Installing an XRDP Remote Desktop Server on Linux and Resolving Connection Issues

ra1ahq.blog

10 min

September 2, 2021

This article explains how to set up a connection to Linux via RDP (Remote Desktop Protocol).

RDP is the most common protocol for remote work (or PC administration), in which the computer screen is displayed on a remote PC, controlled by mouse and keyboard. RDP can be used between PCs with different operating systems - both Windows and Linux.

The following guide was written after successfully installing and running an RDP server under Linux Runtu (Description: Ubuntu 20.04.3 LTS) and Linux Mint "Uma" Description: Linux Mint 20.2).

Installing and configuring RDP in Linux

If you have previously failed to configure xrdp, the first thing to do is to remove the xrdp and xorgrdp packages and their configurations in order to install from scratch.
```
sudo apt-get purge xrdp xorgxrdp
```

First you need to update the packages versions:

sudo apt-get update & sudo apt-get upgrade & sudo apt-get dist-upgrade

If the operating system is Ubuntu Linux 16.04 or 18.04, or 20.04 or 21.04, I advise you to use the ready-made script from the site to install xrdp

https://c-nergy.be/downloads/xRDP/xrdp-installer-1.4.zip - download the archive and extract the script.

The documentation for the "xrdp-installer" program is located at https://c-nergy.be/blog/?p=17810 , and the program itself displays a brief reference about the possible parameters of its call when you run the sh-file with the key - -help:

bash xrdp-installer-1.4.sh --help

You do not need to enter the sudo command to run it, when necessary it will ask for the su password. Run, for example, like this:

chmod +x xrdp-installer-1.4.sh
./xrdp-installer-1.4.sh

And then proceed to the FINAL XRDP SETUP and Diagnostics sections .

If the operating system is not one of those listed, the installation path is longer.

sudo apt-get install x-window-system xserver-xorg xserver-xorg-core
sudo apt-get install  xserver-xorg-legacy

Reconfiguring the package

sudo apt-get install xserver-xorg-legacy
sudo dpkg-reconfigure xserver-xorg-legacy

window for configuring Xorg startup:

in which I entered the last item that gives the most rights - "Anyone".

This command writes to the cat /etc/X11/Xwrapper.config file:
allowed_users=anybody

Install packages needed to run xrdp:

sudo apt-get install libx11-dev libxfixes-dev libssl-dev libpam0g-dev libtool libjpeg-dev flex bison gettext autoconf libxml-parser-perl libfuse-dev xsltproc libxrandr-dev python3-libxml2 nasm fuse pkg-config git intltool checkinstall

Installing two main XRDP packages:

sudo apt-get install xrdp xorgxrdp xserver-xorg-input-all

You may notice that the installer will generate an RSA key.
In order for the operating system to be able to read this key, you need to add the user xrdpto the group ssl-cert:

sudo adduser xrdp ssl-cert

Next, you need to install the full MESA graphics subsystem and video card drivers. For what?
The fact is that there is a chain: RDP client -> network -> Xrdp server -> Xsession -> Xorg -> MESA -> OpenGL Driver -> video card
.

sudo apt-get install libgl1-mesa-dri libglew1.5-dev libglew-dev libgles2-mesa-dev libglm-dev mesa-utils-extra mesa-common-dev freeglut3 freeglut3-dev

Finally, the video card must support OpenGL version 2.1 or higher and have the Linux driver installed.

If the old computer is based on Interl 945 chipsets (under the common name i915) - you need to install a modified, third-party driver, because. on regular drivers, OpenGL 1.4 mode is enabled by default, while 2.1 is needed. Otherwise there will be errors (see "Errors" section below)

If the following command prints out that OpenGL is a high version, nothing needs to be done:

glxinfo | grep OpenGL

An example of a good driver version is 2.1 (pay attention to the OpenGL version string:
OpenGL vendor string: Mesa Project
OpenGL renderer string: i915 (chipset: 945G)

OpenGL shading language version string: 1.20
OpenGL extensions:
OpenGL ES profile version string: OpenGL ES 2.0 Mesa 21.3.0-devel (git-dfef775 2021-09-02 focal-oibaf-ppa)
OpenGL ES profile shading language version string: OpenGL ES GLSL ES 1.0.16
OpenGL ES profile extensions:

If version 1.4 is old, which is not suitable for XRDP, the output of the command glxinfois:
OpenGL vendor string: Intel Open Source Technology Center
OpenGL renderer string: Mesa DRI Intel(R) 945G
OpenGL version string: 1.4 Mesa 21.0.3
OpenGL extensions:
OpenGL ES profile version string: OpenGL ES 2.0 Mesa 21.0.3
OpenGL ES profile shading language version string: OpenGL ES GLSL ES 1.0.16
OpenGL ES profile extensions:

An old version of the driver supporting OpenGL 1.4 (installed by default from the "xserver-xorg-video-intel" package). this version of OpenGL 1.4 is not suitable.

Installing a new version of the driver (ONLY FOR OLD i915 - i925 - i945 INTEGRATED GRAPHICS CHIPSETS)

sudo add-apt-repository ppa:oibaf/graphics-drivers && sudo apt-get update && sudo apt-get upgrade && sudo apt-get dist-upgrade && sudo reboot

This command will update the graphics driver packages for Intel integrated graphics and reboot .

PS If you need to remove the PPA repository later, for example, after installing a new video card, the command to remove it is: sudo ppa-purge ppa:oibaf/graphics-drivers.

Permission to connect to the X server "for everyone" - given earlier by the command sudo dpkg-reconfigure xserver-xorg-legacy
The configuration is written to a file
```
sudo ls -l /etc/X11/Xwrapper.config
```

If necessary, you can view its contents or edit it.

sudo nano /etc/X11/Xwrapper.config

Note console - Xorg is only available to console users, anybody to everyone. The default is console.
See command for details man Xwrapper.config.

Setting up OpenGL graphics (mandatory only for PCs with older chipsets with integrated i915 graphics):

Displaying the graphics adapter model:

lspci | grep VGA

If the graphics adapter is the integrated graphics of the Intel 915 or 82945G chipset, go to the directory

cd /usr/share/X11/xorg.conf.d/

create a file 20-intel.conf:

sudo nano 20-intel.conf

add the text to it:
Section "Device"
        Identifier "Intel Graphics"
        Driver "intel"
        Option "TearFree" "true"
        Option "AccelMethod" "SNA"
        Option "BackingStore" "true"
        Option "DRI" "3"
EndSection

Option for older PCs: in the "AccelMethod" line, instead of the standard "SNA" graphics acceleration method, specify " uxa ".

It's better to use "SNA" - a more modern x86 integrated graphics method. Where uxa is the previous architecture.

Save and exit Ctrl+O, Ctrl+X.

Editing the XRDP configuration file:

sudo nano /etc/xrdp/xrdp.ini

in the middle of the file after the line "background" add the default address for XRDP.
address=address=0.0.0.0

Restart the server:

sudo /etc/init.d/xrdp stop
sudo /etc/init.d/xrdp start

FINAL XRDP SETUP

Add the xrdp user to the tty group and give permissions to the serial port (to solve the problem of starting an Xorg session, which is 'tty0 access denied')
```
sudo usermod -a -G tty xrdp   
sudo chmod g+r /dev/tty0
```

We allow the start of the "xrdp" service

sudo systemctl start xrdp   
sudo systemctl enable xrdp

IMPORTANT: Copy the script file to start the session and fix it
```
cp /etc/X11/xinit/xinitrc ~/.xinitrc
```

Find out the type of installed desktop shell:

echo $XDG_CURRENT_DESKTOP

If the command output is empty, try

cat /etc/X11/default-display-manager

Edit the file ~/.xinitrcto start the session (session):

nano ~/.xinitrc

comment or delete the line /etc/X11/Xsession, instead of it we write:

exec startlxde

exec openbox-session

for Runtu OS

exec startxfce4

for Linux Mint with XFCE desktop shell

exec startlxqt

for Lubuntu or Linux Mint with LXQT desktop shell
(if echo $XDG_CURRENT_DESKTOP has this output ).

Thus, the .xinitrc file in the user's home directory, launched during the start of the XRDP session, took the following compact form:

#!/bin/sh
exec startlxqt

Note from 09/09/2021: You can add to this file the launch of any necessary programs, for example, launching the pulseaudio sound server and loading and switching the national keyboard layout. Then the .xinitrc file will look like this:

#!/bin/sh
pulseaudio &
setxkbmap -layout 'us,ru' -option 'grp:ctrl_shift_toggle,grp_led:scroll' &
exec startlxqt

The contents of the ~/.xinitrc file if the server OS is Linux Mint with the XFCE shell:

#!/bin/sh pulseaudio & setxkbmap -layout 'us,ru' -option 'grp:alt_shift_toggle,grp_led:scroll' & exec startxfce4

When the server desktop is LXQT, my ~/.xinitrc file is the following:
#!/bin/sh pulseaudio & setxkbmap -layout 'us,ru' -option 'grp:alt_shift_toggle,grp_led:scroll' & exec startlxqt

And for OpenBox (Runtu Linux), a working version of the ~/.xinitrc file is as follows:
#!/bin/sh pulseaudio & setxkbmap -layout 'us,ru' -option 'grp:ctrl_shift_toggle,grp_led:scroll' & exec openbox-session

`exec startlxde`

Diagnosis

We reboot the PC that acts as a server.

We check from it that the Xorg server starts without errors:

sudo Xorg :10 -auth .Xauthority -config xrdp/xorg.conf -noreset -nolisten tcp

The screen may go blank at this point if you are checking XRDP from the same PC that is running the initial Xorg session. You need to press Ctrl + Alt + F1 , enter a name and password, use the command ps -aux | grep xrdpto find the process number " sudo xrdp" and end it with the command " sudo kill <номер процесса>".

The text output of this command will contain the reason for the error.

If the message "(EE) Cannot establish any listening sockets - Make sure an X server isn't already running(EE)",
you need to restart the PC and repeat the diagnostics.

The second verification option - before the first connection to the XRDP server, we end the current session "Start" - "Log out" - "Log out". Since the RDP client will not be able to create a second session of the same user (with an error in the file ~/.xorgxrdp.10.log: "(EE) Caught signal 11 (Segmentation fault). Server aborting").

Or, you need to create a second user to test the connection to xRDP, which we will connect via the RDP protocol:

sudo useradd -m ivanov-rdp
passwd ivanov-rdp

Linux xRDP Server Errors and Solutions

Configuring the firewall

If it is impossible to connect via RDP to the server, first of all check the port opening on the FireWall:

sudo apt install nmap
sudo nmap 192.168.55.100 -p 3389

where instead of 192.168.55.100 specify the IP address of the server on the local network.
Do not forget to open the local port 3389 on the firewall:

sudo ufw allow 3389

If the port is open, then the output is:
PORT STATE SERVICE
3389 / tcp open ms-wbt-server

Problem "A black blank screen is visible when connecting from a client via RDP"

The package is not installed on the server xorgxrdp- a software "layer" between xorg and rdp server that displays graphics - Desktop, mouse pointer and icons.

The solution is to install the package on the server xorgxrdp:

sudo apt-get install xorgxrdp
sudo service xrdp restart

Note : The package "xorgxrdp - Remote Desktop Protocol (RDP) modules for X.org" is included in most Debian distributions , as well as Ubuntu 18.04 "bionic" , 20.04 LTS "focal" , 21.04 "hirsute" , 21.10 "impish" , 22.04 LTS "jammy" (released 04/21/2022) , and derivative OSes based on the Ubuntu DEB package base (such as Runtu, Lubuntu, Xubuntu, Kubuntu, etc.), as well as RPM-based distributions: Fedora , Arch , etc. Therefore this instruction should work with many versions of Linux.

Remmina RDP Client - connection to the server

sudo apt-get install remmina remmina-plugin-rdp remmina-plugin-secret
sudo reboot
remmina

Add connection - RDP type.

If VPN is not used, then in the IP address we enter the "white" IP address of the home router.
When working through a VPN, the IP address refers to the internal (local, home) network.
The username and password are the same as when logging in "from the keyboard" on the server.

The bottom buttons of the Remmina window on netbooks with a screen resolution of 1024x600 pixels may be cut off and partially visible.
"Cancel" - "Save as Defaults" - "Save" - "Connect" - "Save and Connect"

Press the rightmost button "Save and connect" .

Various problems

Error logs in system directory /var/log/ :

xrdp.log
xrdp-sesman.log
Xorg.0.log, Xorg.10.log

Error logs in user directory ~ :

~/.xorgxrdp.10.log

You can view them with the commands:

sudo cat /var/log/xrdp.log
sudo cat /var/log/xrdp-sesman.log
sudo cat /var/log/Xorg.0.log
sudo cat /var/log/Xorg.10.log
sudo cat ~/.xorgxrdp.log

If, when connecting from a Windows PC to a Linux PC, after entering the username and password, a blue-green solid background without text and icons is visible,
or there are numerous errors in the XRDP.LOG file, then the connection has occurred, but the Xorg graphics did not start - most likely because of the old version of OpenGL, or rights, see above.

An example of a client-side error when trying to connect using the MSTSC.EXE program:

Error messages in the XRDP.LOG log on the server side:

or similar [DEBUG] Closed socket 17 (AF_UNIX)

The solution is diagnostics with a command from the desktop of the server machine:

sudo Xorg :10 -auth .Xauthority -config xrdp/xorg.conf -noreset -nolisten tcp

If you see a momentary black screen when connected from a Windows PC and then closes immediately, one of the options is:

wrong username/password
invalid ~/.xinitrc script (desktop session not started). Check your ~/.xinitrc file for the exec <shell name> command.
the user you use to connect to the PC remotely has an open session in the operating system locally (using the computer at the moment).

Safety

Now any PC on the local network will be able to connect to your computer via the RDP protocol. Set a complex password for the user account . If the connection to the PC is from the Internet, you can additionally use a VPN with traffic encryption.

Просмотры:

Шукати в цьому блозі

Розслідування, osint розвідка, osint Україна, osint open source intelligence.