Skip to content

Remote desktop with XRDP#

Introduction#

It is possible to run a remote graphical Linux desktop on our dialog server csnhr.nhr.fau.de through XRDP. This enables use of a graphical desktop environment and applications (e.g. Firefox) even over relatively slow connections (e.g. Hotel-Wifi abroad). In addition, it is possible to "park" sessions and resume them from elsewhere later, so in a way it is sort of screen for X. Your detached session keeps on running on the server, and when you reattach it later, all the applications you had open still are open.

Please keep the following restrictions in mind:

  • This is not suitable for doing graphically demanding tasks like remote 3D visualization, just for normal desktop use. For 3D remote visualization see our dedicated nodes.
  • There is a time limit: Sessions will be killed after a few days of inactivity.
  • Audio redirection is currently not available - you will not get any audio output from the remote session.

Using XRDP from Linux#

You will need to have SSH login to csnhr already configured and working, see our documentation on setting up SSH access for that. There is absolutely no point trying this without having verified that you can log in to csnhr with SSH first, it is a necessary precondition because the remote desktop session will be started via SSH.

You will also need a RDP client installed. We currently recommend xfreerdp (or wlfreerdp if you use Wayland), which on Ubuntu can be installed by installing the package freerdp2-x11 (or freerdp2-wayland). Please make sure to use a client that supports the rfx extension. If you don't, the result will be that running the remote desktop will generate upwards of 150 MBit of traffic, practically guaranteeing that your connection will be massively overloaded.

Once you have all the necessary preconditions, you can save the following script on your computer, make it executable with chmod +x /path/to/script and run it every time you want to connect to the remote desktop. Make sure to replace USERNAME with your actual username, and xfreerdp with wlfreerdp if you use Wayland.

#!/bin/bash

ssh -x -L 3389:localhost:3389 USERNAME@csnhr.nhr.fau.de 'get_transient_token; sleep 10' | (read TOKEN ; xfreerdp /v:localhost:3389 /rfx /cert:tofu /u:USERNAME "/p:${TOKEN}")

Using XRDP from Windows#

Most current Windows version include a builtin OpenSSH-Client, e.g. Windows 10 since version 1803. See Microsoft's Documentation on how to install it if it isn't installed by default. This client should be properly configured, so that you can successfully run ssh USERNAME@csnhr.nhr.fau.de on a command prompt to log into csnhr.

Save the following into a .bat file, and execute it - remember to replace USERNAME on the first line with your username:

set UN=USERNAME
for /f %%i in ('ssh %UN%@csnhr.nhr.fau.de get_transient_token') do set TOKEN=%%i
cmdkey /generic:TERMSRV/127.0.0.1 /user:%UN% /pass:%TOKEN%
start /B ssh -L 9999:localhost:3389 %UN%@csnhr.nhr.fau.de sleep 15
mstsc /v:127.0.0.1:9999
cmdkey /delete:legacygeneric:target=TERMSRV/127.0.0.1

Using XRDP from MacOS#

TODO

Selecting a desktop environment#

The default desktop environment on csnhr is currently XFCE, which offers a good compromise between performance and usability. There are however multiple desktop environments available on csnhr, and if XFCE is not your cup of tea, you may try a different one.

To select a desktop environment, you'll need to modify the file .xsession in your home directory. It should contain just one single line, and the following table shows the available values.

Content of ~/.xsession Resulting Desktop Environment
nothing / file does not exist currently XFCE4, but this may change at a later date.
startxfce4 XFCE4
startplasma-x11 KDE Plasma
mate-session MATE Desktop
cinnamon a very broken and unusable Cinnamon desktop (do not use)
gnome-session Gnome3

Advanced info on XRDP on csnhr#

This section is mostly intended for people with a technical background.

XRDP on csnhr only listens on localhost, meaning that you will always have to use a SSH tunnel to access it.

For login, a single-use token with a limited lifetime has to be used, even for non-NHR-Accounts that still have a password set. You can get such a token by running the command get_transient_token. This will spit out a string that looks like this:

TTK12345:543210:AbCdEFghIJKlmnop3456778xnNaAaA9B

This token has a lifetime of 60 seconds and can only be used once, meaning that within 60 seconds you can use this in the place where you would normally put the password. Use your normal username as the username. While it is possible to manually copy+paste the Token, we strongly recommend to script generating and using it - see our scripts in the sections above.