- How to connect to Windows remote desktop from Linux
- How to connect with freerdp command
- Xfreerdp options
- How to create shared folders in freerdp
- How to bring remote desktop to another monitor
- How to set the size of the remote desktop window
- How to use rdesktop
- How to connect to remote desktop with rdesktop
- How to connect from Linux to another Linux via RDP
- Related articles:
- Rdp client kali linux
How to connect to Windows remote desktop from Linux
To install freerdp on Debian, Kali Linux, Linux Mint, Ubuntu and derivatives, run the command:
sudo apt install freerdp2-x11 freerdp2-shadow-x11
If the freerdp2-x11 and freerdp2-shadow-x11 packages are not found, look for a package named freerdp.
To install freerdp on Arch Linux and derivatives, run the command:
How to connect with freerdp command
To connect to the remote desktop using xfreerdp, run a command of the form:
xfreerdp /f /u:USERNAME /p:PASSWORD /v:HOST[:PORT]
- /f is option means to open the remote desktop in full screen mode
- /u:USERNAME is a name of the account on the computer to which we are connecting
- /p:PASSWORD is a password of the specified account
- /v:HOST[:PORT] is an IP address or name of the computer to which the remote table is connected. PORT optional (recommended: “Windows Computer name: how to change and use”)
For example, I want to open a remote computer desktop with IP address 192.168.0.101, on which there is a Tester user with a password of 1234, and I want to open a remote working collision in full screen mode, then the command is as follows:
xfreerdp /f /u:Tester /p:1234 /v:192.168.0.101
To toggle between full-screen and windowed modes, use the keyboard shortcut Ctrl+Alt+Enter.
When connecting for the first time, the following message about the problem with the certificate appears:
[11:02:36:086] [26320:26321] [INFO][com.freerdp.client.common.cmdline] - loading channelEx cliprdr [11:02:36:096] [26320:26321] [ERROR][com.freerdp.crypto] - @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ [11:02:36:096] [26320:26321] [ERROR][com.freerdp.crypto] - @ WARNING: CERTIFICATE NAME MISMATCH! @ [11:02:36:096] [26320:26321] [ERROR][com.freerdp.crypto] - @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ [11:02:36:096] [26320:26321] [ERROR][com.freerdp.crypto] - The hostname used for this connection (192.168.0.101:3389) [11:02:36:096] [26320:26321] [ERROR][com.freerdp.crypto] - does not match the name given in the certificate: [11:02:36:096] [26320:26321] [ERROR][com.freerdp.crypto] - Common Name (CN): [11:02:36:096] [26320:26321] [ERROR][com.freerdp.crypto] - HackWare-MiAl [11:02:36:096] [26320:26321] [ERROR][com.freerdp.crypto] - A valid certificate for the wrong name should NOT be trusted! Certificate details: Subject: CN = HackWare-MiAl Issuer: CN = HackWare-MiAl Thumbprint: 6a:4c:be:35:23:5f:46:b5:bd:37:15:5e:f7:21:ec:59:aa:c1:1c:3e The above X.509 certificate could not be verified, possibly because you do not have the CA certificate in your certificate store, or the certificate has expired. Please look at the OpenSSL documentation on how to add a private CA to the store. Do you trust the above certificate? (Y/T/N)
Since self-signed certificates are used without a private CA (authentication center, certification authority) added to the store, the only choice is to agree to trust the specified certificate, enter Y for this.
In full screen mode, you can disconnect from the remote desktop in two ways:
- press the cross on the top panel
- Start button → Shutdown → Disconnect
To run in windowed mode, do not use the /f option:
xfreerdp /u:Tester /p:1234 /v:192.168.0.101
Xfreerdp options
The xfreerdp program has many options,I picked up the most interesting of them:
/v:[:port] Server hostname /u. Username /p: Password /f Fullscreen mode (++ toggles fullscreen) /port: Server port /size. Screen size /w: Width /h: Height /monitor-list List detected monitors /monitors:[, [. ]] Select monitors to use -grab-keyboard Disable Grab keyboard -mouse-motion Disable Send mouse motion /log-filters. Set logger filters, see wLog(7) for details /log-level. Set the default log level, see wLog(7) for details +home-drive Enable Redirect user home as share /drive:, Redirect directory as named share +drives Enable Redirect all mount points as shares /t: Window title /ipv6 Prefer IPv6 AAA record over IPv4 A record /kbd:0x or Keyboard layout /kbd-fn-key: Function key value /kbd-list List keyboard layouts /kbd-subtype: Keyboard subtype /kbd-type: Keyboard type
How to create shared folders in freerdp
With remote desktop connected via RDP, you can have shared folders. Let’s look at a few examples.
To connect all mount points in the current system as shared folders on the remote desktop, use the +drives option, for example:
xfreerdp /u:Tester /p:1234 /v:192.168.0.101 +drives
The screenshot shows the remote Windows desktop, in which the Linux system folders are accessible:
To connect only the home folder of the current Linux user as a network folder to the computer via RDP, specify the +home-drive option:
xfreerdp /u:Tester /p:1234 /v:192.168.0.101 +home-drive
In this case, the home folder is mounted on a system connected via the remote desktop protocol:
With the option /drive:NAME,/PATH/IN/LINUX, you can connect any folder with any name. The path in the current system must be specified as /PATH/IN/LINUX, and NAME is the name that will have the share in the remote system. For example, to connect the root folder of the current system (/) to the remote folder with the root name:
xfreerdp /u:Tester /p:1234 /v:192.168.0.101 /drive:root,/
How to bring remote desktop to another monitor
If you have several monitors, then you can choose which one to use for the remote system. To list the monitors, run the command:
Select the monitor (or multiple monitors) identifier using the /monitors:[,[,…]] option.
How to set the size of the remote desktop window
The following example connects to the rdp.contoso.com host with the name USER and is 50 percent of the height.
xfreerdp /u:USER /size:50%h /v:rdp.contoso.com
If width (w) is set instead of height (h), something like /size:50%w, then 50 percent of the width will be used.
How to use rdesktop
To install rdesktop on Debian, Kali Linux, Linux Mint, Ubuntu and derivatives, run the command:
sudo apt install rdesktop
To install rdesktop on Arch Linux and derivatives, run the command:
How to connect to remote desktop with rdesktop
To connect to RDP with rdesktop, use a command of the form:
rdesktop -u USER -p PASSWORD HOST
rdesktop -u Tester -p 1234 192.168.0.101
As usual, at the very beginning there will be a problem with the certificate:
Autoselecting keyboard map 'ru' from locale ATTENTION! The server uses and invalid security certificate which can not be trusted for the following identified reasons(s); 1. Certificate issuer is not trusted by this system. Issuer: CN=HackWare-MiAl Review the following certificate info before you trust it to be added as an exception. If you do not trust the certificate the connection atempt will be aborted: Subject: CN=HackWare-MiAl Issuer: CN=HackWare-MiAl Valid From: Thu Apr 2 20:56:11 2020 To: Fri Oct 2 20:56:11 2020 Certificate fingerprints: sha1: 6a4cbe35235f46b5bd37155ef721ec59aac11c3e sha256: 35368cc1b2ae9e79927bcb8ededed228062de34978aeeeab74bb029ccbc255e9 Do you trust this certificate (yes/no)? yes
We type yes.
Failed to initialize NLA, do you have correct Kerberos TGT initialized ? Failed to connect, CredSSP required by server (check if server has disabled old TLS versions, if yes use -V option).
This is because network-level authentication (Kerberos TGT) is not configured. Setup instructions at: https://github.com/rdesktop/rdesktop/wiki/Network-Level-Authentication-(NLA)
Another option that allows you to connect to Windows via RDP using rdesktop without setting up Network Level Authentication (NLA) is to disable network-level authentication in Windows. It is clear that this will weaken the security of RDP, therefore it is not recommended. But as a “quick dirty fix” this can be done as follows: Start menu → Settings → System → Remote Desktop → Advanced settings → Uncheck “Require computers to use Network Level Authentication at the to connect (recommended)”:
After that, rdesktop connection passes without errors:
In the Windows settings, you could see the link “Why allow connections with Network Level Authentication?”, It says the following:
If you want to restrict who can access your PC, choose to allow access only with Network Level Authentication (NLA). When you enable this option, users have to authenticate themselves to the network before they can connect to your PC. Allowing connections only from computers running Remote Desktop with NLA is a more secure authentication method that can help protect your computer from malicious users and software. To learn more about NLA and Remote Desktop, check out Configure NLA for RDS Connections. If you’re remotely connecting to a PC on your home network from outside of that network, don’t select this option.
How to connect from Linux to another Linux via RDP
There are no special features when connecting using the xfreerdp program, it is enough to start the RDP server, and if you use freerdp-shadow, then the /sam-file:SAM /sec:nla options are also needed:
freerdp-shadow-x11 /sam-file:SAM /sec:nla
Or run xrdp-sesman and xrdp as an RDP server.
And then the connection to Linux via RDP is the same as to Windows:
xfreerdp /u:mial /p:2 /v:192.168.0.73
As for rdesktop, it could not be forced to work with any of the RDP servers under consideration under Linux – if you know how to do this, then write in the comments.
Related articles:
Rdp client kali linux
Kali Linux is supported on many different devices and systems. On some of those systems, you may only get a bare-bones install and occasionally may not have direct access to a GUI such as with WSL or Docker. One simple way to get access to a GUI for Kali is by installing Xfce and setting up RDP. This can be done either manually or with the script provided here, and can be seen below:
Before we can start the process of setting up Xfce and RDP, we must first acknowledge some differences with certain systems Kali is on. The first is Docker. To use this setup with Docker, we must supply a launch command like the following:
docker run -p 3390:3390 —expose=3390 —tty —interactive kalilinux/kali-rolling /bin/bash
For additional usage on Docker, such as how to resume an exited container, please read using Kali Docker images.
For AWS, we must be sure to allow our IP to access the proper ports when we set up the machine.
To use the script we do the following:
[email protected]:/$ apt update && DEBIAN_FRONTEND=noninteractive apt install -y wget kali-linux-headless [email protected]:~$ wget https://gitlab.com/kalilinux/recipes/kali-scripts/-/raw/main/xfce4.sh [email protected]:~$ [email protected]:~$ chmod +x xfce4.sh [email protected]:~$ [email protected]:~$ sudo ./xfce4.sh [email protected]:~$
Setting this up manually will provide more control over what configuration is done, but also will take a bit longer.
If you are using WSL, dbus-x11 needs to be installed next for xrdp and xfce to connect:
[email protected]:~$ sudo apt install -y dbus-x11 [email protected]:~$
After you set up Xfce and RDP, you need to start the service:
[email protected]:~$ sudo systemctl enable xrdp --now [email protected]:~$ # If on WSL or Docker [email protected]:~$ sudo /etc/init.d/xrdp start [email protected]:~$
In the case of AWS, you will need to change the password to the default ‘kali’ account before connecting. This can be done with the following command:
[email protected]:~$ echo kali:kali | sudo chpasswd [email protected]:~$
If you are using Docker, you will need to create a new user. You can do this with adduser
[email protected]:~$ adduser kali [. ] [email protected]:~$
You can then connect with a RDP client to that system. Keep in mind the port that is being used. If you used the script, the port would be 3390. In the case of WSL and Docker, the IP would be 127.0.0.1:3390 that you would wish to connect to from your windows system (or the host systems IP from a separate computer). In the case of AWS, the IP would be the same as you use to connect via SSH.
You may encounter the error Authentication Required to Create Managed Color Device when trying to connect. Do the following to fix this issue.
Updated on: 2023-May-19
Author: gamb1t