From f340d37f8e241684aa175a34f1770e204acfd7ca Mon Sep 17 00:00:00 2001 From: Steffen Probst Date: Wed, 8 Sep 2021 14:24:04 +0200 Subject: [PATCH] =?UTF-8?q?Einstellungen=20f=C3=BCr=20x11vnc=20angepasst?= =?UTF-8?q?=20xrdp=20entsprechend=20vorkonfiguriert?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.x86.md | 12 +- etc/systemd/system/x11vnc.service | 13 ++ etc/xrdp/xrdp.ini | 201 ++++++++++++++++++++++++++++++ 3 files changed, 225 insertions(+), 1 deletion(-) create mode 100644 etc/systemd/system/x11vnc.service create mode 100644 etc/xrdp/xrdp.ini diff --git a/README.x86.md b/README.x86.md index 430b5a6..79097b1 100644 --- a/README.x86.md +++ b/README.x86.md @@ -46,10 +46,20 @@ After=multi-user.target [Service] Type=simple -ExecStart=/usr/bin/x11vnc -display :0 -auth guess -forever -loop -noxdamage -repeat -rfbauth /etc/x11vnc.pass -rfbport 5900 -shared +ExecStart=/usr/bin/x11vnc -display :0 -forever -localhost -loop -noxdamage -repeat -rfbauth /etc/x11vnc.pass -rfbport 5900 -shared [Install] WantedBy=multi-user.target EOF sudo systemctl enable x11vnc.service + +#für RDP kann noch xrdp nach installiert und eingerichtet werden. +#VNC ist aktuell nur über 127.0.0.1 erreichbar + +sudo apt install xrdp +sudo systemctl enable xrdp + +#dann die xrdp.ini entsprechend anpassen -> einfach unter /etc/xrdp/xrdp.ini schauen + +sudo systemctl restart xrdp ``` diff --git a/etc/systemd/system/x11vnc.service b/etc/systemd/system/x11vnc.service new file mode 100644 index 0000000..4453f2f --- /dev/null +++ b/etc/systemd/system/x11vnc.service @@ -0,0 +1,13 @@ +[Unit] +Description=Start X11VNC +After=multi-user.target + +[Service] +Type=simple +ExecStart=/usr/bin/x11vnc -xkb -noxrecord -noxfixes -noxdamage -display :0 -localhost -forever -loop -repeat -rfbauth /etc/x11vnc.pass -rfbport 5900 -noipv6 -shared +ExecStop=/usr/bin/killall x11vnc +Restart=on-failure +Restart-sec=2 + +[Install] +WantedBy=multi-user.target diff --git a/etc/xrdp/xrdp.ini b/etc/xrdp/xrdp.ini new file mode 100644 index 0000000..4a34d91 --- /dev/null +++ b/etc/xrdp/xrdp.ini @@ -0,0 +1,201 @@ +[Globals] +; xrdp.ini file version number +ini_version=1 + +; fork a new process for each incoming connection +fork=true +; tcp port to listen +port=3389 +; 'port' above should be connected to with vsock instead of tcp +use_vsock=false +; regulate if the listening socket use socket option tcp_nodelay +; no buffering will be performed in the TCP stack +tcp_nodelay=true +; regulate if the listening socket use socket option keepalive +; if the network connection disappear without close messages the connection will be closed +tcp_keepalive=true +#tcp_send_buffer_bytes=32768 +#tcp_recv_buffer_bytes=32768 + +; security layer can be 'tls', 'rdp' or 'negotiate' +; for client compatible layer +security_layer=negotiate +; minimum security level allowed for client +; can be 'none', 'low', 'medium', 'high', 'fips' +crypt_level=high +; X.509 certificate and private key +; openssl req -x509 -newkey rsa:2048 -nodes -keyout key.pem -out cert.pem -days 365 +certificate= +key_file= +; set SSL protocols +; can be comma separated list of 'SSLv3', 'TLSv1', 'TLSv1.1', 'TLSv1.2', 'TLSv1.3' +ssl_protocols=TLSv1.2, TLSv1.3 +; set TLS cipher suites +#tls_ciphers=HIGH + +; Section name to use for automatic login if the client sends username +; and password. If empty, the domain name sent by the client is used. +; If empty and no domain name is given, the first suitable section in +; this file will be used. +autorun= + +allow_channels=true +allow_multimon=true +bitmap_cache=true +bitmap_compression=true +bulk_compression=true +#hidelogwindow=true +max_bpp=32 +new_cursors=true +; fastpath - can be 'input', 'output', 'both', 'none' +use_fastpath=both +; when true, userid/password *must* be passed on cmd line +#require_credentials=true +; You can set the PAM error text in a gateway setup (MAX 256 chars) +#pamerrortxt=change your password according to policy at http://url + +; +; colors used by windows in RGB format +; +blue=009cb5 +grey=dedede +#black=000000 +#dark_grey=808080 +#blue=08246b +#dark_blue=08246b +#white=ffffff +#red=ff0000 +#green=00ff00 +#background=626c72 + +; +; configure login screen +; + +; Login Screen Window Title +#ls_title=My Login Title + +; top level window background color in RGB format +ls_top_window_bg_color=009cb5 + +; width and height of login screen +ls_width=350 +ls_height=430 + +; login screen background color in RGB format +ls_bg_color=dedede + +; optional background image filename (bmp format). +#ls_background_image= + +; logo +; full path to bmp-file or file in shared folder +ls_logo_filename= +ls_logo_x_pos=55 +ls_logo_y_pos=50 + +; for positioning labels such as username, password etc +ls_label_x_pos=30 +ls_label_width=65 + +; for positioning text and combo boxes next to above labels +ls_input_x_pos=110 +ls_input_width=210 + +; y pos for first label and combo box +ls_input_y_pos=220 + +; OK button +ls_btn_ok_x_pos=142 +ls_btn_ok_y_pos=370 +ls_btn_ok_width=85 +ls_btn_ok_height=30 + +; Cancel button +ls_btn_cancel_x_pos=237 +ls_btn_cancel_y_pos=370 +ls_btn_cancel_width=85 +ls_btn_cancel_height=30 + +[Logging] +LogFile=xrdp.log +LogLevel=DEBUG +EnableSyslog=true +SyslogLevel=DEBUG +; LogLevel and SysLogLevel could by any of: core, error, warning, info or debug + +[Channels] +; Channel names not listed here will be blocked by XRDP. +; You can block any channel by setting its value to false. +; IMPORTANT! All channels are not supported in all use +; cases even if you set all values to true. +; You can override these settings on each session type +; These settings are only used if allow_channels=true +rdpdr=true +rdpsnd=true +drdynvc=true +cliprdr=true +rail=true +xrdpvr=true +tcutils=true + +; for debugging xrdp, in section xrdp1, change port=-1 to this: +#port=/tmp/.xrdp/xrdp_display_10 + +; for debugging xrdp, add following line to section xrdp1 +#chansrvport=/tmp/.xrdp/xrdp_chansrv_socket_7210 + + +; +; Session types +; + +; Some session types such as Xorg, X11rdp and Xvnc start a display server. +; Startup command-line parameters for the display server are configured +; in sesman.ini. See and configure also sesman.ini. +;[Xorg] +;name=Xorg +;lib=libxup.so +;username=ask +;password=ask +;ip=127.0.0.1 +;port=-1 +;code=20 + +;[Xvnc] +;name=Xvnc +;lib=libvnc.so +;username=ask +;password=ask +;ip=127.0.0.1 +;port=-1 +#xserverbpp=24 +#delay_ms=2000 + +[vnc-any] +name=vnc-any +lib=libvnc.so +ip=127.0.0.1 +port=5900 +username=na +password=ask +#pamusername=asksame +#pampassword=asksame +#pamsessionmng=127.0.0.1 +#delay_ms=2000 + +;[neutrinordp-any] +;name=neutrinordp-any +;lib=libxrdpneutrinordp.so +;ip=ask +;port=ask3389 +;username=ask +;password=ask + +; You can override the common channel settings for each session type +#channel.rdpdr=true +#channel.rdpsnd=true +#channel.drdynvc=true +#channel.cliprdr=true +#channel.rail=true +#channel.xrdpvr=true