Introduction to Remote Desktop on Linux
Most Linux administrators live and breathe in the terminal via SSH. It is efficient, secure, and fast. However, there are scenarios where a Graphical User Interface (GUI) is indispensable—whether you are running legacy software that requires a windowing system, performing cross-browser testing, or simply prefer a visual file manager for complex operations. This is where XRDP comes into play.
XRDP is an open-source implementation of the Microsoft Remote Desktop Protocol (RDP). It allows you to connect to a Linux machine from Windows, macOS, or even another Linux box using standard RDP clients. Unlike VNC, which sends screen updates as images, RDP is generally more efficient over lower-bandwidth connections and integrates better with Windows clients.
Quick Start (5 min): Get XRDP Running on Ubuntu
If you need a remote desktop immediately, follow these steps to get a basic environment up and running. I recommend using XFCE for the desktop environment because it is lightweight and stable over remote connections.
Step 1: Install a Desktop Environment
sudo apt update
sudo apt install xfce4 xfce4-goodies -yStep 2: Install XRDP
sudo apt install xrdp -y
sudo systemctl enable --now xrdpStep 3: Configure the Session
Tell XRDP to use XFCE when you log in:
echo "xfce4-session" > ~/.xsessionStep 4: Open the Firewall
sudo ufw allow 3389/tcpYou can now connect using the Remote Desktop Connection app from Windows using your server’s IP address.
Deep Dive: Choosing the Right Desktop Environment
The choice of Desktop Environment (DE) significantly impacts your remote experience. While GNOME is the default for many distributions, it can be sluggish over RDP due to its heavy use of 3D acceleration and high memory footprint.
GNOME vs. XFCE vs. MATE
- GNOME: Modern and beautiful, but resource-intensive. It often requires specific tweaks (like the
gnome-remote-desktoppackage) to work smoothly with XRDP. - XFCE: My top recommendation. It is fast, uses very little RAM, and rarely breaks during XRDP updates.
- MATE: A great middle ground. It offers a traditional desktop feel with better performance than GNOME but more features than XFCE.
On my production Ubuntu 22.04 server with 4GB RAM, I found this approach significantly reduced processing time and interface lag compared to the default GNOME installation. When every megabyte of RAM counts, stripping away the visual effects of a modern DE makes a world of difference in responsiveness.
Configuration Files You Should Know
XRDP’s behavior is primarily controlled by two files:
/etc/xrdp/xrdp.ini: This handles global settings, including security, ports, and session types./etc/xrdp/startwm.sh: This script is executed when a user logs in. If you are seeing a black screen after connecting, the issue is almost always here.
Advanced Usage: Troubleshooting and Multi-User Support
Once you have the basics down, you will likely encounter a few common hurdles. Here is how I handle them in professional environments.
Fixing the “Black Screen” Issue
If you connect and see nothing but a black screen, it usually means the X server failed to start the window manager. Edit the /etc/xrdp/startwm.sh file. Make sure the last few lines look like this (for XFCE):
# unset DBUS_SESSION_BUS_ADDRESS
# unset XDG_RUNTIME_DIR
exec startxfce4Unsetting those variables helps prevent conflicts with existing local sessions.
Enabling Audio Redirection
By default, XRDP does not pass audio from the server to your local machine. You need to build or install the pipewire-module-xrdp or pulseaudio-module-xrdp. This is complex because it often requires matching the exact version of the audio server running on your kernel. For most server tasks, I skip this, but for media testing, it is a necessity.
Security: Stop Opening Port 3389 to the Internet
Leaving port 3389 open is an invitation for brute-force attacks. I always recommend using an SSH tunnel instead. Close port 3389 in your firewall and connect like this from your local terminal:
ssh -L 3389:localhost:3389 user@your-server-ipNow, open your RDP client and connect to localhost:3389. Your traffic is now encrypted inside the SSH tunnel, and the XRDP port remains invisible to the outside world.
Practical Tips from the Field
After managing dozens of remote Linux desktops, here are the best practices I follow to keep things running smoothly.
Handle “Authentication Required” Popups
When logging into a remote desktop, you might be bombarded with popups asking for your password to “create a color managed device” or “update system repositories.” This is caused by Polkit rules that restrict non-local users. You can fix this by creating a custom Polkit rule file:
sudo nano /etc/polkit-1/localauthority/50-local.d/45-allow-colord.pklaAdd the following content:
[Allow Colord all Users]
Identity=unix-user:*
Action=org.freedesktop.color-manager.create-device;org.freedesktop.color-manager.create-profile;org.freedesktop.color-manager.delete-device;org.freedesktop.color-manager.delete-profile;org.freedesktop.color-manager.modify-device;org.freedesktop.color-manager.modify-profile
ResultAny=no
ResultInactive=no
ResultActive=yesManaging Multiple Sessions
By default, if you disconnect without logging out, XRDP creates a new session the next time you connect. To reconnect to your existing session, ensure that your xrdp.ini has the ip=127.0.0.1 and port=-1 settings under the [Xorg] section. This tells XRDP to look for an existing X server on that port before spawning a new one.
The “Root” User Rule
Never log in as the root user via XRDP. Most modern desktop environments disable this for security reasons. Always use a standard user and utilize sudo within the GUI terminal if you need elevated privileges.
Keep It Updated
XRDP is actively developed. If you experience weird clipboard issues or mouse lag, check for updates. Sometimes the version in the standard Ubuntu repositories is slightly behind the latest bug fixes available on the project’s GitHub. For critical workstations, I occasionally compile from source to get the latest performance improvements.
