I have a problem where I am unable to enable the remote login on cloud images after i install a gui. The Remote Login tab in Settings > Desmote Desktop is locked and the unlock prompts for a password for a user named ADMINISTRATOR but this isn’t an account I created. I think this is related to the keyring and the first user not being the user I add to the keyring. trying to enable remote redktop with gsettings also gets ignored. Does anyone know how to fix this?
If you have only one privilieged user on that system and root account is locked, could you try first created “user” password on that ADMIN account ?
That was the first thing I tried and it didn’t work.
Check out this GRD guide: Setup Headless Multi-User Sessions on Wayland with GNOME Remote Desktop in GNOME 48 - James North's Site
If I recall correctly, installing freerdp on server and then setup connection to server with Remmina worked on R10 Server/Workstation.
Thank you for the advice. I will give this a try.
That article helped, unfortunately the certficates that are generated are alsways invalid if I use the following command or it’s equivelent using openssl. sudo -u gnome-remote-desktop winpr-makecert -silent -rdp -n 170.XXX.XXX.XXX -path ~gnome-remote-desktop rdp-tls
gregory@rocky10-cloud:~$ grdctl rdp set-tls-cert /var/lib/gnome-remote-desktop/rdp-tls.crt
[10:10:53:855] [5104:000013f0] [ERROR][com.freerdp.crypto] - [x509_utils_from_pem]: BIO_new failed for certificate
RDP server certificate is invalid.
gregory@rocky10-cloud:~$ grdctl rdp set-tls-key /var/lib/gnome-remote-desktop/rdp-tls.key
[10:11:07:381] [5115:000013fb] [ERROR][com.freerdp.crypto] - [x509_utils_from_pem]: BIO_new failed for certificate
RDP server certificate is invalid.
gregory@rocky10-cloud:~$ grdctl rdp enable
[10:11:36:517] [5122:00001402] [ERROR][com.freerdp.crypto] - [x509_utils_from_pem]: BIO_new failed for certificate
RDP server certificate is invalid.
gregory@rocky10-cloud:~$ grdctl status
[10:13:04:676] [5140:00001414] [ERROR][com.freerdp.crypto] - [x509_utils_from_pem]: BIO_new failed for certificate
RDP server certificate is invalid.
Overall:
Unit status: active
RDP:
Status: enabled
Port: 3389
TLS certificate: /var/lib/gnome-remote-desktop/rdp-tls.crt
TLS fingerprint: (null)
TLS key: /var/lib/gnome-remote-desktop/rdp-tls.key
View-only: no
Negotiate port: yes
Username: (hidden)
Password: (hidden)
gregory@rocky10-cloud:~$
What is SELinux set to ?
It’s set to permissive. I tried setting it to 0 and then tried with permissive and the same results.
I would remove created GRD certs and try again:
grdctl --system status --show-credentials
Init TPM credentials failed because Failed to initialize transmission interface context: tcti:IO failure, using GKeyFile as fallback.
Overall:
Unit status: active
RDP:
Status: enabled
Port: 3389
TLS certificate: /var/lib/gnome-remote-desktop/.local/share/gnome-remote-desktop/certificates/rdp-tls.crt
TLS fingerprint: #REDACTED
TLS key: /var/lib/gnome-remote-desktop/.local/share/gnome-remote-desktop/certificates/rdp-tls.key
Username:
Password:
x509_utils_from_pem, BIO_new failed and RDP server certificate is invalid.
It seems GRD cert/key must be in PEM format.
Either that or it is generated in an old format that crypto-policies don’t allow due to it being less secure.
1 Like
Any ideas how to fix the crypto policies and generate the correct certificate?
Take a look at the winpr command you used for generating the certificates and find out what the default generation format/cipher is. That will tell us if it’s supported or not. If it has generated old/legacy certificates with poor ciphers, etc, then much higher ones need to be generated rather then worsening the crypto policies. You don’t fix the crypto-policies, you fix the certificate you generated.
1 Like
I got the RDP to work by doing the following:
mkdir -p ~/.config/remote-desktop
openssl req -newkey rsa:2048 -nodes -keyout ~/.config/remote-desktop/key.pem -x509 -days 365 -out ~/.config/remote-desktop/cert.pem -subj “/CN=gnome-remote-desktop”
grdctl rdp set-tls-cert ~/.config/remote-desktop/cert.pem
grdctl rdp set-tls-key ~/.config/remote-desktop/key.pem
grdctl rdp disable-view-only
grdctl rdp enable
sudo dnf -y install gnome-remote-desktop freerdp gdm
grdctl rdp enable-remote-control
sudo systemctl --now enable gnome-remote-desktop.service
sudo firewall-cmd --permanent --add-service=rdp
sudo firewall-cmd --reload
Reboot and the connection works.
2 Likes
Glad you managed to fix it and thanks for sharing your process with openssl !
BR
Thank you for all the support!
1 Like