How to connect to Windows remote desktop from Linux
RDP (Remote Desktop Protocol) clients exist for many platforms, even for mobile phones, of course, there are RDP clients for Linux as well
We will look at 2 RDP clients for Linux
- freerdp is a free implementation of the Remote Desktop Protocol (RDP)
- rdesktop is an open source client for remote desktop windows services
How to use freerdp
To install freerdp on Debian, Kali Linux, Linux Mint, Ubuntu and derivatives, run the command:
sudo apt install freerdp2-x11 freerdp2-shadow-x11
If the freerdp2-x11 and freerdp2-shadow-x11 packages are not found, look for a package named freerdp.
To install freerdp on Arch Linux and derivatives, run the command:
sudo pacman -S freerdp
How to connect with freerdp command
To connect to the remote desktop using xfreerdp, run a command of the form:
xfreerdp /f /u:USERNAME /p:PASSWORD /v:HOST[:PORT]
In this command:
- /f is option means to open the remote desktop in full screen mode
- /u:USERNAME is a name of the account on the computer to which we are connecting
- /p:PASSWORD is a password of the specified account
- /v:HOST[:PORT] is an IP address or name of the computer to which the remote table is connected. PORT optional (recommended: “Windows Computer name: how to change and use”)
For example, I want to open a remote computer desktop with IP address 192.168.0.101, on which there is a Tester user with a password of 1234, and I want to open a remote working collision in full screen mode, then the command is as follows:
xfreerdp /f /u:Tester /p:1234 /v:192.168.0.101
To toggle between full-screen and windowed modes, use the keyboard shortcut Ctrl+Alt+Enter.
When connecting for the first time, the following message about the problem with the certificate appears:
[11:02:36:086] [26320:26321] [INFO][com.freerdp.client.common.cmdline] - loading channelEx cliprdr [11:02:36:096] [26320:26321] [ERROR][com.freerdp.crypto] - @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ [11:02:36:096] [26320:26321] [ERROR][com.freerdp.crypto] - @ WARNING: CERTIFICATE NAME MISMATCH! @ [11:02:36:096] [26320:26321] [ERROR][com.freerdp.crypto] - @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ [11:02:36:096] [26320:26321] [ERROR][com.freerdp.crypto] - The hostname used for this connection (192.168.0.101:3389) [11:02:36:096] [26320:26321] [ERROR][com.freerdp.crypto] - does not match the name given in the certificate: [11:02:36:096] [26320:26321] [ERROR][com.freerdp.crypto] - Common Name (CN): [11:02:36:096] [26320:26321] [ERROR][com.freerdp.crypto] - HackWare-MiAl [11:02:36:096] [26320:26321] [ERROR][com.freerdp.crypto] - A valid certificate for the wrong name should NOT be trusted! Certificate details: Subject: CN = HackWare-MiAl Issuer: CN = HackWare-MiAl Thumbprint: 6a:4c:be:35:23:5f:46:b5:bd:37:15:5e:f7:21:ec:59:aa:c1:1c:3e The above X.509 certificate could not be verified, possibly because you do not have the CA certificate in your certificate store, or the certificate has expired. Please look at the OpenSSL documentation on how to add a private CA to the store. Do you trust the above certificate? (Y/T/N)
Since self-signed certificates are used without a private CA (authentication center, certification authority) added to the store, the only choice is to agree to trust the specified certificate, enter Y for this.
In full screen mode, you can disconnect from the remote desktop in two ways:
- press the cross on the top panel
- Start button → Shutdown → Disconnect
To run in windowed mode, do not use the /f option:
xfreerdp /u:Tester /p:1234 /v:192.168.0.101
The xfreerdp program has many options,I picked up the most interesting of them:
/v:<server>[:port] Server hostname /u:... Username /p:<password> Password /f Fullscreen mode (<Ctrl>+<Alt>+<Enter> toggles fullscreen) /port:<number> Server port /size:... Screen size /w:<width> Width /h:<height> Height /monitor-list List detected monitors /monitors:<id>[,
[,...]] Select monitors to use -grab-keyboard Disable Grab keyboard -mouse-motion Disable Send mouse motion /log-filters:... Set logger filters, see wLog(7) for details /log-level:... Set the default log level, see wLog(7) for details +home-drive Enable Redirect user home as share /drive:<name>,<path> Redirect directory <path> as named share <name> +drives Enable Redirect all mount points as shares /t:<title> Window title /ipv6 Prefer IPv6 AAA record over IPv4 A record /kbd:0x<id> or <name> Keyboard layout /kbd-fn-key:<value> Function key value /kbd-list List keyboard layouts /kbd-subtype:<id> Keyboard subtype /kbd-type:<id> Keyboard type
How to create shared folders in freerdp
With remote desktop connected via RDP, you can have shared folders. Let's look at a few examples.
To connect all mount points in the current system as shared folders on the remote desktop, use the +drives option, for example:
xfreerdp /u:Tester /p:1234 /v:192.168.0.101 +drives
The screenshot shows the remote Windows desktop, in which the Linux system folders are accessible:
To connect only the home folder of the current Linux user as a network folder to the computer via RDP, specify the +home-drive option:
xfreerdp /u:Tester /p:1234 /v:192.168.0.101 +home-drive
In this case, the home folder is mounted on a system connected via the remote desktop protocol:
With the option /drive:NAME,/PATH/IN/LINUX, you can connect any folder with any name. The path in the current system must be specified as /PATH/IN/LINUX, and NAME is the name that will have the share in the remote system. For example, to connect the root folder of the current system (/) to the remote folder with the root name:
xfreerdp /u:Tester /p:1234 /v:192.168.0.101 /drive:root,/
How to bring remote desktop to another monitor
If you have several monitors, then you can choose which one to use for the remote system. To list the monitors, run the command:
Select the monitor (or multiple monitors) identifier using the /monitors:<id>[,[,…]] option.
How to set the size of the remote desktop window
The following example connects to the rdp.contoso.com host with the name USER and is 50 percent of the height.
xfreerdp /u:USER /size:50%h /v:rdp.contoso.com
If width (w) is set instead of height (h), something like /size:50%w, then 50 percent of the width will be used.
How to use rdesktop
To install rdesktop on Debian, Kali Linux, Linux Mint, Ubuntu and derivatives, run the command:
sudo apt install rdesktop
To install rdesktop on Arch Linux and derivatives, run the command:
sudo pacman -S rdesktop
How to connect to remote desktop with rdesktop
To connect to RDP with rdesktop, use a command of the form:
rdesktop -u USER -p PASSWORD HOST
rdesktop -u Tester -p 1234 192.168.0.101
As usual, at the very beginning there will be a problem with the certificate:
Autoselecting keyboard map 'ru' from locale ATTENTION! The server uses and invalid security certificate which can not be trusted for the following identified reasons(s); 1. Certificate issuer is not trusted by this system. Issuer: CN=HackWare-MiAl Review the following certificate info before you trust it to be added as an exception. If you do not trust the certificate the connection atempt will be aborted: Subject: CN=HackWare-MiAl Issuer: CN=HackWare-MiAl Valid From: Thu Apr 2 20:56:11 2020 To: Fri Oct 2 20:56:11 2020 Certificate fingerprints: sha1: 6a4cbe35235f46b5bd37155ef721ec59aac11c3e sha256: 35368cc1b2ae9e79927bcb8ededed228062de34978aeeeab74bb029ccbc255e9 Do you trust this certificate (yes/no)? yes
We type yes.
Then an error will occur:
Failed to initialize NLA, do you have correct Kerberos TGT initialized ? Failed to connect, CredSSP required by server (check if server has disabled old TLS versions, if yes use -V option).
This is because network-level authentication (Kerberos TGT) is not configured. Setup instructions at: https://github.com/rdesktop/rdesktop/wiki/Network-Level-Authentication-(NLA)
Another option that allows you to connect to Windows via RDP using rdesktop without setting up Network Level Authentication (NLA) is to disable network-level authentication in Windows. It is clear that this will weaken the security of RDP, therefore it is not recommended. But as a “quick dirty fix” this can be done as follows: Start menu → Settings → System → Remote Desktop → Advanced settings → Uncheck “Require computers to use Network Level Authentication at the to connect (recommended)”:
After that, rdesktop connection passes without errors:
In the Windows settings, you could see the link “Why allow connections with Network Level Authentication?”, It says the following:
If you want to restrict who can access your PC, choose to allow access only with Network Level Authentication (NLA). When you enable this option, users have to authenticate themselves to the network before they can connect to your PC. Allowing connections only from computers running Remote Desktop with NLA is a more secure authentication method that can help protect your computer from malicious users and software. To learn more about NLA and Remote Desktop, check out Configure NLA for RDS Connections. If you're remotely connecting to a PC on your home network from outside of that network, don't select this option.
How to connect from Linux to another Linux via RDP
There are no special features when connecting using the xfreerdp program, it is enough to start the RDP server, and if you use freerdp-shadow, then the /sam-file:SAM /sec:nla options are also needed:
freerdp-shadow-x11 /sam-file:SAM /sec:nla
Or run xrdp-sesman and xrdp as an RDP server.
And then the connection to Linux via RDP is the same as to Windows:
xfreerdp /u:mial /p:2 /v:192.168.0.73
As for rdesktop, it could not be forced to work with any of the RDP servers under consideration under Linux – if you know how to do this, then write in the comments.
Last Updated on
- How to install and configure RDP server on Linux (83.2%)
- How to install Go (compiler and tools) on Linux (60.1%)
- How to set up the PowerShell environment on Windows and Linux (56.7%)
- How to install Intercepter-NG in Linux (55.9%)
- How to set up OpenVPN server and clients (55.9%)
- How to view metadata in MS Word files. How to remove and edit Word metadata (RANDOM - 1.4%)