Remote Access to Mint/Ubuntu Studio 23.xx using RDP

This is about an RDP server on linux and client on …whatever.

Server using gnome-remote-desktop (Failed)

Install it:

sudo apt install gnome-remote-desktop

Generate TLS key and certificate:

mkdir -p ~/.local/share/gnome-remote-desktop/
openssl req -new -newkey rsa:4096 -days 720 -nodes -x509 \
    -subj /C=US/ST=NONE/L=NONE/O=GNOME/CN=gnome.org \
    -out ~/.local/share/gnome-remote-desktop/tls.crt \
    -keyout ~/.local/share/gnome-remote-desktop/tls.key

Steps for Headless (single user) RDP config of gnome remote desktop:

This:

grdctl --headless rdp set-tls-key ~/.local/share/gnome-remote-desktop/tls.key

failes with

Init TPM credentials failed because Failed to initialize transmission interface context: tcti:IO failure, using GKeyFile as fallback.

Workaround from here:

sudo systemd-sysusers
sudo systemd-tmpfiles --create /usr/lib/tmpfiles.d/gnome-remote-desktop-tmpfiles.conf
sudo systemd-sysusers /usr/lib/sysusers.d/gnome-remote-desktop-sysusers.conf
sudo systemd-tmpfiles --create /usr/lib/tmpfiles.d/gnome-remote-desktop-tmpfiles.conf

did NOT work. Ignore it for now.

grdctl --headless rdp set-tls-cert ~/.local/share/gnome-remote-desktop/tls.crt
export PASSWORD=****
grdctl --headless rdp set-credentials $USER $PASSWORD
grdctl --headless rdp enable

Then:

alex@exi > grdctl status
RDP:
	Status: enabled
	Port: 3389
	TLS certificate: /home/alex/.local/share/gnome-remote-desktop/tls.crt
	TLS fingerprint: ******
	TLS key: /home/alex/.local/share/gnome-remote-desktop/tls.key
	View-only: yes
	Negotiate port: yes
	Username: (hidden)
	Password: (hidden)

Alternatively:

gsettings list-recursively org.gnome.desktop.remote-desktop.rdp
org.gnome.desktop.remote-desktop.rdp enable true
org.gnome.desktop.remote-desktop.rdp negotiate-port true
org.gnome.desktop.remote-desktop.rdp port uint16 3389
org.gnome.desktop.remote-desktop.rdp screen-share-mode 'mirror-primary'
org.gnome.desktop.remote-desktop.rdp tls-cert '/home/alex/.local/share/gnome-remote-desktop/tls.crt'
org.gnome.desktop.remote-desktop.rdp tls-key '/home/alex/.local/share/gnome-remote-desktop/tls.key'
org.gnome.desktop.remote-desktop.rdp view-only true

Finally:

systemctl --user enable gnome-remote-desktop.service
systemctl --user restart gnome-remote-desktop.service

Config stored in : /usr/share/gnome-remote-desktop.

gnome-remote-desktop Configuration

Use gnome-control-center:

XDG_CURRENT_DESKTOP=GNOME gnome-control-center

Does not reflect what grdctl status.

Server using xrdp

Install xrdp using this script.

Install:

wget https://www.c-nergy.be/downloads/xRDP/xrdp-installer-1.5.3.zip
unzip xrdp-installer-1.5.3.zip
chmod +x xrdp-installer-1.5.3.sh

Then just launch the script with no options.

To verify:L

systemctl status xrdp.service
systemctl status xrdp-sesman.service

To verify the socket:

ss -lnt|grep 3389

Client (remmina) on Linux

Use remmina.

sudo apt-add-repository ppa:C-ppa-team/remmina-next
sudo apt update
sudo apt install remmina remmina-plugin-rdp remmina-plugin-secret

Worked as expected.

Remmina Configuration

Preferences/RDP

Keyboard Layout: US- English
Keyboard scancode remapping: 0x1D=0x3A,0x3A=0x1D - this swaps CapsLock and Left-Cntrl.
in the client preferences set resolution to dynamic.

Problems:

PolicyKit1 KDE agent dialog: Authentication is required to create a color managed device.

Client - MacOS

Install FreeRDP:

brew install freerdp

Then:

[12:01:31:521] [65803:4ba014c0] [WARN][com.freerdp.core.rdp] - [log_build_warn][0x7fd798017400]: *************************************************
[12:01:31:521] [65803:4ba014c0] [WARN][com.freerdp.core.rdp] - [log_build_warn][0x7fd798017400]: This build is using [runtime-check] build options:
[12:01:31:521] [65803:4ba014c0] [WARN][com.freerdp.core.rdp] - [log_build_warn][0x7fd798017400]: * 'WITH_VERBOSE_WINPR_ASSERT=ON'
[12:01:31:521] [65803:4ba014c0] [WARN][com.freerdp.core.rdp] - [log_build_warn][0x7fd798017400]:
[12:01:31:521] [65803:4ba014c0] [WARN][com.freerdp.core.rdp] - [log_build_warn][0x7fd798017400]: [runtime-check] build options might slow down the application
[12:01:31:521] [65803:4ba014c0] [WARN][com.freerdp.core.rdp] - [log_build_warn][0x7fd798017400]: *************************************************
[12:01:31:521] [65803:4ba014c0] [ERROR][com.winpr.crypto.hash] - [winpr_Digest_Init_Internal]: Failed to initialize digest md4
[12:01:31:521] [65803:4ba014c0] [WARN][com.freerdp.core.rdp] - [log_build_warn_hash][0x7fd798017400]: *************************************************
[12:01:31:521] [65803:4ba014c0] [WARN][com.freerdp.core.rdp] - [log_build_warn_hash][0x7fd798017400]: [SSL] {Digest} build or configuration missing:
[12:01:31:521] [65803:4ba014c0] [WARN][com.freerdp.core.rdp] - [log_build_warn_hash][0x7fd798017400]:  * md4: NTLM support not available
[12:01:31:521] [65803:4ba014c0] [WARN][com.freerdp.core.rdp] - [log_build_warn_hash][0x7fd798017400]: *************************************************
[12:01:31:521] [65803:4ba014c0] [WARN][com.freerdp.core.rdp] - [log_build_warn_cipher][0x7fd798017400]: *************************************************
[12:01:31:521] [65803:4ba014c0] [WARN][com.freerdp.core.rdp] - [log_build_warn_cipher][0x7fd798017400]: [SSL] {Cipher} build or configuration missing:
[12:01:31:521] [65803:4ba014c0] [WARN][com.freerdp.core.rdp] - [log_build_warn_cipher][0x7fd798017400]: * rc4: assistance files with encrypted passwords, NTLM, RDP licensing and RDP security will not work
[12:01:31:521] [65803:4ba014c0] [WARN][com.freerdp.core.rdp] - [log_build_warn_cipher][0x7fd798017400]: *************************************************
This is FreeRDP version 3.10.3 (3.10.3)

FreeRDP Manual

To connect:

xfreerdp /v:192.168.10.50:3389 /u:alex /p:*** /cert:ignore \
	/auto-reconnect-max-retries:0 /smart-sizing +clipboard /home-drive \
	/sec:tls:on

Notes to Self

Alex Sokolsky's Notes on Computers and Programming