xrdp is an Open Source Remote Desktop Protocol that works as an alternative to Windows RDP to connect to remote Linux servers with GUI. XRDP supports VNC (Virtual Network Compute) protocol that uses RFB ( Remote Buffer Protocol) to control remote systems. XRDP is a way easy to use in place of other tools because of no additional package required for this. In order to make it more secure, we will show you making its secure connection through SSH Tunneling.
The prerequisites in this article are to have a remote Linux server with GUI (Graphical User Interface) environment, running xrdp, and a local X windows system to connect to the remote server.
Let’s follow the steps below to install and use xrdp on a Linux OS.
Step 1: Installing XRDP
In order to install xrdp, let’s connect to your remote Linux server using ssh and run the system updates that you can do by the following commands.
# yum update -y
# apt-get update -y
Once your system has the latest update installed, you can install the xrdp by the use of the below command.
# yum install xrdp -y
$ sudo apt-get install xrdp
Press “Y” to continue the installation along with its required dependencies.
Step 2: Starting XRDP Service
After the installation of xrdp we need to make sure that its service is running and enabled for the auto-restart at the time of reboot.
Use the below commands to check its running start and enable auto restart.
$ sudo systemctl status xrdp
$ sudo systemctl enable xrdp
The same commands can be used in case you are using a RHEL base Operating System.
Step 3: Securing XRDP Connections
Here in this step securing the xrdp connections is most important to restrict unauthorized access to your remote systems. To make it secure we are going to make some changes in its configuration file.
Let’s open the xrdp.ini using your favorite file editor as below.
$ sudo vim /etc/xrdp/xrdp.ini
Save the changes and restart xrdp service.
$ sudo systemctl restart xrdp
Now you will see the state of port ‘3389’ listening for the localhost IP.
Step 4: Creating Secure SSH Tunnel
To make a secure tunnel between the remote and local system we are going to make use of Windows Powershell. Run the command below followed by the IP address of your remote Linux Server with GUI as below.
PS C:\Users\kashif\> ssh firstname.lastname@example.org -L 3399:127.0.0.1:3389
Once your ssh connection is established after giving the credentials of your user name, you are ready to connect to the Remote Linux Server through RDP.
Step 5: Connect to Remote Linux Server
After making the local session, now we are ready to connect to the remote Linux server, whether it’s a CentOS/RHEL or Ubuntu with GUI support.
Open the Remote Desktop Connection App of your source Windows system and connect using the localhost and source port ‘3399’ from your previous connection.
Give the same username and password that you have used while making the local ssh tunnel between your localhost and remote server IP as shown below.
After providing the right credentials, you will have a successful remote RDP session established.
Step 6: Improving XRDP Session Performance
While using the XRDP sessions, you might have come to know that its performance is slower than the traditional RDP sessions on Windows OS. To overcome this problem you can make some tweaks in the RDP settings as below.
Open the RDP App, go to its Display Tab and change the color depth of the remote session to a lower value. Next, move to the Experience Tab and choose the connection speed with optimal performance as 56kbps as shown.
Next, open your Task Manager and set the priority of mstcsc.exe to Realtime.
At the end of this article, now you will be able to install and use XRDP to securely connect to remote servers. There are a couple of other tools available but XRDP is one of the most useful and easy to use applications. You can skip the ssh tunneling step by keeping the default configuration file of XRDP if you want to skip the secure connection. I hope you find this article much helpful while searching for a better and secure way to connect to remote Linux servers.