- Kali linux rdp server
- How To Install xrdp on Kali Linux
- What is xrdp
- Install xrdp Using apt-get
- Install xrdp Using apt
- Install xrdp Using aptitude
- How To Uninstall xrdp on Kali Linux
- Uninstall xrdp And Its Dependencies
- Remove xrdp Configurations and Data
- Remove xrdp configuration, data, and all of its dependencies
- References
- Summary
- Installing xRDP on Kali Linux
- Install xRDP
- “Authentication is required to create a color managed device”
- Open your Firewall
- Connecting via an SSH tunnel
- Install PuTTY & Set Up
- Create a Private Key file with PuTTYGen
- Connect the tunnel
- Last bits of security
- Set SSH to accept Certificates only
- Set xRDP to require SSH tunnels
Kali linux rdp server
Kali Linux is supported on many different devices and systems. On some of those systems, you may only get a bare-bones install and occasionally may not have direct access to a GUI such as with WSL or Docker. One simple way to get access to a GUI for Kali is by installing Xfce and setting up RDP. This can be done either manually or with the script provided here, and can be seen below:
Before we can start the process of setting up Xfce and RDP, we must first acknowledge some differences with certain systems Kali is on. The first is Docker. To use this setup with Docker, we must supply a launch command like the following:
docker run -p 3390:3390 —expose=3390 —tty —interactive kalilinux/kali-rolling /bin/bash
For additional usage on Docker, such as how to resume an exited container, please read using Kali Docker images.
For AWS, we must be sure to allow our IP to access the proper ports when we set up the machine.
To use the script we do the following:
[email protected]:/$ apt update && DEBIAN_FRONTEND=noninteractive apt install -y wget kali-linux-headless [email protected]:~$ wget https://gitlab.com/kalilinux/recipes/kali-scripts/-/raw/main/xfce4.sh [email protected]:~$ [email protected]:~$ chmod +x xfce4.sh [email protected]:~$ [email protected]:~$ sudo ./xfce4.sh [email protected]:~$
Setting this up manually will provide more control over what configuration is done, but also will take a bit longer.
If you are using WSL, dbus-x11 needs to be installed next for xrdp and xfce to connect:
[email protected]:~$ sudo apt install -y dbus-x11 [email protected]:~$
After you set up Xfce and RDP, you need to start the service:
[email protected]:~$ sudo systemctl enable xrdp --now [email protected]:~$ # If on WSL or Docker [email protected]:~$ sudo /etc/init.d/xrdp start [email protected]:~$
In the case of AWS, you will need to change the password to the default ‘kali’ account before connecting. This can be done with the following command:
[email protected]:~$ echo kali:kali | sudo chpasswd [email protected]:~$
If you are using Docker, you will need to create a new user. You can do this with adduser
[email protected]:~$ adduser kali [. ] [email protected]:~$
You can then connect with a RDP client to that system. Keep in mind the port that is being used. If you used the script, the port would be 3390. In the case of WSL and Docker, the IP would be 127.0.0.1:3390 that you would wish to connect to from your windows system (or the host systems IP from a separate computer). In the case of AWS, the IP would be the same as you use to connect via SSH.
You may encounter the error Authentication Required to Create Managed Color Device when trying to connect. Do the following to fix this issue.
Updated on: 2023-May-19
Author: gamb1t
How To Install xrdp on Kali Linux
In this tutorial we learn how to install xrdp on Kali Linux.
What is xrdp
xrdp offers a graphical login to a remote client using RDP (the Remote Desktop Protocol). xrdp can connect to a locally created X.org session with the xorgxrdp drivers, to a VNC X11 server, and forward to another RDP server.
xrdp accepts connections from freerdp, rdesktop, and the built-in terminal server / remote desktop clients of Microsoft Windows operating systems. In the xorgxrdp (which replaces X11RDP) and VNC modes, it provides a fully functional Linux terminal server, offering an X-Window desktop to the user. In the RDP or VNC forwarding mode, any sort of desktop can be used.
There are three ways to install xrdp on Kali Linux . We can use apt-get , apt and aptitude . In the following sections we will describe each method. You can choose one of them.
Install xrdp Using apt-get
Update apt database with apt-get using the following command.
After updating apt database, We can install xrdp using apt-get by running the following command:
sudo apt-get -y install xrdp
Install xrdp Using apt
Update apt database with apt using the following command.
After updating apt database, We can install xrdp using apt by running the following command:
Install xrdp Using aptitude
If you want to follow this method, you might need to install aptitude first since aptitude is usually not installed by default on Kali Linux. Update apt database with aptitude using the following command.
After updating apt database, We can install xrdp using aptitude by running the following command:
sudo aptitude -y install xrdp
How To Uninstall xrdp on Kali Linux
To uninstall only the xrdp package we can use the following command:
Uninstall xrdp And Its Dependencies
To uninstall xrdp and its dependencies that are no longer needed by Kali Linux, we can use the command below:
sudo apt-get -y autoremove xrdp
Remove xrdp Configurations and Data
To remove xrdp configuration and data from Kali Linux we can use the following command:
Remove xrdp configuration, data, and all of its dependencies
We can use the following command to remove xrdp configurations, data and all of its dependencies, we can use the following command:
sudo apt-get -y autoremove --purge xrdp
References
Summary
In this tutorial we learn how to install xrdp using different package management tools like apt, apt-get and aptitude.
Installing xRDP on Kali Linux
There are a lot of complicated tutorials on how to get xRDP working on Kali Linux. I suspect the tutorials have become complicated as they address a variety of bugs that xRDP and connecting software has had over time, but there isn’t much you actually need to do.
Note that if you are using Gnome, you’ll run into issues. I have got RDP working with Gnome before, but I haven’t been able to create a reliable set of steps to replicate it, as it usually starts working after several hours of messing around. If this is you, then you can try the below, but it may just be your starting point.
Install xRDP
The only package you need is xrdp, which you should enable after installation.
sudo apt update sudo apt install xrdp sudo systemctl enable xrdp sudo systemctl restart xrdp
“Authentication is required to create a color managed device”
If you get this message there are a few potential fixes. The one I use is to add the following file to policy kit, and restart it:
# Create /etc/polkit-1/rules.d/02-allow-colord.rules, # and insert the following as its contents: polkit.addRule(function(action, subject) if ((action.id == "org.freedesktop.color-manager.create-device" || action.id == "org.freedesktop.color-manager.create-profile" || action.id == "org.freedesktop.color-manager.delete-device" || action.id == "org.freedesktop.color-manager.delete-profile" || action.id == "org.freedesktop.color-manager.modify-device" || action.id == "org.freedesktop.color-manager.modify-profile") && subject.isInGroup("sudo")) return polkit.Result.YES; > >); # Note that 'sudo' can be any group, but since your normal user is likely in that group, this # setting should work. # Then restart policy kit sudo systemctl restart polkit
Open your Firewall
If you are using UFW, you’ll need to open up a port.
Then in Windows, you’ll need to lower your color depth in the RDP settings when you make a connection:
And it should work from this point.
Connecting via an SSH tunnel
xRDP transport is encrypted using TLS by default, and should be as secure as RDP is on windows, but if you open it up to the internet you can expect to be subject to ongoing brute force attacks. If a vulnerability is found, you can expect it to be used against you pretty soon. A safer option is to connect using an SSH tunnel, and secure that using certificates instead of passwords.
Install PuTTY & Set Up
I’m assuming you know how to set up port forwarding on your router, and how to install puTTY. If not, Google is your friend. First step is just to put in your IP address (take a look at duckdns.org if you need a static one) and the external port that you’ve chosen into puTTY.
Next, you need to go into Tunnel under SSH. Here you need to add a Source port, which can be any port you have available on Windows. I’ve used 6666 in this example. Then under destination, add localhost:3389 .
Under Session, you will probably want to save these settings so that you don’t need to do the setup every time.
Create a Private Key file with PuTTYGen
Press the Windows key and type in ‘PuttyGen’, which should open up the following program:
Click on Load, and select your private ‘id_rsa’ key that you normally use for logging in via SSH. You can then save this as a .ppk file. Once you have this, under SSH and Auth, add the .ppk key file.
Again, you’ll want to go back to Session and save this.
Connect the tunnel
Now that this is set up, connect using puTTY by pressing ‘Open’. You’ll get a black window, asking you for the username, which will probably be ‘root’ for Kali.
Now that the connection is established, go into RDP and use localhost and the port you configured in puTTY to connect:
And all being well, you should successfully connect to xRDP via an SSH tunnel at this point
Last bits of security
Set SSH to accept Certificates only
You will need to edit the SSH daemon config and restart it. Make sure you have certificates set up and can authenticate without a password before you turn this off.
# in /etc/ssh/sshd_config, set the following: PasswordAuthentication no # Then reload the daemon systemctl restart ssh
Set xRDP to require SSH tunnels
The last bit of security you can apply is to force xRDP to require a tunnel by constraining it to accept local connections only.
# Under /etc/xrdp/xrdp.ini, add the following line to the [globals] section: address=127.0.0.1 # and reload xRDP systemctl restart xrdp
Hopefully that’s all you’ll need to connect in a reasonably secure fashion to your Kali box over the internet.