tim 7th December 2010 - 3:10 pm

I cant seem to get authenticated, though the rest of this process goes smoothly (nxsetup is no longer at the link provided). Nomachine requires a password, but I am using keypairs for authentication. Even when using passowrd authentication it seems to fail.

Leo 8th December 2010 - 12:21 pm


Thanks a lot for the explanation, this is exactly what I was looking for!!!

Now, there is one more detail I need to solve. The GUI application I start in the cloud has to stay open even if I disconnect.

So I would like to:

* Open the Ubuntu Desktop in the cloud using my laptop.
* Launch weird GUI app in the cloud.
* Close Ubuntu Desktop in the cloud (or just disconnect from it).
* Connect to ubuntu using a terminal
* Start a simple console app that has to talk to the weird GUI app.
* Let my app running in the background.
* Disconnect from the Ubuntu console in the cloud.
* Be happy!!!.

(maybe return to the same session later to see how the GUI app is doing)

Do you know if this is possible with the setup you have? if so, how would you do it?...

That would be awesome!!!

Thanks a lot Michael

Leo 10th December 2010 - 5:16 am

I decided to give it a try...

The NX client keeps the session open! I don't have to do anything else... awesome!

Thanks a lot for the tutorial, now I am a total EC2 convert ...


Michael Halls-Moore 10th December 2010 - 9:58 am

Tim: I think the link probably still is there, it's more likely due to the formatting of my CSS on the link. Here is the actual command to grab the extra setup file: wget

Make sure to have a look at the Ubuntu Community documentation, the guide is extremely comprehensive.

Leo: I've been investigating a similar scenario, as I need to keep the server on 24/7 as well. How did you manage to keep it going? In the NX client I find that when I close it down I have the option to "Terminate" or "Suspend", but both seem to shut down the session, even when I log in under the same credentials! If you have some insights, it would be great to add them to this article!

Thank you both for the comments though, much appreciated.

Leo 20th December 2010 - 7:56 am

Hello Michael,

I do the same thing you are trying and everything works well!. I just login with NX and choose "Suspend" when I close the client. Next time I login with the same credentials I am back to the same session. That is using the same pc though, I still have to try opening the same session from different machines... I hope it works!

I have been logging in and out to the same session for more than a week and it has been great, I hope you can figure out the problem soon.

Thanks again and good luck,

Vivek 1st January 2011 - 1:11 pm

Very accurate setup guide! I am new to Ubuntu & Linux in general. Followed your steps and was able to setup ubuntu desktop on EC2.

I had trouble locating the right AMI. I tried to use Bitnami but did not work. Finally got it working using ami-a2f405cb.

wget step did not work so I used "sudo wget..." instead.

It would be very helpful if you can provide steps to save this EC2 instance for future use.

Michael Halls-Moore 2nd January 2011 - 6:15 am

Vivek: I need to update the article actually, as I tried locating the same AMI myself the other day and couldn't find it! I presume the issue is that Canonical keep updating the daily build and hence the AMI changes each time.

I'm not sure about the wget issue - maybe you were downloading the file to a directory you didn't have permissions for?

Satish 1st February 2011 - 5:49 am

Fantastic guide. Good job! Saved me a lot of time. The only issue I am facing at the moment is when I log on to NXClient and then synaptic package, it does not allow me to log in as the user I created and asks me for the root password. Is there a workaround for this ?

Michael 2nd April 2011 - 6:48 am

Excellent guide, but for those using the Ubuntu 10.10 "Maverick" AMI, you'll have to slightly adjust the "Installing FreeNX Server" instructions:

Because there are no packages for Maverick yet, you'll have to

sudo sed -i 's/maverick/lucid/g' /etc/apt/sources.list.d/freenx-team-ppa-maverick.list

instead of "sudo add-apt-repository ppa:freenx-team". This will install the packages for Lucid, but according to they should work fine. If you have executed the sed-command, continue with the steps and run "sudo aptitude install freenx" next.

Sreenu Sasubilli 6th June 2011 - 3:08 am

Excellent instructions! Worked like charm!

Eric 18th July 2011 - 8:21 pm

Thanks for the excellent instructions.

I can create an running instance and connect to it from the no machine client. Using the AWS console, I can also stop the instance and restart it later and it still works great.

However, when I use the AWS Console's 'Create Image (EBS AMI)' command on the running instance, and boot the resulting AMI, my client will not authenticate on the new instance.

Looking at auth.log, it seems that the client connects as use "nx" successfully, then tries to create an nx session and authenticate with a password -- and dies.

Any ideas?

mike 14th October 2011 - 10:59 pm

fine work sir - first time :)

Samson 18th November 2011 - 3:09 pm

Looks like a fantastic guide. I have wasted hours today to install gnome under my FREE EC2 Tier but failed. I'm going to create a new instance and hope I'm able to set up GUI interface using the instructions above.

Jon Reynolds 12th December 2011 - 4:29 pm

THANK YOU! Brilliant post and everything I needed to know to get this working. Works spot on! Thank you very much for sharing!

Omri 19th April 2012 - 5:45 am

Awesome guide, will recommend to clients !

Anshu 23rd July 2012 - 3:30 pm

I followed this guy but I'm getting the following error on the NXCLIENT...

NX service is not available or the NX access was disabled on host

NX> 203 NXSSH running with pid: 2929
NX> 285 Enabling check on switch command
NX> 285 Enabling skip of SSH config files
NX> 285 Setting the preferred NX options
NX> 200 Connected to address: on port: 22
NX> 202 Authenticating user: nx
NX> 208 Using auth method: publickey
NX> 204 Authentication failed.

anshu 23rd July 2012 - 3:57 pm

So I've got it working up to the point where it gives me an error saying
"Authentication failed for user " in the alert box with no additional details available..

isomorphismes 16th December 2012 - 10:28 pm

This looks great, unfortunately I only have root privileges on the EC2 and not on my client machine. I'll try modifying your instructions to ssh -X rather than no machine and post again if it works. Thanks for the writeup.

cisco182 27th January 2013 - 10:25 pm

Now tht you have the Freenx server installed, you will want to configure it to use the ubuntu-2d session for any Freenx clients. The ubuntu-3d session doesn’t work with Freenx and will give you an error message “Failed to load session “gnome-fallback”".

sudo echo -e "\n#Use unity 2d for client sessions\nCOMMAND_START_GNOME='gnome-session --session=ubuntu-2d'"|sudo tee -a /etc/nxserver/node.conf
All done, you should be able to connect using NoMachine’s free client.

cisco182 27th January 2013 - 10:25 pm

Now tht you have the Freenx server installed, you will want to configure it to use the ubuntu-2d session for any Freenx clients. The ubuntu-3d session doesn’t work with Freenx and will give you an error message “Failed to load session “gnome-fallback”".

sudo echo -e "\n#Use unity 2d for client sessions\nCOMMAND_START_GNOME='gnome-session --session=ubuntu-2d'"|sudo tee -a /etc/nxserver/node.conf
All done, you should be able to connect using NoMachine’s free client.

cisco182 27th January 2013 - 11:33 pm

the other option is to install gnome classic after ubuntu desktop.
then you will have no problems.

All comments will need to be manually verified before they appear on the site as I receive a huge number of spam comments, some of which slip through the automated net! Please be patient while I moderate it.

Leave a Comment
Your name is required.
This will not be published.
This is not required.
Write your comment here.