Okay, we all know it, admins and geeks are lazy, or at least I am. So, what to do when you're running multiple computers, from ordinary machines, to VM's, and don't have enough monitors, or want to get out of your chair ?
Well, luckily for us, we have SSH and RDP. For Windows users, you're running RDP, better known as Remote Desktop. But that's good enough for Windows --> Windows, what about Windows --> Linux ?
Well, XRDP to the rescue, and that is the topic for this tutorial, running xrdp on Linux.
So let's jump to it. I assume you have some kind of Debian installed, here it's Kali, but any kind of Debian will do.
# update apt
apt update
#install xrdp
apt install xrdp
So, now, we have a file in /etc/xrdp, called xrdp.ini. I really suggest you read it, and pay attention to lines 50-55, about ssl If you dont add the xrdp user to the ssl-cert group, you cant log in. So, do that before first startup of xrdp
50 ; X.509 certificate and private key
51 ; openssl req -x509 -newkey rsa:2048 -nodes -keyout key.pem -out cert.pem -days 365
52 ; note this needs the user xrdp to be a member of the ssl-cert group, do with e.g.
53 ;$ sudo adduser xrdp ssl-cert
54 certificate=
55 key_file=
# if running as normal user, on a system that rewuires sudo
sudo adduser xrdp ssl-cert
#running as root
adduser xrdp ssl-certThere's nothing in the xrdp.ini file we need to change. It works out of the box, so close it, and let's move on.
There's a bug in the Policy Kit Framework. It will bitch about permissions to themes and colours, and we need to override it. We do that by making a file, and make some settings, before the xrdp server runs for the first time.
#jump into the direcroty we need.
cd /etc/polkit-1/localauthority/50-local.d
# make the file 45-allow-colord.pkla
touch 45-allow-colord.pkla
#open it in vi
vi 45-allow-colord.pklaInsert this content into it, and close the file
[Allow Colord all Users]
Identity=unix-user:*
Action=org.freedesktop.color-manager.create-device;org.freedesktop.color-manager.create-profile;org.freedesktop.color-manager.delete-device;org.freedesktop.color-manager.delete-profile;org.freedesktop.color-manager.modify-device;org.freedesktop.color-manager.modify-profile
ResultAny=no
ResultInactive=no
ResultActive=yesNow, all there's left, is closing the file, and turn on xrdp, and see if it works
#Check status
systemctl status xrdp
● xrdp.service - xrdp daemon
Loaded: loaded (/lib/systemd/system/xrdp.service; disabled; vendor preset: disabled)
Active: inactive (dead)
Docs: man:xrdp(8)
man:xrdp.ini(5)
#Start the xrdp service
systemctl start xrdp
root@xeon:/home/nx# systemctl status xrdp
● xrdp.service - xrdp daemon
Loaded: loaded (/lib/systemd/system/xrdp.service; disabled; vendor preset: disabled)
Active: active (running) since Thu 2020-12-03 11:41:55 CET; 4s ago
Docs: man:xrdp(8)
man:xrdp.ini(5)
Process: 11367 ExecStartPre=/bin/sh /usr/share/xrdp/socksetup (code=exited, status=0/SUCCESS)
Process: 11375 ExecStart=/usr/sbin/xrdp $XRDP_OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 11376 (xrdp)
Tasks: 1 (limit: 23848)
Memory: 1.1M
CGroup: /system.slice/xrdp.service
└─11376 /usr/sbin/xrdp
dec 03 11:41:54 xeon xrdp[11375]: (11375)(139973593003840)[INFO ] address [0.0.0.0] port [3389] mode 1
dec 03 11:41:54 xeon xrdp[11375]: (11375)(139973593003840)[INFO ] listening to port 3389 on 0.0.0.0
If you see something like this when asking for status on xrdp, congratulations, it works. If you want to enable it at boot, you do it like this
# enable at boot time
systemctl enable xrdp
# disable at boot
systemctl disable xrdp
# start now
systemctl start xrdp
# stop now
systemctl stop xrdp
Start "Remote Desktop" on windows, and point it at the IP for your machine, or install remmina on Linux, and make a profile. Remember to add users to the system :)
A word of caution. This system do use SSL for connection, and you could generate certs with OpenSSL / CertBot, and set it up. But, more than that, use good passwords. Another thing could be to pipe it through SSH, but that will be a topic for another tutorial. For now use it in your internal LAN.
Have fun, and enjoy :)