Building on Debian (or Ubuntu, etc) - neutrinolabs/xrdp GitHub Wiki
Introduction
These are steps for building and configuring xrdp 0.10.x and xorgxrdp 0.10.x, on Debian and derivatives, including Ubuntu.
Security
These instructions assume you will want to configure the xrdp daemon to run as an unprivileged user. This feature is available for xrdp version v0.10.2 and later.
Backends
xrdp can use one of these backends:
xorgxrdp: use the existingXorginstallation and add a modulexorgxrdpfor providing modules for RDP suppportXvnc: a VNC server with X11 support
The preferred backend is xorgxrdp.
This configuration only activates the Xorg backend, so when connecting with a RDP client, be sure to use this session type.
You must install at least one of these backends!
Build & Install xrdp
Get the sources
Check https://github.com/neutrinolabs/xrdp/releases/latest to find the latest version. We use 0.10.3 as an example here.
XRDP_VERSION=0.10.3
XRDP_SRC_DIR="${PWD}"/xrdp
wget https://github.com/neutrinolabs/xrdp/releases/download/v${XRDP_VERSION}/xrdp-${XRDP_VERSION}.tar.gz
tar xvzf xrdp-${XRDP_VERSION}.tar.gz
mv xrdp-${XRDP_VERSION} "${XRDP_SRC_DIR}" ; # renaming to make the other steps clearer
cd "${XRDP_SRC_DIR}"
Alternatively, clone the git repository if you need the devel branch: git clone https://github.com/neutrinolabs/xrdp.git.
Install dependencies
We have a script which we use to install xrdp dependencies when we test xrdp using continuous integration (CI). Installing dependencies with this script is the easiest way to get all dependencies installed.
If you did NOT clone the git repository to get the sources, you will need to fetch the script directory from Github. Do that with these commands:-
wget https://raw.githubusercontent.com/neutrinolabs/xrdp/refs/tags/v${XRDP_VERSION}/scripts/install_xrdp_build_dependencies_with_apt.sh
chmod +x install_xrdp_build_dependencies_with_apt.sh
sudo ./install_xrdp_build_dependencies_with_apt.sh max
If you cloned the git repository to get the sources, the script is already present. Use this command to install the dependencies:-
sudo ./scripts/install_xrdp_build_dependencies_with_apt.sh max
This script is only regularly tested on Github's latest x86_64 CI version of Ubuntu, but should work on other systems. If it doesn't feel free to raise an issue and we can discuss it.
Build
Note: adapt the configure line below to activate your needed features:
./bootstrap
./configure --with-systemdsystemunitdir=/usr/lib/systemd/system \
--enable-ibus --enable-ipv6 --enable-jpeg --enable-fuse --enable-mp3lame \
--enable-fdkaac --enable-opus --enable-rfxcodec --enable-painter \
--enable-pixman --enable-utmp -with-imlib2 --with-freetype2 \
--enable-tests --enable-x264 --enable-openh264 --enable-vsock
make
If you are building on a Debian-based distro which does not use systemd (e.g. Devuan), please omit the --with-systemdsystemunitdir= option.
Install the xrdp server on your system
If you have xrdp installed from a debian/ubuntu package, remove it first with sudo apt purge xrdp.
sudo make install
sudo ln -s /usr/local/sbin/xrdp{,-sesman} /usr/sbin
Configure xrdp
Create a local user to run xrdp
sudo adduser --system --group --no-create-home --disabled-password --disabled-login --home /run/xrdp xrdp
Edit /etc/xrdp/xrdp.ini, and uncomment these lines:-
runtime_user=xrdp
runtime_group=xrdp
Edit /etc/xrdp/sesman.ini and uncomment this line:-
SessionSockdirGroup=xrdp
Then:-
sudo chmod 640 /etc/xrdp/rsakeys.ini
sudo chown root:xrdp /etc/xrdp/rsakeys.ini
Certificate
If you know what you are doing, generate an X.509 certificate and private key in /etc/xrdp/cert.pem and /etc/xrdp/key.pem. Both the certificate and key must be readable by the xrdp group.
If you're happy to use the standard Debian self-signed snakeoil certificate:-
# Generate the certificate and key
sudo make-ssl-cert generate-default-snakeoil
# Link the certificate into the xrdp config
sudo ln -sf /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/xrdp/cert.pem
# Link the private key into the xrdp config
sudo ln -sf /etc/ssl/private/ssl-cert-snakeoil.key /etc/xrdp/key.pem
# Make sure xrdp can read the private key
sudo usermod -a -G ssl-cert xrdp
Check file permissions
This command checks all the file permissions are correct to run xrdp without root privilege:-
sudo /usr/local/share/xrdp/xrdp-chkpriv
Example output:-
Settings
- [xrdp.ini] runtime_user : xrdp
- [xrdp.ini] runtime_group : xrdp
- [xrdp.ini] certificate : /etc/xrdp/cert.pem
- [xrdp.ini] key_file : /etc/xrdp/key.pem
- [sesman.ini] SessionSockdirGroup : xrdp
[ OK ] runtime_user 'xrdp' appears to exist
[ OK ] runtime_group 'xrdp' appears to exist
[ OK ] xrdp.ini and sesman.ini agree on group ownership
[ OK ] /etc/xrdp/rsakeys.ini has correct permissions
[ OK ] /etc/xrdp/cert.pem is read-only for xrdp:xrdp
[ OK ] /etc/xrdp/key.pem is read-only for xrdp:xrdp
[ OK ] -Summary- Permissions appear to be correct to run xrdp unprivileged
If any lines are tagged with [ NG ] rather than [ OK ], investigate and correct the errors.
Start xrdp
sudo systemctl enable --now xrdp xrdp-sesman
Build, install and configure xorgxrdp
Get the sources
Check https://github.com/neutrinolabs/xorgxrdp/releases/latest to find the version of xorgxrdp which works with your version of xrdp.
XORG_XRDP_SRC_DIR="${PWD}"/xorgxrdp
wget https://github.com/neutrinolabs/xorgxrdp/releases/download/v0.10.4/xorgxrdp-0.10.4.tar.gz
tar xvzf xorgxrdp-0.10.4.tar.gz
mv xorgxrdp-0.10.4 xorgxrdp # renaming to make the other steps clearer
Alternatively, clone the git repository if you need the devel branch: git clone https://github.com/neutrinolabs/xorgxrdp.git.
Build & Install the sources:
cd "${XORG_XRDP_SRC_DIR}"
sudo scripts/install_xorgxrdp_build_dependencies_with_apt.sh
./bootstrap
./configure --enable-glamor
make
sudo make install
Configure xorgxrdp
Edit /etc/xrdp/sesman.ini. Look for the line param=Xorg and replace it with the line param=/usr/lib/xorg/Xorg. The comments in the file should hopefully make this clear.