Wiki source code of Remote Desktop Zugang
Last modified by Thomas Walter Erbesdobler on 2023/06/29 16:08
Hide last authors
| author | version | line-number | content |
|---|---|---|---|
 |
1.1 | 1 | {{toc/}} |
| 2 | |||
| |
9.1 | 3 | You can access the BlackBox Workplace via xrdp and the Remote Desktop Protocols (RDP). |
| |
1.1 | 4 | |
| |
9.1 | 5 | You just need a RDP client. Those are available for all usuall operating systems. You can find a list down below. |
| |
1.1 | 6 | |
| |
9.1 | 7 | The client needs to be late enough to support certificate based authentification and modern cypher suites. (##ciphers AES+aRSA:AES+aECDH:AES+aECDSA##) |
| |
1.1 | 8 | |
| |
9.1 | 9 | Because of this a ssh tunel is not further needed. |
| 10 | = Access Server = | ||
| |
1.1 | 11 | |
| |
9.1 | 12 | You can access the informatic workplace, as it is accessible in the RechnerHallen, via |
| |
1.1 | 13 | |
| |
8.1 | 14 | {{code}} |
| |
9.1 | 15 | lxhalle.in.tum.de</blockquote> |
| |
8.1 | 16 | {{/code}} |
| |
7.1 | 17 | |
| |
9.1 | 18 | To access the mathematics workplace, as it is available on the BlackBox systems, is accessible via |
| |
1.1 | 19 | |
| |
8.1 | 20 | {{code}} |
| 21 | ssh.ma.tum.de | ||
| 22 | {{/code}} | ||
| |
1.1 | 23 | |
| |
8.1 | 24 | == Fingerprints == |
| |
1.1 | 25 | |
| |
9.1 | 26 | Depending on your client a visible certificate check is possible. |
| |
6.1 | 27 | |
| |
8.1 | 28 | |=Zugangsserver|=Fingerprint |
| 29 | |lxhalle.in.tum.de|{{code language="none"}}4c:ee:c1:05:58:96:8f:8c:66:e6:42:5e:1a:b7:95:d2:c1:88:63:98{{/code}} | ||
| 30 | |ssh.ma.tum.de|{{code language="none"}}80:79:07:56:2f:c6:0b:67:a0:62:a6:f5:93:a8:5f:ac:09:3e:2a:93{{/code}} | ||
| |
1.1 | 31 | |
| |
8.1 | 32 | = Session = |
| |
1.1 | 33 | |
| |
9.1 | 34 | After verification of the server you have to provide your username and password to establish a session with you account. |
| |
1.1 | 35 | |
| |
9.1 | 36 | This can either happen after connecting or your client ask for before that. |
| 37 | == Session restore == | ||
| |
1.1 | 38 | |
| |
9.1 | 39 | A session can be hold alive even if you aren't connected. |
| |
1.1 | 40 | |
| |
9.1 | 41 | To achieve this use the xrdp-dis command or just close the window, please do not try to log out through menu {{html wiki="true"}} |
| 42 | <span > Apllication -> logout</span> | ||
| 43 | {{/html}} (Sometimes it's just closing it). | ||
| |
1.1 | 44 | |
| |
9.1 | 45 | When you reconnect to your session it will be revived. This can happen from a completly different computer and also the resolution of the connection window will be adjusted. |
| |
1.1 | 46 | |
| |
9.1 | 47 | = Executing applications multiple times = |
| |
1.1 | 48 | |
| |
9.1 | 49 | You can execute software multiple times, like in different rdp session or if you are logged into your account directly and have a rdp session open. Be aware that not all applications support this. If you receive a notification that your application is already open you need to close it in the other user session so you can reopen it in the wanted session. |
| |
1.1 | 50 | |
| |
9.1 | 51 | == Know problematic software == |
| |
1.1 | 52 | |
| |
9.1 | 53 | * Firefox |
| |
1.1 | 54 | * Thunderbird |
| 55 | * Chromium | ||
| 56 | * Vivaldi | ||
| |
7.1 | 57 | * LibreOffice |
| |
8.1 | 58 | |
| |
9.1 | 59 | Those - and other - applications warn you if you want to open them multiple times as the same user. This warnings can be correct(if you have multiple sessions open) but can also be the result of a incomplete shutdown of the program. Some software also offers to clean up the program folders so the program can be started again. |
| |
1.1 | 60 | |
| |
9.1 | 61 | Care: This can result to severe loss of data if the application is actually running!! |
| |
1.1 | 62 | |
| |
9.1 | 63 | For Firefox and Thunderbird you can execute the scripts {{code}}repair_firefox.sh{{/code}} and {{code}}repair_thunderbrid.sh{{/code}}. Those clean up the locks that prohibit these to run multiple times. |
| |
1.1 | 64 | |
| |
9.1 | 65 | = Troubleshooting = |
| |
1.1 | 66 | |
| |
9.1 | 67 | == thinclinet_drives == |
| |
1.1 | 68 | |
| |
9.1 | 69 | Occasionally the Filemanager can show an error message when you try to find the home directory: {{code language="none"}}Failed to open directory ... thinclient_drives: Transport endpoint is not connected{{/code}} |
| |
1.1 | 70 | |
| |
9.1 | 71 | This could happen when you have connected and disconnted the xrdp Server too often and does not release the directory thinclient_drives correctly. This Error could be fixed by giving the following command in the terminal: |
| |
1.1 | 72 | |
| |
8.1 | 73 | {{code}} |
| |
7.1 | 74 | $ fusermount -u ~/thinclient_drives |
| 75 | {{/code}} | ||
| |
1.1 | 76 | |
| |
9.1 | 77 | The directory thinclient_drives will be used as File- and clipboardshare with the local computer (which is supported by the rdp client). |
| |
1.1 | 78 | |
| |
9.1 | 79 | The directory thinclient_drives also need to be acceseable for everyone, which means execution right has to be given in order to unmount this. Please note this, when the home directory is protected. This could be the reason that the error message first occurred. |
| |
1.1 | 80 | |
| |
9.1 | 81 | == immediately Log out from the application == |
| |
1.1 | 82 | |
| |
9.1 | 83 | If your application terminate immediately in spite of the correct password, you can log in to the remote desktop Server via ssh and the Sesion with killall Xorg manual terminate. |
| |
1.1 | 84 | |
| |
8.1 | 85 | {{code}} |
| |
7.1 | 86 | $ ssh <Remote Desktop Server> |
| |
9.1 | 87 | |
| |
1.1 | 88 | --- |
| |
9.1 | 89 | |
| |
1.1 | 90 | <remote Desktop Server>$ killall Xorg |
| |
7.1 | 91 | {{/code}} |
| |
1.1 | 92 | |
| |
9.1 | 93 | = Safety measures = |
| |
1.1 | 94 | |
| |
9.1 | 95 | The RDP server authentificates itself by certificate to the client. |
| |
1.1 | 96 | |
| 97 | {{html wiki="true"}} | ||
| |
9.1 | 98 | <span class='WYSIWYG_COLOR ' style='color:Red'>Care:</span> |
| |
1.1 | 99 | {{/html}} |
| 100 | |||
| |
9.1 | 101 | Notifications about an errand certificate should never be ignored. Check the fingerprint (look above)! |
| |
1.1 | 102 | |
| |
9.1 | 103 | For access only TLSv1.1 and TLSv1.2 with following ciphers are allowed: |
| |
1.1 | 104 | |
| |
9.1 | 105 | {{code language="none"}}openssl ciphers AES+aRSA:AES+aECDH:AES+aECDSA{{/code}} |
| 106 | |||
| 107 | Be sure the version of your RDP client support those. | ||
| 108 | |||
| |
8.1 | 109 | = RDP Clients = |
| |
6.1 | 110 | |
| |
8.1 | 111 | == macOS == |
| |
6.1 | 112 | |
| |
9.1 | 113 | [[Microsoft Remote Desktop>>https://apps.apple.com/de/app/microsoft-remote-desktop/id1295203466?l=en&mt=12]] |
| 114 | ** Version 10 doesn't show fonts in the login window. Not further problematic since it does need your account data in the config. The login window just gets shown if your data is wrong. You can also use the login without fonts. No other problems known. | ||
| |
6.1 | 115 | |
| |
8.1 | 116 | == Linux == |
| |
1.1 | 117 | |
| |
9.1 | 118 | [[KRDC>>http://www.kde.org/applications/internet/krdc/]] |
| |
1.1 | 119 | * [[Vinagre>>https://wiki.gnome.org/Apps/Vinagre/]] |
| |
9.1 | 120 | * [[Remmina>>https://www.remmina.org/]] (Installed on the BlackBox) |
| 121 | ** For best performance configure ##RemoteFX (32 bpp)## as Color depth. | ||
| |
1.1 | 122 | |
| |
8.1 | 123 | == Windows == |
| |
6.1 | 124 | |
| |
9.1 | 125 | The RDP client is preinstalled on Windows. Just search for **Remotedesktop connection** or **Remotedesktopverbindung** |