Terminal Boss

Windows-to-Linux remote desktop connectivity is often bandwidth intensive, insecure, and difficult to configure. What if a remote Windows users could establish a connection to a Linux system as easily as connecting to a Windows system – and using the same application used to connect to Windows?

Xrdp is an open source implementation of RDP (Remote Desktop Protocol), the protocol used with Windows Terminal Services for native Windows desktop connectivity. The xrdp package provides RDP functionality, along with an X server capable of accepting connections from rdesktop [1] and Windows Terminal Server clients.

Once connected and authenticated to the Linux RDP server, the remote user is presented a Linux graphical desktop. The best part is you don't have to run an X server on your Windows computer or export your Linux display to the Windows computer.

Setting up the RDP server on Linux is easy and only takes a few minutes. For the new Linux user or Windows Administrator, you'll need the following:

• a standard Linux user account,
• console or remote access to the Linux server,
• access to the root user account.

Also, you'll need to navigate the Linux filesystem, use some basic DOS-like commands, and understand basic network connectivity. It also helps if you know a little about RDP and optimizing client settings.

Installation and Setup

First, download the xrdp source package [2], then unzip and untar the package:

$ tar zxvf xrdp-0.4.1.tar.gz

All source files are now in the xrdp-0.4.1 directory. Then you need to change into that directory and compile:

cd xrdp-0.4.1
$ make

Use sudo or su to become root and run:

# make install

The executable files, scripts, and libraries install to /usr/local/xrdp, and the configuration files install to /etc/xrdp.

The documentation is a bit unclear as to what to do next. Although I decided against changing any parameters in the sesman.ini and xrdp.ini files under /etc/xrdp and approached the situation as if I were a Windows administrator, assuming things would work out of the box without a lot of tweaking, it didn't take long for this Windows approach to frustrate me, so I began poking around in the /usr/local/xrdp directory a bit and speaking via email with one of the xrdp developers.

Eventually, I discovered the answers myself. Once the system is installed, you need to issue the following commands as root:

# cd /usr/local/xrdp
# cp xrdp_control.sh /etc/init.d/xrdp_control
# chkconfig - -add xrdp_control
# chkconfig xrdp_control on
# service xrdp_control start

The xrdp_control.sh script controls xrdp start, stop, and restart functionality. When I copied the script to the /etc/init.d directory, I changed its name because there, the .sh is superfluous and typically not used.

The chkconfig command provides a way of maintaining, updating, and querying information for system services by alleviating the need to manually manipulate these services.

To create a new startup service, copy its control script to /etc/init.d, as shown above, then use chkconfig to add the service. The line chkconfig xrdp_control on defines the runlevels for the service (Table 1). For instance, # chkconfig - -level 35 xrdp_control on sets xrdp_control to run in runlevels 3 and 5. The final command starts the services sesman and xrdp.

To connect to your Linux computer's RDP service from a Windows computer, select Start | Programs | Accessories | Communications | Remote Desktop Connection. (On some Windows computers, this is under Start | Programs | Accessories | Remote Desktop Connection). Enter the name or IP address of your Linux computer and click Connect, as shown in Figure 1.

Figure 1: Remote Desktop Connection window.

The RDP client opens a new dialog, as shown in Figure 2, prompting you for a User name and Password. This username and password corresponds to your user account on the Linux server system.

Figure 2: Enter your Linux system User name and Password.

Enter your valid Linux username and password, and click OK. Even if you join your Linux computers to an Active Directory domain, you'll need to add each user to the Linux systems you want to access via RDP.

To add users, first create a group for all RDP users:

# groupadd rdpusers
# useradd -g rdpusers ajones
# passwd ajones

If the user already exists on the system, the usermod command adds ajones to the rdpusers group:

# usermod -G rdpusers ajones

Although not specifically required for access, a special user group simplifies administration for that group. Enter your username and password, then click OK.

The screen shown in Figure 3 appears, which is the Session Manager Connection Log showing the negotiation between client and server. Note the Session Manager first connects to the RDP port, then to the VNC port to present the desktop to you. Figure 4 shows my CentOS 5 desktop.

Figure 3: The xrdp Session Manager Connection Log.

Figure 4: A desktop connection open for business.

When disconnecting from a Linux RDP session, you'll see the screen shown in Figure 5. Notice that the only two actions available are End Current Session and Cancel, which is a standard feature of VNC remote connections.

Figure 5: VNC's End Session dialog.

How It Works

The Linux server runs xrdp and sesman, listening for RDP connections. Once a Windows Terminal Server client attempts a connection to the RDP server, the server and client negotiate an encryption level; keys and server capabilities are exchanged.

The client chooses the session color depth and screen resolution.

If the user enters a username and password in the client software, authentication begins; otherwise, the user selects the module from a drop-down list and enters a username and password at the xrdp login screen, as shown in Figure 6.

Figure 6: The xrdp login screen.

The libvnc module loads, and a TCP connection is made to 127.0.0.1 or the IP Address specified in the /etc/xrdp/xrdp.ini file.

The user's login credentials, screen resolution, and color depth pass to sesman for authentication.

If sesman finds a running session with the specified resolution and color depth, it returns that display to the user; otherwise, it starts a new xvnc instance with the user's desktop specifications.

# service xrdp_control force-reload.

Summary

Xrdp is easy to install, configure, customize, and use. To work with this capable product, you don't need years of Linux experience. With nothing to install on the Windows side, you can't go wrong with xrdp.

Although I haven't performed any extensive network speed or bandwidth analysis with this product, because it's RDP, you can be sure that performance begins to suffer as the number of simultaneous users approaches the two dozen mark. However, I really like xrdp, and it is now part of my standard cross-platform arsenal.