Remote desktop with XRDP#
Introduction#
It is possible to run a remote graphical Linux desktop on our
dialog server csnhr.nhr.fau.de
through XRDP. This enables use of a graphical desktop environment and applications (e.g. Firefox) even over relatively slow connections (e.g. Hotel-Wifi abroad). In addition, it is possible to "park" sessions and resume them from elsewhere later, so in a way it is sort of screen for X. Your detached session keeps on running on the server, and when you reattach it later, all the applications you had open still are open.
Please keep the following restrictions in mind:
- This is not suitable for doing graphically demanding tasks like remote 3D visualization, just for normal desktop use. For 3D remote visualization see our dedicated nodes.
- There is a time limit: Sessions will be killed after a few days of inactivity.
- Audio redirection is currently not available - you will not get any audio output from the remote session.
Using XRDP from Linux#
You will need to have SSH login to csnhr already configured and working, see our documentation on setting up SSH access for that. There is absolutely no point trying this without having verified that you can log in to csnhr
with SSH first, it is a necessary precondition because the remote desktop session will be started via SSH.
You will also need a RDP client installed. We currently recommend xfreerdp
(or wlfreerdp
if you use Wayland), which on Ubuntu can be installed by installing the package freerdp2-x11
(or freerdp2-wayland
). Please make sure to use a client that supports the rfx
extension. If you don't, the result will be that running the remote desktop will generate upwards of 150 MBit of traffic, practically guaranteeing that your connection will be massively overloaded.
Once you have all the necessary preconditions, you can save the following script on your computer, make it executable with chmod +x /path/to/script
and run it every time you want to connect to the remote desktop. Make sure to replace USERNAME
with your actual username, and xfreerdp
with wlfreerdp
if you use Wayland.
#!/bin/bash
ssh -x -L 3389:localhost:3389 USERNAME@csnhr.nhr.fau.de 'get_transient_token; sleep 10' | (read TOKEN ; xfreerdp /v:localhost:3389 /rfx /cert:tofu /u:USERNAME "/p:${TOKEN}")
Using XRDP from Windows#
Most current Windows version include a builtin OpenSSH-Client, e.g. Windows 10 since version 1803. See Microsoft's Documentation on how to install it if it isn't installed by default. This client should be properly configured, so that you can successfully run ssh USERNAME@csnhr.nhr.fau.de
on a command prompt to log into csnhr.
Save the following into a .bat file, and execute it - remember to replace USERNAME on the first line with your username:
set UN=USERNAME
for /f %%i in ('ssh %UN%@csnhr.nhr.fau.de get_transient_token') do set TOKEN=%%i
cmdkey /generic:TERMSRV/127.0.0.1 /user:%UN% /pass:%TOKEN%
start /B ssh -L 9999:localhost:3389 %UN%@csnhr.nhr.fau.de sleep 15
mstsc /v:127.0.0.1:9999
cmdkey /delete:legacygeneric:target=TERMSRV/127.0.0.1
Using XRDP from MacOS#
TODO
Selecting a desktop environment#
The default desktop environment on csnhr is currently XFCE, which offers a good compromise between performance and usability. There are however multiple desktop environments available on csnhr, and if XFCE is not your cup of tea, you may try a different one.
To select a desktop environment, you'll need to modify the file .xsession
in your home directory. It should contain just one single line, and the following table shows the available values.
Content of ~/.xsession |
Resulting Desktop Environment |
---|---|
nothing / file does not exist | currently XFCE4, but this may change at a later date. |
startxfce4 |
XFCE4 |
startplasma-x11 |
KDE Plasma |
mate-session |
MATE Desktop |
cinnamon |
a very broken and unusable Cinnamon desktop (do not use) |
gnome-session |
Gnome3 |
Advanced info on XRDP on csnhr#
This section is mostly intended for people with a technical background.
XRDP on csnhr only listens on localhost
, meaning that you will always have to use a SSH tunnel to access it.
For login, a single-use token with a limited lifetime has to be used, even for non-NHR-Accounts that still have a password set. You can get such a token by running the command get_transient_token
. This will spit out a string that looks like this:
This token has a lifetime of 60 seconds and can only be used once, meaning that within 60 seconds you can use this in the place where you would normally put the password. Use your normal username as the username. While it is possible to manually copy+paste the Token, we strongly recommend to script generating and using it - see our scripts in the sections above.