Install XRDP Remote Desktop to CentOS 6.5

XRDP Logged In

XRDP is a wonderful Remote Desktop protocol application that allows you to RDP to your servers/workstations from any Windows machine, MAC running an RDP app or even Linux using an RDP app such as Remmina. This was written for the new CentOS 6.5 on 64-bit but should work the same on any 6.x and 5.x Red Hat clone with the correct EPEL repositories.

Fist we need to download and install the EPEL repository for your correct version if you do now know what architecture you are using you can verify it with the below command. If the end shows x86_64 then you have a 64-bit install, if it shows i386 then it is a 32-bit install:

[root@server ~]# uname -r
2.6.32-431.el6.x86_64

Once you determine your architecture then you can install the correct EPEL repository with the below commands:

wget http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
rpm -ivh epel-release-6-8.noarch.rpm
wget http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
rpm -ivh epel-release-6-8.noarch.rpm

You can verify that the EPEL repository is there by running the below command and you should see the EPEL repository listed as you can see here in line #10 which is highlighted:

[root@server ~]# yum repolist
Loaded plugins: fastestmirror, refresh-packagekit, security
Loading mirror speeds from cached hostfile
 * base: mirror.thelinuxfix.com
 * epel: mirror.cogentco.com
 * extras: centos.mirror.nac.net
 * updates: centos.mirror.netriplex.com
repo id                         repo name                                                               status
base                            CentOS-6 - Base                                                          6,367
epel                            Extra Packages for Enterprise Linux 6 - x86_64                          10,220
extras                          CentOS-6 - Extras                                                           14
updates                         CentOS-6 - Updates                                                         286
repolist: 16,887

Once you have verified the EPEL repository is installed correctly you need to perform the last few steps below this will install XRDP and Tiger VNC Server for you to connect to. The Front end of XRDP uses the RDP protocol and internally it uses VNC to connect and display the Remote Desktop to you.

[root@server ~]# yum install xrdp tigervnc-server
[root@server ~]# service vncserver start
[root@server ~]# service xrdp start
[root@server ~]# chkconfig xrdp on
[root@server ~]# chkconfig vncserver on

Once fully installed you should be able to use any RDP client to connect to your machine. When you connect you are brought to the XRDP Login window. For the module keep sesman-Xvnc and just enter your credentials (root, username, etc) and password. Click OK and you will see the processing and you should have your desktop show in a few seconds.
XRDP Login Window XRDP Logged In

If you are not able to get connected to the XRDP Login window check your iptables settings. If you are using iptables you need to edit your rules and add the port 3389 to the INPUT list. You can use the below commands to accomplish this (note that the port number shows as the service name ms-wbt-server instead of 3389):

[root@server ~]# iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 3389 -j ACCEPT
[root@server ~]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[  OK  ]
[root@server ~]# service iptables restart
iptables: Setting chains to policy ACCEPT: filter          [  OK  ]
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Unloading modules:                               [  OK  ]
iptables: Applying firewall rules:                         [  OK  ]
[root@server ~]# 
[root@server ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ms-wbt-server
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     icmp --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited


Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

10 Comments

  • Sum Yung Gai says:

    You can also do this without having to directly allow TCP 3389 in iptables, by running the RDP session through an SSH tunnel. Here’s how I do it.

    First, establish the SSH tunnel from your local box to whatever server you’re looking to get to (we’ll call it, “MyServer”.

    ssh -L 3389:localhost:3389 MyUserName@MyServer

    Then, fire up your RDP client as you normally would, but instead of “MyServer”, you’d point to “localhost”, like this. I’ll use rdesktop as my example, but it works equally well with tsclient.

    rdesktop -u MyUserName localhost

    And up comes your RDP session! :-)

    What’s happening here is this. The SSH tunnel we made earlier will take any TCP 3389 traffic from your local box and send it to “MyServer” (the remote box) on TCP 3389. That includes RDP traffic running on that same port. :-) The “entrance” to this tunnel is on our local box, with the “exit” at “MyServer”. So, we just aim our local rdesktop client at “localhost” (our own box), which naturally will happen on the standard RDP port. That’s where the TCP 3389 traffic gets accepted by the “entrance” to the SSH tunnel, and off it goes across the tunnel to “MyServer”. That’s why you’ve got to remember to point the RDP client at “localhost”. It sounds a bit more complicated than it is, but I can assure you, it does work very well.

    Return traffic naturally comes back the same way.

    Not only does this mean you don’t expose the daemon to port scanners, but you also get the goodness of SSH encryption for the session. It’s a win all around.

    –SYG

  • Robert says:

    I followed you instructions, on CentOS release 6.5 (Final) couldn’t start VNC but other steps work and I am able to access my CentOS server from windows 8.1 remote desktop.
    TX for the clear instructions.

    Regards,
    Robert

  • Bill says:

    Alan – thanks this is perfect and worked!!! I hav been struggling to get teh xrdp running on my server

    Geat work

  • Ashu says:

    Dear Sir,

    Thank you for your post, I could install it successfully but VNC failed. xrdp started but the disply is blank no desktop or file manger.. my vps is linux centos X64. any help?

    Thanks and Regards,

    Ashutosh

  • Kamran Ahmed says:

    Hi

    Nice info i have configured with CentOS 6.5 with Windows 7 RDP with no errors

    Thanks

  • TS says:

    Hi Alan,
    1st of all thanks. Got it working.

    Anyway ideal how to configure it to support sound ?

    For Ubuntu I got xrdp working following http://scarygliders.net/2012/04/06/get-audio-with-your-xrdpx11rdp-connections-lan-or-remote/

    In summary, on the Centos server where xrdp was install, the user account need to have $HOME/.xsession with this statement “export PULSE_SERVER=client_ip:4713″

    On client ( Remmina running) need to have PulseAudio running and accept connection of audio.
    Thanks

  • joe greer says:

    CenOS 6.5 x64 it does not work, too many changes with Linux/CentOS/packages to keep this stuff working easy. Google needs to make a dekstop Linux OS to put all these crappy distros to bed.

  • Abid says:

    Thanks for the share!

    It worked nicely.

  • Randy Sinurat says:

    I cannot start the vncserver service.
    But i can start the xrdp service.
    Can you please help me?

  • cinta2maret says:

    wow, thanks for tuts. i’m just searching about this

5 Trackbacks

Leave a Reply

Your email address will not be published. Required fields are marked *


*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>