How To Setup Secure Remote Desktop using X2Go on Ubuntu/Debian

The typical solution to interacting with a graphical interface on a remote computer running Linux or other *nix variants is Virtual Network Computing (VNC). Unfortunately, VNC is notoriously creepy, insecure by default, and requires a lot of manual configuration to get up and running.

This article will guide you through the steps to set up a secure remote desktop using X2Go on Ubuntu, Debian or any other version of Linux.

For this guide we're using Debian because some versions of Ubuntu's default DE, Unity, aren't compatible with X2Go. And, alternative desktop environments can sometimes be problematic on Ubuntu.


To begin, you will need a Debian 8 x64 instance with 1 or 2GB of RAM and a user with sudo privileges.

Securing the Server

To secure our server, we'll be using Uncomplicated Firewall (UFW), because it's less error-prone to beginner mistakes, easier to understand and manage, and fits better with our goal of only allowing connections to one port.

Install UFW:

sudo apt-get install ufw

By default, the firewall should be inactive at this point. You can check with:

sudo ufw status verbose

The result should be:

Status: inactive

Verifying the status at this point is important to avoid locking ourselves out if ufw is active when we block all incoming connections later.

If UFW is already active, disable it with:

sudo ufw disable

Now, set the default firewall rules to deny all incoming connections and allow all outgoing ones:

sudo ufw default deny incoming
sudo ufw default allow outgoing

And, allow SSH connections to the server (port 22):

sudo ufw allow 22

With the rules in place, let's activate ufw:

sudo ufw enable

This will output:

Command may disrupt existing ssh connections. Proceed with operation (y|n)?

Type y and press ENTER to activate the firewall. 

With our firewall in place, there's only one point of entry to our server, and we're ready to install the graphical environment for the X2Go server.

Installing the Desktop Environment

We'll install the XFCE desktop environment. There are two ways to achieve this, but you only need to choose one—either the Minimal Desktop Environment or the Full Desktop Environment.

Minimal Desktop Environment: If you want to install a small, core set of packages and then build on top of them by manually adding whatever you need afterward, you can use the xfce4 metapackage.

A metapackage doesn't contain software of its own, it just depends on other packages to be installed, allowing for an entire collection of packages to be installed at once without having to type each package name individually at the command line.

Install xfce4 and all of the additional dependencies needed to support it:

sudo apt-get install xfce4

Full Desktop Environment: If you don't want to handpick every component you need and would rather have a default set of packages, like a word processor, web browser, email client, and other accessories pre-installed, then you can choose task-xfce-desktop.

Install and configure a complete desktop environment that's similar to what you would get with Debian XFCE from a bootable DVD on your local PC:

sudo apt-get install task-xfce-desktop

Now that our graphical environment is installed and configured, we need to set up a way to view it from another computer.

Installing X2Go on the Server

X2Go comes with two main components: the server, which starts and manages the graphical session on the remote machine, and the client, which we install on our local computer to view and control the remote desktop or application.

Since Debian does not include the X2Go server in its default repositories, we have to add an extra repository to the package manager's configuration.

First, import the X2Go's developers' public key. This is a security measure to ensure that we can only download and install packages which are properly signed with their private keys.

sudo apt-key adv --recv-keys --keyserver E1F958385BFE2B6E

Now, add the repository to the package manager's config files:

echo 'deb jessie main' | sudo tee /etc/apt/sources.list.d/x2go.list

This creates the file /etc/apt/sources.list.d/x2go.list and adds the line deb jessie main to it, telling the package manager where to find the supplementary packages.

To refresh the database of available software packages, enter the following command:

sudo apt-get update

And, finally, install X2Go on the server:

sudo apt-get install x2goserver x2goserver-xsession

At this point, no further setup is required on your server. However, keep in mind that since SSH password authentication is disabled for increased security, you'll need to have your SSH private key available on any machine that you want to log in from.

We are now done setting up the server and can type exit or close the terminal window. The rest of the steps will focus on the client for your local machine.

Installing the X2Go Client Locally

If you're using Windows on your local machine, you can download the client software from

After you select your preferred language and agree to the license, a wizard will guide you through each step of the installation process. Normally, there shouldn't be any reason to change any of the default values pre-filled or pre-selected in these steps.

If you're running macOS locally, you can find the client software at

Double-click the .dmg file to open a folder containing the copyright, license, and X2Go client executable, then double-click the executable to start the client.

And, if you're using Debian or Ubuntu you can install the X2Go client with:

sudo apt-get install x2goclient

If you'd like additional information about the clients or you'd like to build from the source, you can visit X2Go's official documentation.

Now that the desktop client is installed, we can configure its settings and connect to the X2Go server to use our remote XFCE desktop.

Connecting to the Remote Desktop

When you first open the X2Go client, the following window should appear. If it doesn't, click Session in the top-left menu and then select New session

In the Session name field, enter something to help differentiate between servers. This can be particularly useful if you plan on connecting to multiple machines, since all of the names will be listed in the program's main window once you save your settings.

Enter your server's IP address or hostname in the Host field under Server.

Enter the username you used for your SSH connection in the Login field.

And, since it's what we installed in Step Two, choose XFCE as your Session type.

Finally, because we log into the server with SSH keys, click the folder icon next to Use RSA/DSA key for ssh connection and browse to your private key.

The rest of the default settings should suffice for now, but as you get more familiar with the software, you can fine tune the client based on your individual preferences.

After pressing the OK button, you can start your graphical session by clicking the white box that includes your session name on the top-right side of the screen.

In a few seconds, your remote desktop will be displayed, and you can start interacting with it. At first login, XFCE will ask if you want to Use default config or One empty panel. The first option will create a rectangular panel docked at the bottom of the screen, containing a few useful application shortcuts (e.g. a file manager, a terminal emulator, a browser, etc.). This option will also add a top panel to the desktop that includes utilities like an application launcher, a clock, a shutdown menu, and more.

Unless you're already familiar with XFCE, opting for an empty panel can be more complicated since you'll be starting from scratch. There will be no taskbar, no clock, no pre-configured start menu; it will be up to you to add everything to an empty panel on your own.

Additionally, on Windows and Linux-based operating systems, there are a few useful keyboard shortcuts you can use for a better experience:

CTRL+ALT+F will toggle full-screen mode on and off. Working in full-screen mode can feel more like a local desktop experience. Plus, other keyboard shortcuts will be grabbed by the remote OS instead of the local one.

CTRL+ALT+M will minimize the remote view, even if you are in full-screen mode

CTRL+ALT+T will disconnect from the session but leave the GUI running on the server. It's just a quick way of disconnecting without logging off or closing applications on the server. The same will happen if you click the window's close button.

Lastly, there are two ways you can end the remote session, closing all of the graphical programs running in it. You can log off remotely from XFCE's start menu, or you can click the button marked with a circle and a small line (like a power/standby icon) in the bottom right corner of the main portion of the screen.

The first method is cleaner but may leave programs like session managing software running. The second method will close everything but may do so forcefully if a process can't cleanly exit. In either case, be sure to save your work before proceeding.

Lastly, Go into XFCE's control panel, navigate to power settings and disable all standby features. If you don't use the desktop for a while, XFCE will try to trigger a standby. Although the server normally won't do anything when it receives this request, it's better to avoid any unforeseen behaviors altogether.


You now have a working "cloud desktop," complete with all the advantages of an always-online, remotely-accessible, computing system.