Lately I have been interested to see if the RPi is up to the task of being an RDP terminal, especially when accessing an offsite machine or vm that is accessed via an ssh tunnel. I tried the Pi on my own internal network to access my various computers through the Remote Desktop Protocol, and have been pleasantly surprised. Using FreeRDP and the –f (fullscreen flag) other than some strange color issues- you can’t hardly even tell that you are on a RDP connection.
This prompted another question- Could an RPi access a work computer from home – free from the mess of VPNs. Even more, not everyone is terribly comfortable with Linux, so I wanted a setup that could auto login from a remote location so that when you boot the Pi- it seems as though you are booting into a windows computer. After some messing around I have it up and running, and it has been awesome!
To create an auto-connect pi RDP terminal you’ll need a pi, and an sd card with Raspbian installed (or noobs) and an understanding of how to access the GUI as well as the terminal (either directly or from the GUI.)
To start:
Run terminal (if you’re in the gui double click LXTerminal) and run the following code:
sudo apt-get update
sudo apt-get upgrade
Note:Â Â this may take a while!
Then run:
sudo raspi-config
Note: this is the interface that automatically starts when you boot Raspbian for the first time.
Make sure to (if you haven’t already)
- change default pi password
- change to auto boot to pi user x11 gui
- set the correct international settings- particularly the keyboard layout
Then select finish and run:
sudo apt-get install -y freerdp zenity
This will install the necessary software to get our connection going. Next create the following file:
nano /home/pi/Desktop/remote.sh
In this file add the following text:
#! /bin/bash
exec `
xfreerdp -f -u username -d domain.tld \
-p $(zenity \
--entry \
--width='380' --height='220' \
--title='Password' \
--hide-text \
--text='Enter Password') \
127.0.0.1:63389
`
Note:Â Â change username to your remote computer username, and domain.tld to the domain (if no domain leave -d domain.tld out)
To explain a few things:
We are calling on FreeRDP to create a connection using the username and password provided. The Section after the password flag –p will pop-up window asking the user to type in the password. I this method instead of storing the password in the file. Though, to truly have it automatic- you can change the file to:
#! /bin/bash
exec `
xfreerdp -f -u username -d domain.tld \
-p Password \
127.0.0.1:63389
`
Of course changing username, domain.tld, and Password to the correct credentials. This would offer the benefit of being completely automatic, though it’s a pretty big security risk and just isn’t worth it, IMHO. The 63389 is the port that we will be using on the pi in the tunnel to the remote computer on port 3389 (the RDP port.) It doesn’t have to be 63389, it could be anything from 1024 – 65535 that isn’t already used for something else.
Finally, the remote.sh file must be executable so run:
chmod +x /home/pi/Desktop/remote.sh
The next step is to create an rsa key to connect via ssh to your remote server without having to type in a password. If you can already log in to the remote server without a password, you can skip this section.
Run:
ssh-keygen –t rsa
Note: press enter 3 times
This creates a file called .ssh in your home folder (/home/pi/.ssh) in which will be a public and a private key. If the remote computer already has a .ssh folder in the same location, this code will append your public key to the server’s authorized_keys file and give you remote access.
Run:
cat /home/pi/.ssh/id_rsa.pub | ssh USERNAME@SERVER 'cat >> .ssh/authorized_keys'
Note: change USERNAME and SERVER to the remote server’s username and address the same way you would to access it through ssh normally.
The next step is to have the small program that you made earlier on the desktop run automatically when the GUI starts on boot.
Run:
sudo nano /etc/xdg/lxsession/LXDE/autostart
Add a line at the end of the file as follows:
@/home/pi/Desktop/remote.sh
Save and exit. Finally you need to have the ssh tunnel automatically connect on boot. To do so, Run:
crontab -e
Add a line at the end of the file as follows:
@reboot ssh username@address.tld -L 63389:127.0.0.1:3389 -N
Save and exit.
Note: the username and address.tld need to be changed once again. The 63389 needs to be the same as the port listed in the remote.sh file. The 127.0.0.1 only stays that way if you are logging directly into the remote server, otherwise, you would change it to the name or ip address the computer that you intend to log into. Remember that the computer on the other end needs to have RDP turned on and have the settings set so that any type of rdp connection is allowed. If anything goes wrong- you can simply reboot the pi and reconnect. You can also press (Ctrl + Alt + Enter) and close the window and double click remote.sh on the desktop and reconnect that way as well. (select the first option to execute – Not in terminal)
Have fun!