Xrdp
xrdp is a daemon that supports Microsoft's Remote Desktop Protocol (RDP). It uses Xvnc or xorgxrdp as a backend.
Installation
Install the xrdpAUR package (or alternatively xrdp-gitAUR for the development version). This only supports Xvnc as the backend.
Xorg backend
To use xorgxrdp instead for the backend, install the xorgxrdpAUR package.
Usage
First, start the xrdp
service. You should be able to connect an RDP client to the host on the default RDP port (3389). If successful, you will be greeted with the xrdp session manager window which allows you to choose between Xorg or Xvnc sessions and provides inputs for user authentication. The session manager UI can be highly customized by modifying /etc/xrdp/xrdp.ini
.
The parameters used to start Xorg and Xvnc display servers can be configured in /etc/xrdp/sesman.ini
.
After successfully starting a display server, xrdp will execute /etc/xrdp/startwm.sh
by default. This script is meant to start a window manager (similar to .xinitrc) and will read from ~/.xinitrc
or /etc/X11/xinit/xinitrc
if they exist. It is recommended to edit ~/.xinitrc
to start your desktop environment or window manager, but you can also edit /etc/xrdp/startwm.sh
.
If you just close the session window and RDP connection, you can access the same session again next time you connect with RDP. When you exit the window manager or desktop environment from the session window, the session will close and a new session will be opened the next time.
Tips and tricks
Autostart at boot
The xrdpAUR package contains service files for systemd. Enable xrdp.service
.
Graphical acceleration
For Xorg sessions, you can enable OpenGL and Vulkan graphical acceleration by installing xorgxrdp-glamorAUR for Intel and AMD GPUs and xorgxrdp-nvidiaAUR for Nvidia GPUs.
Sound
Install the necessary PulseAudio modules with pulseaudio-module-xrdpAUR.
for PipeWire user, install pipewire-module-xrdpAUR.
Non-root user
Include the following lines in Xwrapper.config
:
/etc/X11/Xwrapper.config
allowed_users=anybody needs_root_rights=no
If the above lines are not present, the remote desktop connection from applications like Remmina will start with an empty screen.
Troubleshooting
Black box around cursor
If you encounter black box around mouse pointer create ~/.Xresources-xrdp
with line Xcursor.core:1
and load it in ~/.xinitrc
like
xrdb ~/.Xresources-xrdp exec startlxde
You may need to install xorg-xrdb.
Black screen
You may get a black screen after logging into the session manager if your ~/.xinitrc
has --exit-with-session
set in the dbus_args
.
Try copying ~/.xinitrc
to ~/.xrdpinitrc
, removing --exit-with-session
, and updating /etc/xrdp/startwm.sh
to call ~/.xrdpinitrc
instead of ~/.xinitrc
. You might need to append your desktop environment to the call to .xrdpinitrc, as is mentioned in ~/.xinitrc; eg. . ~/.xrdpinitrc xfce
.
Black screen with a desktop environment
If you get a black screen and you use a desktop environment, it may be a result of D-Bus not being properly initialized. Some DEs (like KDE Plasma) might also be able to restore fully working applications/windows from a previous session, which makes it seem that "only plasmashell" is missing.
Try running the desktop environment with dbus-launch --exit-with-session
in your ~/.xinitrc
file. For KDE Plasma, you can use the command /usr/lib/plasma-dbus-run-session-if-needed startplasma-x11
or dbus-launch --exit-with-session startplasma-x11
.
Green screen
If the login dialog appears, but no desktop environment starts when you click OK, change param=Xorg
to param=/usr/lib/Xorg
in /etc/xrdp/sesman.ini
.
loginctl or systemctl --user not working
Try commenting out all the references to systemd-home
in /etc/pam.d/system-auth
. See this issue.
Prompts for gnome-keyring or KDE Wallet
If you are prompted to login to gnome-keyring or [KDE Wallet] when your session starts, modify the file /etc/pam.d/xrdp-sesman
as follows:
/etc/pam.d/xrdp-sesman
#%PAM-1.0 auth include system-remote-login -auth optional pam_gnome_keyring.so -auth optional pam_kwallet5.so account include system-remote-login password include system-remote-login -password optional pam_gnome_keyring.so use_authtok session include system-remote-login -session optional pam_gnome_keyring.so auto_start -session optional pam_kwallet5.so auto_start
Then, add etc/pam.d/xrdp-sesman
(no leading slash) to NoUpgrade
in /etc/pacman.conf
. If you only use gnome-keyring it is not necessary to include the kwallet5 lines, and vice versa.
Prevent autostart items from starting
To prevent user defined ~/.config/autostart
items from starting you can set the autostart directory param on the session in the ~/.xinitrc
to use only the global /etc/xdg/autostart
directory.
get_session(){ local dbus_args=(--sh-syntax) case "$SESSION" in awesome) dbus_args+=(awesome) ;; bspwm) dbus_args+=(bspwm-session) ;; budgie) dbus_args+=(budgie-desktop) ;; cinnamon) dbus_args+=(cinnamon-session -a /etc/xdg/autostart) ;;
No sound
This could be a symptom of an issue with loginctl, so try that fix above. The following error may be encountered in the system journal:
Failed to load module "module-x11-publish" (argument: "display=:10.0 xauthority="): initialization failed.
This is the result of systemd improperly starting PulseAudio. One workaround is to disable the user unit files pulseaudio.service
and pulseaudio.socket
either for your own user or for all users, and make PulseAudio start when needed by setting autospawn
to yes
in /etc/pulse/client.conf
.
If sound still does not work, try manually starting PulseAudio with pulseaudio &
in your ~/.xinitrc
.
Two-finger scrolling is too fast
Use the xorg backend, make sure xorgxrdp is 0.9.19 or newer. Then add XRDP_XORG_TOUCHPAD_SCROLL_HACK=yes
to the [SessionVariables]
section of /etc/xrdp/sesman.ini
.
See upstream issue #150 for details.
Restricted functionality within remote system
A user may not have the same access permissions when logged into a system remotely as the same user does when logged in locally. Additional configuration may be required of the polkit permissions policies to grant access, including to mounted drives or to control network connections.
Mounted drives
For remote access permissions to mounted drives see udisks#Permissions.
NetworkManager
For remote access permissions to NetworkManager see NetworkManager#Set up PolicyKit permissions.
See also
- TigerVNC - VNC, an alternative to RDP, also used as backend here.
- freerdp a rdesktop fork that supports RDP 7.1 features including network level authentication (NLA). It primarily consists of the
xfreerdp
client. In addition, thefreerdp-shadow-cli
command provides a quick and easy way to start an RDP server.