先日、CentOS 8にxrdpをインストールしてWindows PCからRemote Desktop接続を試してみました。
今回は逆のCentOS 8にFreeRDPをインストールしてWindows PCへRemote Desktop接続を試してみます。
FreeRDP: A Remote Desktop Protocol Implementation
http://www.freerdp.com/
https://github.com/FreeRDP/FreeRDP
環境
・CentOS Linux release 8.2.2004 (Core)
・Kernel 4.18.0-193.6.3.el8_2.x86_64
- freerdpのインストール
freerdpは標準リポジトリ(AppStream)にありますので簡単にインストールできます。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 |
[root@centos8 ~]# dnf info freerdp Available Packages Name : freerdp Epoch : 2 Version : 2.0.0 Release : 46.rc4.el8_2.2 Architecture : x86_64 Size : 107 k Source : freerdp-2.0.0-46.rc4.el8_2.2.src.rpm Repository : AppStream Summary : Free implementation of the Remote Desktop Protocol (RDP) URL : http://www.freerdp.com/ License : ASL 2.0 Description : The xfreerdp & wlfreerdp Remote Desktop Protocol (RDP) clients : from the FreeRDP project. : : xfreerdp & wlfreerdp can connect to RDP servers such as Microsoft : Windows machines, xrdp and VirtualBox. [root@centos8 ~]# dnf -y install freerdp Dependencies resolved. ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: freerdp x86_64 2:2.0.0-46.rc4.el8_2.2 AppStream 107 k Installing dependencies: freerdp-libs x86_64 2:2.0.0-46.rc4.el8_2.2 AppStream 824 k libwinpr x86_64 2:2.0.0-46.rc4.el8_2.2 AppStream 335 k Transaction Summary ================================================================================ Install 3 Packages Total download size: 1.2 M Installed size: 3.9 M Downloading Packages: (1/3): freerdp-2.0.0-46.rc4.el8_2.2.x86_64.rpm 259 kB/s | 107 kB 00:00 (2/3): libwinpr-2.0.0-46.rc4.el8_2.2.x86_64.rpm 742 kB/s | 335 kB 00:00 (3/3): freerdp-libs-2.0.0-46.rc4.el8_2.2.x86_64 1.6 MB/s | 824 kB 00:00 -------------------------------------------------------------------------------- Total 978 kB/s | 1.2 MB 00:01 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : libwinpr-2:2.0.0-46.rc4.el8_2.2.x86_64 1/3 Running scriptlet: libwinpr-2:2.0.0-46.rc4.el8_2.2.x86_64 1/3 Installing : freerdp-libs-2:2.0.0-46.rc4.el8_2.2.x86_64 2/3 Running scriptlet: freerdp-libs-2:2.0.0-46.rc4.el8_2.2.x86_64 2/3 Installing : freerdp-2:2.0.0-46.rc4.el8_2.2.x86_64 3/3 Running scriptlet: freerdp-2:2.0.0-46.rc4.el8_2.2.x86_64 3/3 Verifying : freerdp-2:2.0.0-46.rc4.el8_2.2.x86_64 1/3 Verifying : freerdp-libs-2:2.0.0-46.rc4.el8_2.2.x86_64 2/3 Verifying : libwinpr-2:2.0.0-46.rc4.el8_2.2.x86_64 3/3 Installed products updated. Installed: freerdp-2:2.0.0-46.rc4.el8_2.2.x86_64 freerdp-libs-2:2.0.0-46.rc4.el8_2.2.x86_64 libwinpr-2:2.0.0-46.rc4.el8_2.2.x86_64 Complete! |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
[root@centos8 ~]# repoquery --list freerdp /usr/bin/winpr-hash /usr/bin/winpr-makecert /usr/bin/wlfreerdp /usr/bin/xfreerdp /usr/lib/.build-id /usr/lib/.build-id/11 /usr/lib/.build-id/11/f614545124b5f942688e83d8bf65d39519beed /usr/lib/.build-id/7e /usr/lib/.build-id/7e/680d95f2c2c3dc80599eee91819c24ba4b3e95 /usr/lib/.build-id/8f /usr/lib/.build-id/8f/184a81cbd67a0131ef27c0948424fff9d4447f /usr/lib/.build-id/d8 /usr/lib/.build-id/d8/53d5c3aef9a2e3ce6b082eae69a25a610161b2 /usr/share/man/man1/winpr-hash.1.gz /usr/share/man/man1/winpr-makecert.1.gz /usr/share/man/man1/wlfreerdp.1.gz /usr/share/man/man1/xfreerdp.1.gz |
試しにWindowsPC-A[mstsc.exe] ⇒ [xrdp]CentOS8[xfreerdp] ⇒ WindowsPC-Bで接続してみました。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 |
[guest@centos8 ~]$ xfreerdp /u:rootlinks /v:windows10.rootlinks.net [10:42:39:814] [17192:17193] [INFO][com.freerdp.client.common.cmdline] - loading channelEx cliprdr [10:42:39:832] [17192:17193] [ERROR][com.freerdp.crypto] - @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ [10:42:39:832] [17192:17193] [ERROR][com.freerdp.crypto] - @ WARNING: CERTIFICATE NAME MISMATCH! @ [10:42:39:832] [17192:17193] [ERROR][com.freerdp.crypto] - @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ [10:42:39:832] [17192:17193] [ERROR][com.freerdp.crypto] - The hostname used for this connection (windows10.rootlinks.net:3389) [10:42:39:832] [17192:17193] [ERROR][com.freerdp.crypto] - does not match the name given in the certificate: [10:42:39:832] [17192:17193] [ERROR][com.freerdp.crypto] - Common Name (CN): [10:42:39:832] [17192:17193] [ERROR][com.freerdp.crypto] - WINDOWSPC [10:42:39:832] [17192:17193] [ERROR][com.freerdp.crypto] - A valid certificate for the wrong name should NOT be trusted! Certificate details: Subject: CN = WINDOWSPC Issuer: CN = WINDOWSPC Thumbprint: da:c6:48:75:08:3d:7c:36:f5:f7:86:bb:aa:ee:22:cc:cc:09:aa:11 The above X.509 certificate could not be verified, possibly because you do not have the CA certificate in your certificate store, or the certificate has expired. Please look at the OpenSSL documentation on how to add a private CA to the store. Do you trust the above certificate? (Y/T/N) Y Password: [10:42:51:727] [17192:17193] [INFO][com.freerdp.gdi] - Local framebuffer format PIXEL_FORMAT_RGB16 (snip) |
取り合えず WindowsPC-Bではファイアウォールを無効にして接続できました。
man xfreerdpから抜粋
DESCRIPTION
xfreerdp is an X11 Remote Desktop Protocol (RDP) client which is part
of the FreeRDP project. An RDP server is built-in to many editions of
Windows. Alternative servers included xrdp and VRDP (VirtualBox).
man wlfreerdpから抜粋
DESCRIPTION
wlfreerdp is a wayland Remote Desktop Protocol (RDP) client which is
part of the FreeRDP project. A RDP server is built-in to many editions
of Windows. Alternative servers included xrdp and VRDP (VirtualBox).
help xfreerdp
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 |
[guest@centos8 ~]$ xfreerdp /? FreeRDP - A Free Remote Desktop Protocol Implementation See www.freerdp.com for more information Usage: xfreerdp [file] [options] [/v:<server>[:port]] Syntax: /flag (enables flag) /option:<value> (specifies option with value) +toggle -toggle (enables or disables toggle, where '/' is a synonym of '+') /a:<addin>[,<options>] Addin /action-script:<file-name> Action script /admin Admin (or console) session +aero Enable desktop composition /app:<path> or ||<alias> Remote application program /app-cmd:<parameters> Remote application command-line parameters /app-file:<file-name> File to open with remote application /app-guid:<app-guid> Remote application GUID /app-icon:<icon-path> Remote application icon for user interface /app-name:<app-name> Remote application name for user interface /assistance:<password> Remote assistance password +async-channels Enable Asynchronous channels (experimental) +async-input Enable Asynchronous input +async-update Enable Asynchronous update /audio-mode:<mode> Audio output mode +auth-only Enable Authenticate only -authentication Disable Authentication (expermiental) +auto-reconnect Enable Automatic reconnection /auto-reconnect-max-retries:... Automatic reconnection maximum retries, 0 for unlimited [0,1000] -bitmap-cache Disable bitmap cache /bpp:<depth> Session bpp (color depth) /buildconfig Print the build configuration /cert-ignore Ignore certificate /cert-name:<name> Certificate name /cert-tofu Automatically accept certificate on first connect /client-hostname:<name> Client Hostname to send to server -clipboard Disable Redirect clipboard /codec-cache:rfx|nsc|jpeg Bitmap codec cache -compression Disable compression /compression-level:<level> Compression level (0,1,2) +credentials-delegation Enable credentials delegation /d:<domain> Domain -decorations Disable Window decorations /disp Display control /drive:<name>,<path> Redirect directory <path> as named share <name> +drives Enable Redirect all mount points as shares /dvc:<channel>[,<options>] Dynamic virtual channel /dynamic-resolution Send resolution updates when the window is resized /echo Echo channel -encryption Disable Encryption (experimental) /encryption-methods:... RDP standard security encryption methods /f Fullscreen mode (<Ctrl>+<Alt>+<Enter> toggles fullscreen) -fast-path Disable fast-path input/output +fipsmode Enable FIPS mode -floatbar Disable floatbar in fullscreen mode +fonts Enable smooth fonts (ClearType) /frame-ack:<number> Number of frame acknowledgement /from-stdin[:force] Read credentials from stdin. With <force> the prompt is done before connection, otherwise on server request. /g:<gateway>[:<port>] Gateway Hostname /gateway-usage-method:direct|detect Gateway usage method /gd:<domain> Gateway domain /gdi:sw|hw GDI rendering /geometry Geometry tracking channel +gestures Enable Consume multitouch input locally /gfx[:RFX] RDP8 graphics pipeline (experimental) +gfx-progressive Enable RDP8 graphics pipeline using progressive codec +gfx-small-cache Enable RDP8 graphics pipeline using small cache mode +gfx-thin-client Enable RDP8 graphics pipeline using thin client mode +glyph-cache Enable Glyph cache (experimental) /gp:<password> Gateway password -grab-keyboard Disable Grab keyboard /gt:rpc|http|auto Gateway transport type /gu:... Gateway username /gat:<access token> Gateway Access Token /h:<height> Height +heartbeat Enable Support heartbeat PDUs /help Print help +home-drive Enable Redirect user home as share /ipv6 Prefer IPv6 AAA record over IPv4 A record /jpeg JPEG codec support /jpeg-quality:<percentage> JPEG quality /kbd:0x<id> or <name> Keyboard layout /kbd-fn-key:<value> Function key value /kbd-list List keyboard layouts /kbd-subtype:<id> Keyboard subtype /kbd-type:<id> Keyboard type /load-balance-info:<info-string> Load balance info /log-filters:... Set logger filters, see wLog(7) for details /log-level:... Set the default log level, see wLog(7) for details /max-fast-path-size:<size> Specify maximum fast-path update size /max-loop-time:<time> Specify maximum time in milliseconds spend treating packets +menu-anims Enable menu animations /microphone[:...] Audio input (microphone) /monitor-list List detected monitors /monitors:<id>[,<id>[,...]] Select monitors to use -mouse-motion Disable Send mouse motion /multimedia[:...] Redirect multimedia (video) /multimon[:force] Use multiple monitors +multitouch Enable Redirect multitouch input +multitransport Enable Support multitransport protocol -nego Disable protocol security negotiation /network:... Network connection type /nsc NSCodec support -offscreen-cache Disable offscreen bitmap cache /orientation:0|90|180|270 Orientation of display in degrees +old-license Enable Use the old license workflow (no CAL and hwId set to 0) /p:<password> Password /parallel[:<name>[,<path>]] Redirect parallel device /parent-window:<window-id> Parent window id +password-is-pin Enable Use smart card authentication with password as smart card PIN /pcb:<blob> Preconnection Blob /pcid:<id> Preconnection Id /pheight:<height> Physical height of display (in millimeters) /play-rfx:<pcap-file> Replay rfx pcap file /port:<number> Server port +print-reconnect-cookie Enable Print base64 reconnect cookie after connecting /printer[:<name>[,<driver>]] Redirect printer device /proxy:... Proxy settings: override env.var (see also environment variable below). Protocol "socks5" should be given explicitly where "http" is default. Note: socks proxy is not supported by env. variable /pth:<password-hash> Pass the hash (restricted admin mode) /pwidth:<width> Physical width of display (in millimeters) /reconnect-cookie:<base64-cookie> Pass base64 reconnect cookie to the connection /redirect-prefer:... Override the preferred redirection order /relax-order-checks Do not check if a RDP order was announced during capability exchange, only use when connecting to a buggy server /restricted-admin Restricted admin mode /rfx RemoteFX /rfx-mode:image|video RemoteFX mode /scale:100|140|180 Scaling factor of the display /scale-desktop:<percentage> Scaling factor for desktop applications (value between 100 and 500) /scale-device:100|140|180 Scaling factor for app store applications /sec:rdp|tls|nla|ext Force specific protocol security +sec-ext Enable NLA extended protocol security -sec-nla Disable NLA protocol security -sec-rdp Disable RDP protocol security -sec-tls Disable TLS protocol security /serial[:...] Redirect serial device /shell:<shell> Alternate shell /shell-dir:<dir> Shell working directory /size:... Screen size /smart-sizing[:<width>x<height>] Scale remote desktop to window size /smartcard[:<str>[,<str>…]] Redirect the smartcard devices containing any of the <str> in their names. /smartcard-logon Activates Smartcard Logon authentication. (EXPERIMENTAL: NLA not supported) /sound[:...] Audio output (sound) /span Span screen over multiple monitors /spn-class:<service-class> SPN authentication service class /ssh-agent SSH Agent forwarding channel /t:<title> Window title -themes Disable themes /tls-ciphers:netmon|ma|ciphers Allowed TLS ciphers /tls-seclevel:<level> TLS security level - defaults to 1 -toggle-fullscreen Disable Alt+Ctrl+Enter toggles fullscreen /u:... Username +unmap-buttons Enable Let server see real physical pointer button /usb:... Redirect USB device /v:<server>[:port] Server hostname /vc:<channel>[,<options>] Static virtual channel /version Print version /video Video optimized remoting channel /vmconnect[:<vmid>] Hyper-V console (use port 2179, disable negotiation) /w:<width> Width -wallpaper Disable wallpaper +window-drag Enable full window drag /window-position:<xpos>x<ypos> window position /wm-class:<class-name> Set the WM_CLASS hint for the window instance /workarea Use available work area Examples: xfreerdp connection.rdp /p:Pwd123! /f xfreerdp /u:CONTOSO\JohnDoe /p:Pwd123! /v:rdp.contoso.com xfreerdp /u:JohnDoe /p:Pwd123! /w:1366 /h:768 /v:192.168.1.100:4489 xfreerdp /u:JohnDoe /p:Pwd123! /vmconnect:C824F53E-95D2-46C6-9A18-23A5BB403532 /v:192.168.1.100 Clipboard Redirection: +clipboard Drive Redirection: /drive:home,/home/user Smartcard Redirection: /smartcard:<device> Serial Port Redirection: /serial:<name>,<device>,[SerCx2|SerCx|Serial],[permissive] Serial Port Redirection: /serial:COM1,/dev/ttyS0 Parallel Port Redirection: /parallel:<name>,<device> Printer Redirection: /printer:<device>,<driver> Audio Output Redirection: /sound:sys:oss,dev:1,format:1 Audio Output Redirection: /sound:sys:alsa Audio Input Redirection: /microphone:sys:oss,dev:1,format:1 Audio Input Redirection: /microphone:sys:alsa Multimedia Redirection: /multimedia:sys:oss,dev:/dev/dsp1,decoder:ffmpeg Multimedia Redirection: /multimedia:sys:alsa USB Device Redirection: /usb:id,dev:054c:0268 For Gateways, the https_proxy environment variable is respected: export https_proxy=http://proxy.contoso.com:3128/ xfreerdp /g:rdp.contoso.com ... More documentation is coming, in the meantime consult source files |