Introduction to xrdp
xrdp is an open-source remote desktop protocol (RDP) server that allows Linux system users to offer a graphical desktop session accessible from any RDP-compatible client, such as the Windows Remote Desktop client or third-party applications on macOS and mobile. This solution creates the gap between Linux environments and RDP-dependent workflows, facilitating remote work, server management and technical support without installing proprietary software on the Linux machine.
Installation in popular distributions
In Ubuntu and Debian, the xrdp package is in the official repositories and can be installed withsudo apt updatefollowed bysudo apt install xrdp. In Fedora, the command issudo dnf install xrdpwhile Arch Linux is usedsudo pacman -S xrdp. After installation, it is necessary to enable and start the service withsudo systemctl enable xrdpandsudo systemctl start xrdp. Some desktop environments require an additional session module, such asxorgxrdp, which is installed in a similar way and allows for better integration with the window manager.
Basic configuration
The main configuration file is found in/etc/xrdp/xrdp.ini. Here you can adjust ports, security levels and coding options. By default, xrdp listens at port 3389, the same one that uses Windows RDP service. To change the port, edit the lineport=3389to another free value and restart service. The file/etc/xrdp/sesman.inicontrol the session manager; here you can define authorisation policies, session life and the type of shell that will be launched at the start of the connection.
Use and connection from Windows
Once the service is active, open the Remote Desktop client on Windows, type the IP address or host name of the Linux machine and click Connect. You will be asked for the username and password of a valid account on the Linux system. If everything is set correctly, the desktop of the graphic environment you have chosen (e.g., GNOME, KDE, XFCE) will appear. It is possible to select different types of session from the xrdp dialog box, such as Xorg, Xvnc or a custom environment, according to the installed module.
Security and best practices
- Use SSH or VPN tunnels to encrypt RDP traffic, as the basic RDP protocol does not provide strong encryption by default.
- Restrict access to port 3389 by firewalls (ufw, firewall or iptables) allowing only reliable IP addresses.
- Disable the use of credentials in flat text and enable network-level authentication (NLA) if your client supports it, adding the line
security_layer=negotiateandcrypt_level=highin xrdp.ini. - Keep the xrdp package and its units up to date to benefit from the latest security patches.
- Check the records in
/var/log/xrdp.logand/var/log/xrdp-sesman.logto detect attempts at unauthorized access.
Common problem solution
If the connection fails with a message from «connection rejected», check that the xrdp service is active (systemctl status xrdp) and that the port is listening (ss -tlnp | grep 3389). In case of black screen after authentication, make sure that the appropriate session module (xorgxrdp or xvnc) is installed and that the window manager is started properly; sometimes it is necessary to specify the start command in/etc/X11/Xsession. Keyboard problems can be solved by adjusting the layout in the file/etc/xrdp/km-0409.ini(for keyboard in English) or creating a custom mapping file according to the language code.
Conclusion
xrdp is a versatile and low-cost tool to bring the Linux desktop to any RDP client, integrating well into heterogeneous environments where Windows remains predominant. With simple installation, flexible configuration options and good security practices, managers can offer reliable remote access without relying on proprietary solutions. Whether for technical support, home work or server management, xrdp remains a valid and active option within the free software ecosystem.
