Re: rdp access netbsd 9.2

To: Andrew Ball <asbatwrk%gmail.com@localhost>
Subject: Re: rdp access netbsd 9.2
From: George Georgalis <george%galis.org@localhost>
Date: Wed, 11 May 2022 16:02:52 -0700

Hi Andrew,

On Wed, May 11, 2022 at 11:49 AM Andrew Ball <asbatwrk%gmail.com@localhost> wrote:
>
>   GG> I would like to configure rdp service to access nb 9.2 running in a vm.
>
>     That's an interesting idea.  If nothing else it might be handy for people
> with thin clients that "speak" RDP but not X11.

Not my words, but exactly my meaning. When you need to go through
multiple departments, eg an IT group managed laptop, Networking and/or
Security group managed access protocols, etc, frequently RDP and SSH
are the only protocols available. Simple is good. Even if clients
support X11 over ssh, performance for applications such as Firefox on
forwarded X11 ports is very poor (the firefox X11 socket is very
chatty), and there is no session management, any interruption in vpn
or networking and you've lost your work. Mac, Windows, Linux, all
support RDP clients (not sure about NetBSD); in the compute ecosystem,
RDP is the common denominator, when there usually isn't one!

>   GG> There is freerdp2 in pkgsrc, however it does not include any example rc.d
>     > or implementation guidance.
>
> I haven't tried it but I'll look at it tonight.

Thanks! In the course of this email I found
https://wiki.netbsd.org/pkgsrc/remote/ it says xrdp is in wip for
pkgsrc. xrdp is probably a better option than freerdp2, see below.

>   GG> The NetBSD Guide, X Window system chapter
>     > http://netbsd.org/docs/guide/en/chap-x.html discusses setting up an X
>     > server, window managers, etc, but there is no mention of remote access,
>     > which I would expect would be a common, if not the most common means to
>     > access a NB X server, today.
>
>     I doubt it's common to use RDP for that.  It's possible to tunnel X11 or VNC
> through ssh and I've done that in the past.  Potential perks of VNC include the
> ability to disconnect and reconnect at will without impacting your session,
> support for low bandwidth connections and the ability to host one or more X
> desktops on VNC servers that are not tied to the physical console.

In my experience, RDP is less glitchy and works much better over
network latency than vnc. My "thin client" is a mac, so for many
years, even when not using a hypervisor or datacenter, in my practice,
server consoles are reserved for setup and emergencies. I assumed
server consoles are rarely used? Connection via ssh or rdp (no
usb/video console) is basically it, unless a service port is open, for
me.

>   GG> I know there are several parts to configure simultaneously, fortunately I
>     > have xdm, ctwm, and X working in the console, from the base install.  So I
>     > guess I need to configure a session manager and Xvnc, properly invoke
>     > freerdp2, and possibly enable network access...
>
> Does freerdp2 use Xvnc somehow?  That surprises me.

freerdp2 is the only rdp client I saw in pkgsrc, I've never used it.
In the course of this email, I found
https://wiki.netbsd.org/pkgsrc/remote/ notable, it says xrdp is in wip
for pkgsrc.

I have seen many iterations of servers and component development for
remote GUI access, in the course of enabling user connection to the
likes of Rstudio in isolated HPC networks. The xrdp implementation in
centos 7 today is the easiest and best working implementation I've
seen. Probably the best investment of time... I think it works like
this:
* a service supervisor runs the xrdp-session-manager
* xrdp-sesman uses the rdp protocol to auth with pam
* on success a prior session is used
* or a new session is created
* a session is the window manager running in Xvnc
* and the Xvnc session is connected to the rdp client
* (there is no regular X11 server running)

when I've closed the centos gui login via rdp, I have only these
related process running:
/usr/sbin/xrdp-sesman --nodaemon
/usr/sbin/xrdp --nodaemon

Notable dependencies to the centos xrdp package:
package: xrdp.x86_64 1:0.9.19-1.el7
  dependency: libX11.so.6()(64bit)
  dependency: tigervnc-server-minimal
  dependency: xorg-x11-xinit

Relevant process tree of an active session:
/usr/sbin/xrdp-sesman --nodaemon
 \_ /usr/sbin/xrdp-sesman --nodaemon
     \_ /bin/sh /home/geo/.xsession
     |   \_ /usr/bin/xfce4-session
     |       \_ ...
     |       \_ ...
     \_ Xvnc :10 -auth .Xauthority -geometry 1024x768 -depth 32
-rfbauth /home/geo/.vnc/sesman_passwd-geo%cos7desk.lan@localhost:10 -bs
-nolisten tcp -localhost -dpi 96
     \_ /usr/sbin/xrdp-chansrv
/usr/sbin/xrdp --nodaemon

>   GG> Whatever works, I was hoping someone would share their tierce setup steps?
>
> What's a tierce?

Heh, not sure if this https://en.wiktionary.org/wiki/tierce is the
proper spelling for a word that means "a brief explanation without
documentation." For centos 7 that would be

install CentOS-7-x86_64-NetInstall-2009.iso in hypervisor
setup user/password with pam
yum install epel-release
yum update
shutdown -r now
yum groupinstall Xfce
yum install xrdp xterm
echo "/usr/bin/xfce4-session" >>~/.xsession
chmod +x ~/.xsession
systemctl start xrdp.service
systemctl enable xrdp.service
firewall-cmd --permanent --add-port=3389/tcp
firewall-cmd --reload
configure and connect your rdp client

Works great and a pretty simple setup, in retrospect, ironically,
these steps were not clearly stated anywhere I could find. I would
love to see this pattern worked out for NetBSD!

Thanks!
-George

--
George Georgalis, (415) 894-2710, http://www.galis.org/

Follow-Ups:
- Re: rdp access netbsd 9.2
  - From: Andrew Ball

References:
- rdp access netbsd 9.2
  - From: George Georgalis
- Fwd: rdp access netbsd 9.2
  - From: Andrew Ball

Prev by Date: Fwd: rdp access netbsd 9.2
Next by Date: Re: rdp access netbsd 9.2
Previous by Thread: Fwd: rdp access netbsd 9.2
Next by Thread: Re: rdp access netbsd 9.2
Indexes:

Home | Main Index | Thread Index | Old Index