forked from neutrinolabs/xrdp
-
Notifications
You must be signed in to change notification settings - Fork 1
TLS security layer
speidy edited this page Nov 21, 2014
·
4 revisions
Hello,
xrdp is now supports TLS security layer connections from RDP clients. in order to use TLS in xrdp server, you will need:
1. an x509 certificate and a private key. Self-signed certificate can be generated using openssl tool: example: openssl req -x509 -newkey rsa:2048 -nodes -keyout key.pem -out cert.pem -days 365 you can point xrdp server to the certificate and key file in xrdp.ini config file: certificate=<path></path> key_file=<path></path> (default path for certificate and key will be /etc/xrdp/cert.pem and /etc/xrdp/key.pem) Note: you may give read permissions on the key file only for root (xrdp is running as root).
2. Set xrdp to negotiate TLS: in xrdp.ini file, set: security_layer=tls
Notes:
- Security layer negotiation is not fully implemented yet
- TLS direct connections cannot be accepted by xrdp for now (http://msdn.microsoft.com/en-us/library/cc240799.aspx)