How to Install Xrdp Server (Remote Desktop) on Debian 10
Posted
•4 min read
Xrdp is an open-source implementation of the Microsoft Remote Desktop Protocol (RDP) that allows you to control a remote system graphically. With RDP, you can log in to the remote machine and create a real desktop session the same as if you had logged in to a local machine.
This tutorial describes how to install and configure Xrdp server on Debian 10 Linux.
If you are looking for an open-source solution for remote desktop access, then you should check VNC .
Installing Desktop Environment
Typically, Linux servers don’t have a desktop environment installed by default. The first step is to install X11 and a desktop environment that will act as a backend for Xrdp.
There are several desktop environments (DE) available in Debian repositories. We’ll be installing Xfce . It is a fast, stable, and lightweight desktop environment, which makes it ideal for usage on a remote server. If you prefer another desktop environment like Gnome, you can install it instead of Xfce.
Enter the following commands as root or user with sudo privileges to install Xfce on your server:
sudo apt update
sudo apt install xfce4 xfce4-goodies xorg dbus-x11 x11-xserver-utils
Depending on your system and connection, downloading and installing Xfce packages will take some time.
Installing Xrdp
Xrdp package is available in the standard Debian repositories. To install it, run:
sudo apt install xrdp
The service will automatically start once the installation process is complete. You can verify that the Xrdp service is running by typing:
sudo systemctl status xrdp
The output will look something like this:
● xrdp.service - xrdp daemon
Loaded: loaded (/lib/systemd/system/xrdp.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2020-04-01 21:19:11 UTC; 4s ago
...
By default Xrdp uses the /etc/ssl/private/ssl-cert-snakeoil.key
file which is readable only by users that are members of the “ssl-cert” group. Execute the following command to add the xrdp
user to the group :
sudo adduser xrdp ssl-cert
That’s it. Xrdp has been installed on your Debian system.
Configuring Xrdp
The Xrdp configuration files are stored in the /etc/xrdp
directory. For basic Xrdp connections, you do not need to make any changes to the configuration files. Xrdp will use the default X Window desktop, which in this case, is XFCE.
The main configuration file is named xrdp.ini
. This file is divided into sections and allows you to set global configuration settings such as security and listening addresses and create different xrdp login sessions.
Whenever you make any changes to the configuration file you need to restart the Xrdp service:
sudo systemctl restart xrdp
Xrdp uses startwm.sh
file to launch the X session. To use another X Window desktop, edit this file.
Configuring Firewall
By default, Xrdp listens on port 3389
on all interfaces. If you run a firewall on your Debian server, which you should always do, you’ll need to add a rule that will enable traffic on the Xrdp port.
Assuming you use ufw to manage the firewall, run the following command to allow access to the Xrdp server from a specific IP address or IP range, in this example 192.168.1.0/24
:
sudo ufw allow from 192.168.1.0/24 to any port 3389
If you want to allow access from anywhere (which is highly discouraged for security reasons) run:
sudo ufw allow 3389
If you are using nftables to filter connections to your system, open the necessary port by issuing the following command:
sudo nft add rule inet filter input tcp dport 3389 ct state new,established counter accept
For increased security, you may consider setting up Xrdp to listen only on localhost and creating an SSH tunnel that securely forwards traffic from your local machine on port 3389
to the server on the same port. Another secure option is to install OpenVPN and connect to the Xrdp server trough the private network.
Connecting to the Xrdp Server
Now that you have set up your Xrdp server, it is time to open your Xrdp client and connect to the server.
If you have a Windows PC, you can use the default RDP client. Type “remote” in the Windows search bar and click on “Remote Desktop Connection”. This will open up the RDP client. In the “Computer” field, enter the remote server IP address and click “Connect”.
On the login screen, enter your username and password and click “OK”.
Once logged in, you should see the default Xfce desktop. It should look something like this:
You can now start interacting with the remote XFCE desktop from your local machine using your keyboard and mouse.
If you are using macOS, you can install the Microsoft Remote Desktop application from the Mac App Store. Linux users can use an RDP client such as Remmina or Vinagre.
Conclusion
Installing an Xrdp server allows you to manage your Debian 10 server from your local desktop machine through an easy to use graphic interface.
If you have questions, feel free to leave a comment below.