Skip to content

5. XRDP.md

Latest commit

ย 

History

History
250 lines (167 loc) ยท 4.09 KB

5. XRDP.md

File metadata and controls

250 lines (167 loc) ยท 4.09 KB

What is XRDP

XRDP is an open-source Remote Desktop Protocol (RDP) server for Linux systems. It allows users to access a Linux desktop environment remotely using Microsoftโ€™s Remote Desktop Client (RDP), typically from a Windows machine or any RDP-compatible client.

XRDP Setup

Installing GUI on Server

Install the GUI environment:

yum groups install "Server with GUI"
  • Installs a graphical user interface, which is required for remote desktop access.

Verifying Xrdp Installation

Check if xrdp is already installed:

rpm -qa | grep xrdp
  • Lists installed packages matching xrdp.

Installing Xrdp

Install xrdp using yum:

yum install xrdp
  • Downloads and installs the xrdp package.

Check again if xrdp is installed:

rpm -qa | grep xrdp

Checking Xrdp Package Information

Display detailed information about xrdp:

rpm -qi xrdp

List files installed by xrdp:

rpm -ql xrdp

List configuration files for xrdp:

rpm -qc xrdp

Configuring Xrdp SSL Protocols

Edit the xrdp configuration:

vim /etc/xrdp/xrdp.ini

Set SSL protocols inside the [Globals] section:

ssl_protocols=TLSv1, TLSv1.1, TLSv1.2, TLSv1.3
  • Ensures support for modern encryption standards.

Sample Xrdp.ini Configuration

Example snippet from /etc/xrdp/xrdp.ini:

[Globals]
fork=true
port=3389
use_vsock=false
tcp_nodelay=true
tcp_keepalive=true
security_layer=negotiate
crypt_level=high
ssl_protocols=TLSv1, TLSv1.1, TLSv1.2, TLSv1.3
allow_channels=true
allow_multimon=true
bitmap_compression=true
new_cursors=true
  • Customize based on server performance and security needs.

Filtering Command Only Apply Configuration File

cat /etc/xrdp/xrdp.ini | grep -v '^#' | grep -v ';' | sed '/^$/d'

After Filtering this Result

[Globals]
fork=true
port=3389
use_vsock=false
tcp_nodelay=true
tcp_keepalive=true
security_layer=negotiate
crypt_level=high
ssl_protocols=TLSv1, TLSv1.1, TLSv1.2, TLSv1.3
allow_channels=true
allow_multimon=true
bitmap_compression=true
new_cursors=true

[xrdp1]
name=sesman-Xvnc
lib=libvnc.so
username=ask
password=ask
ip=127.0.0.1
port=5910
delay_ms=2000

Restarting Xrdp Service

Restart xrdp to apply configuration changes:

systemctl restart xrdp

Verifying Xrdp Port Listening

Check if xrdp is listening on TCP port 3389:

netstat -nltup | grep 3389
  • Confirms network service is active.

Firewall Configuration Using Firewalld

Opening Port 3389

Allow TCP port 3389 for xrdp:

firewall-cmd --permanent --add-port=3389/tcp
  • Opens the remote desktop port permanently.

Reloading Firewall to Apply Changes

Apply the new firewall rules:

firewall-cmd --reload

Verifying Open Ports

List all allowed ports:

firewall-cmd --list-ports

Or list complete firewall settings:

firewall-cmd --list-all

Optional Zone-Based Configuration

Add rule specifically to the public zone:

firewall-cmd --zone=public --permanent --add-port=3389/tcp
firewall-cmd --reload

Check the active firewall zones:

firewall-cmd --get-active-zones

List ports in the public zone:

firewall-cmd --zone=public --list-ports

Connecting to the Xrdp Server

Connect from a client machine:

rdesktop 192.168.12.145
  • Replace 192.168.12.145 with your server's IP address.
  • Alternatively, you can use Windows Remote Desktop (mstsc).

Configuring SELinux for Xrdp

Adjust SELinux context for xrdp binaries:

chcon --type=bin_t /usr/sbin/xrdp
chcon --type=bin_t /usr/sbin/xrdp-sesman
  • Helps prevent SELinux from blocking xrdp.

Additional Notes

  • Configure SSL certificates for production environments.
  • Customize the login screen appearance using settings inside [Globals].
  • Troubleshoot connection issues by checking xrdp logs and SELinux audit logs.
  • Always use secure passwords and update your packages regularly.
โšก