Xrdp is an open source implementation of Microsoft’s Remote Desktop Protocol (RDP) that allows you to graphically manage a remote system. With RDP, you can log into a remote computer and create a real desktop session just as if you were logged into the local computer.
This article describes how to install and configure an Xrdp server on Debian 10 Linux.
Installing the desktop
Typically Linux servers do not have a desktop environment installed by default. The first step is to install X11 and a desktop environment that will act as the backend for Xrdp.
Several desktop environments (DE) are available in the Debian repositories. We will be installing Xfce. It is a fast, stable and lightweight desktop environment that makes it ideal for use on a remote server. If you prefer another desktop environment like Gnome, you can install it instead of Xfce.
Enter the following commands as root or a user with sudo privileges to install Xfce on your server:
sudo apt update sudo apt install xfce4 xfce4-goodies xorg dbus-x11 x11-xserver-utils
Depending on your system and connection, downloading and installing Xfce packages may take a while.
The Xrdp package is available in the standard Debian repositories. To install it, run:
sudo apt install xrdp
The service will automatically start after the installation process is complete. To verify that the Xrdp service is running, enter:
sudo systemctl status xrdp
The output will look something like this:
● xrdp.service - xrdp daemon Loaded: loaded (/lib/systemd/system/xrdp.service; enabled; vendor preset: enabled) Active: active (running) since Wed 2020-04-01 21:19:11 UTC; 4s ago ...
By default, Xrdp uses the /etc/ssl/private/ssl-cert-snakeoil.key file, which is readable only by users who are members of the ssl-cert group. Run the following command to add the xrdp user to the group:
sudo adduser xrdp ssl-cert
That’s all. Xrdp has been installed on your Debian system.
Xrdp configuration files are stored in the / etc / xrdp directory. For basic Xrdp connections, you don’t need to make any changes to the config files. Xrdp will use the default X Window desktop, in this case XFCE.
The main configuration file is called xrdp.ini. This file is divided into sections and allows you to set global configuration options such as security and listening addresses, and create various xrdp login sessions.
Whenever you make any changes to the configuration file, you need to restart the Xrdp service:
sudo systemctl restart xrdp
Xrdp uses the startwm.sh file to start an X session. To use a different X Window desktop, edit this file.
Configuring the firewall
By default, Xrdp listens on port 3389 on all interfaces. If you are running a firewall on your Debian server, then you should always add a rule that will allow traffic on the Xrdp port.
Assuming you are using ufw to manage your firewall, run the following command to allow access to the Xrdp server from a specific IP address or range of IP addresses, in this example 192.168.1.0/24:
sudo ufw allow from 192.168.1.0/24 to any port 3389
If you want to allow access from anywhere (which is highly undesirable for security reasons), run:
sudo ufw allow 3389
If you are using nftables to filter connections to your system, open the required port by entering the following command:
sudo nft add rule inet filter input tcp dport 3389 ct state new,established counter accept
For added security, you might consider configuring Xrdp to listen on localhost only and create an SSH tunnel that securely redirects traffic from your local machine over port 3389 to a server on the same port. Another secure option is to install OpenVPN and connect to the Xrdp server over a private network.
Connecting to Xrdp Server
Now that you’ve configured your Xrdp server, it’s time to open the Xrdp client and connect to the server.
If you have a Windows PC, you can use the default RDP client. Enter “remote” in the Windows search bar and click “Remote Desktop Connection”. This will open the RDP client. In the Computer field, enter the IP address of the remote server and click Connect.
On the login screen, enter your username and password and click OK.
After logging in, you should see the default Xfce desktop. It should look something like this:
You can now start interacting with the XFCE Remote Desktop from your local computer using your keyboard and mouse.
If you’re using macOS, you can install the Microsoft Remote Desktop app from the Mac App Store. Linux users can use RDP clients like Remmina or Vinagre.
Installing Xrdp Server allows you to manage your Debian 10 server from your local desktop computer through an easy-to-use graphical interface.
If you have any questions, do not hesitate to leave comments below.