Introduction to xrdp
xrdp is an open-source Remote Desktop Protocol (RDP) server that allows Linux system users to provide a graphical desktop session accessible from any RDP-compatible client, such as the Windows Remote Desktop client or third-party applications on macOS and mobile devices. This solution bridges the gap between Linux environments and workflows that rely on RDP, facilitating remote work, server administration, and technical support without needing to install proprietary software on the Linux machine.
Installation on Popular Distributions
On Ubuntu and Debian, the xrdp package is available in the official repositories and can be installed with sudo apt update followed by sudo apt install xrdp. On Fedora, the command is sudo dnf install xrdp, while on Arch Linux you use sudo pacman -S xrdp. After installation, you need to enable and start the service with sudo systemctl enable xrdp and sudo systemctl start xrdp. Some desktop environments require an additional session module, such as xorgxrdp, which is installed similarly and provides better integration with the window manager.
Basic Configuration
The main configuration file is located at /etc/xrdp/xrdp.ini. Here you can adjust ports, security levels, and encoding options. By default, xrdp listens on port 3389, the same port used by the Windows RDP service. To change the port, edit the line port=3389 to another free value and restart the service. The file /etc/xrdp/sesman.ini controls the session manager; here you can define authorization policies, session lifetime, and the type of shell that will be launched when the connection starts.
Usage and Connection from Windows
Once the service is active, open the Remote Desktop client on Windows, type the IP address or hostname of the Linux machine, and click Connect. You will be prompted for the username and password of a valid account on the Linux system. If everything is configured correctly, the desktop of the graphical environment you have chosen (e.g., GNOME, KDE, XFCE) will appear. You can select different session types from the xrdp dialog box, such as Xorg, Xvnc, or a custom environment, depending on the installed module.
Security and Best Practices
- Use SSH tunnels or a VPN to encrypt RDP traffic, as the basic RDP protocol does not provide strong encryption by default.
- Restrict access to port 3389 via firewalls (ufw, firewalld or iptables) allowing only trusted IP addresses.
- Disable the use of plain-text credentials and enable Network Level Authentication (NLA) if your client supports it, by adding the line
security_layer=negotiateandcrypt_level=highin xrdp.ini. - Keep the xrdp package and its dependencies up to date to benefit from the latest security patches.
- Review the logs in
/var/log/xrdp.logand/var/log/xrdp-sesman.logto detect unauthorized access attempts.
Common Troubleshooting
If the connection fails with a “connection refused” message, verify that the xrdp service is active (systemctl status xrdp) and that the port is listening (ss -tlnp | grep 3389). In case of a black screen after authentication, ensure that the appropriate session module (xorgxrdp or xvnc) is installed and that the window manager starts correctly; sometimes you need to specify the startup command in /etc/X11/Xsession. Keyboard issues can be resolved by adjusting the layout in the file /etc/xrdp/km-0409.ini (for English keyboard) or by creating a custom mapping file according to the language code.
Conclusion
xrdp is a versatile, low-cost tool for bringing the Linux desktop to any RDP client, integrating well in heterogeneous environments where Windows remains predominant. With a simple installation, flexible configuration options, and good security practices, administrators can provide reliable remote access without relying on proprietary solutions. Whether for technical support, working from home, or server management, xrdp remains a valid and active option within the free software ecosystem.
This post is also available in ESPAÑOL.