2024-03-21 Headless RDP on Gnome46

Excited to try Headless RDP in Gnome 46 in before Fedora40 and Ubuntu 22.04? There is a way…

Goal

Follow the advancements and test functionality of Headless RDP before it is released in Fedora or Ubuntu.

Background

The Free Desktop team has been working on headless RDP sessions for Gnome 46 during 2023/2024. It is an important step to reach parity with Windows administration privileges. Some tools like gparted are just easiler sometimes than parted cli tool. It allows you to attach an RDP session that does not have a logged in session or even without a monitor attached to the unit.

Detailed Learning

GnomeOS46 is a debian based distro using ostree for updates. It also has some quirky requirements that need to be onfigured for it to run on KVM/virt-manager.

Method

Download the Gnome-OS nightly build HERE

Start virt-manager and go through the process to create a new VM using the gnome_os_installer.iso image BUT stop just prior to creating the image, and edit the XML file:

“VM XML Config”
Note the <os /> section requires update as shown

<os firmware="efi">
  <type arch="x86_64" machine="pc-q35-8.1">hvm</type>
  <firmware>
    <feature enabled="no" name="enrolled-keys"/>
    <feature enabled="no" name="secure-boot"/>
  </firmware>
  <loader readonly="yes" type="pflash">/usr/share/edk2/ovmf/OVMF_CODE.fd</loader>
  <nvram template="/usr/share/edk2/ovmf/OVMF_VARS.fd">/var/lib/libvirt/qemu/nvram/gnome46_VARS.fd</nvram>
  <bootmenu enable="yes"/>
</os>

Next there are presently issues with Password Keyring changing the password to a random value with each login, so an “unencrypted " Keyring will be required, hence:

&ldquo;Gnome Software Finding Seahorse&rdquo;
Gnome Software Finding Seahorse
or:

flatpak install org.gnome.seahorse.Application
flatpak run org.gnome.seahorse.Application

and:

&ldquo;Creating a new Keyring&rdquo;
Creating a new Keyring
&ldquo;Selecting Keyring Option&rdquo;
Selecting Keyring Option
&ldquo;Blank Password&rdquo;
Blank Password - strange but look away...

will give you the ability to create a new Password keyring, without a password (this removed the randomized token causing passwords to change.

&ldquo;Look mum - no protection!&rdquo;
'unlocked' is unlocked

Once this is done, enter the Desktop Settings\>System\>Remote Login Do not select Desktop sharing, this is legacy and not required for headless RDP, the new screen is on the tab beside that as “Remote Login”, create a abitary username (it has no relationship to the system users) and a shared password, don’t worry you still need to use your user password to get through the login page.

&ldquo;Toggle on Remote Login&rdquo;
User/Pass is shared across all users

Use your prefered RDP tool (I use remmina) and login to the machine on host:3389

&ldquo;Remmina Config for RDP to host&rdquo;
Remmina Config for RDP to host note port 3389
&ldquo;Headless Login&rdquo;
Choose your user and provide user password

Outcome

I’ve had a view issues kicking sessions which might be related to using one of the the three ways to login in conflict with the other. If you have an discoveries nearing the end of beta testing worthy of calling out, you can likely submit it at “Gnome Discourse”

Update 2024-04-01

This week an update was pushed out on Fedora 40 Beta with gnome-remote-desktop-daemon version 46 and it now supports login with the following caveates:

  • An “RDP” user/password must be supplied to connect to the RDP endpoint before user is selected, this is unrelated to user credentials.
    &ldquo;RDP setup in Remmina&rdquo;
    RDP Login Credentials - those entered in Remote Login Settings panel
  • SELinux needs to be disabled due to Bugzilla 2271661
    • On guest sudo setenforce Permissive to disable Security Enhanced Linux
      &ldquo;User screen to select user&rdquo;
      Guest user can be entered here