xRDP – Microsoft adding Enhanced mode support for Ubuntu through xRDP

Hello World, 

Some time ago, we have been publishing information about Microsoft adding support to Ubuntu virtual machines to enable Enhanced session on Hyper-V servers (see this post).  Enhanced session provide a better user experience.  It’s possible to copy/paste data between your virtual machine and the host, you can also perform drive redirection if needed.  Enhanced mode is basically providing you a remote desktop session to your Virtual machine.

Remote desktop is a Microsoft technology and by default Linux machines do not use it.  However, through the installation of the xRDP software, it’s possible to perform the remote desktop connection to a Linux box.  If you have been following us for a long time, we have been writing a lot about xRDP and how to get remote access to Linux machine using remote desktop protocol.  So, based on this software, a team at Microsoft have put together a script that will basically perform the xRDP installation on the Linux virtual machine and some additionial configuration tweaks in order to enable the Enhanced session feature in Hyper-V Server.  

So far, we never had time to try this script.  This post will show you how to install it and see what are the benefits and/or inconvenient of using this solution…. 

Let’s go ! 

Manullay add xRDP to Hyper-V Linux VM 

Our Setup

We have installed Hyper-v server role on the Windows 2019 Server – build 17650.  On this Hyper-v machine, we have created an Ubuntu 18.04 virtual machine and we have installed the latest updates.  Obviously, this machine has internet connectivity so we can download the necessary packages needed for installing xrdp software and installation scripts….

Click on Picture for Better Resolution

Onboarding Instructions

At the moment, I think that in order to enable the Enhanced mode feature, the manual installation is still required. When the concept is ready for production, this will be included by default in some Ubuntu image templates when using the Quick Create Gallery feature…. The team behind this initiative has made all the necessary installation information available on their Github wiki page (see https://github.com/Microsoft/linux-vm-tools/wiki/Onboarding).  You can follow the step by step instructions in order to perform the installation successfully 

Click on Picture for Better Resolution

So reading through the instructions, we first need to install the curl tool using the following command sudo apt-get install curl 

Click on Picture for Better Resolution

When the installtion of curl is completed; we can download the script that will be used to install and configure the Ubuntu virtual machine for xRDP software.  So, type the following command

sudo curl -O https://raw.githubusercontent.com/Microsoft/linux-vm-tools/master/ubuntu/18.04/install.sh

Click on Picture for Better Resolution

When this is done, we need to mark the script as executable by issuing the following command :  sudo chmod +x install.sh.  When this command has been executed, you can execute the installation script by issuing the following command  sudo ./install.sh

Click on Picture for Better Resolution

At the end of the installation process, you will be asked to reboot the machine.   Do not reboot the machine but shut it down as Hyper-v configuration are needed before the Enhanced session can be enabled 

Click on Picture for Better Resolution

Open PowerShell command prompt and type the following command in order to enable HvSocket mode for your virtual machine

Set-VM -VMName <your_vm_name> -EnhancedSessionTransportType HvSocket

Click on Picture for Better Resolution

At this stage, you can boot up your Linux Virtual machine and you should see the familiar prompt when using the Hyper-v enhanced session mode

Click on Picture for Better Resolution

 

Click on Picture for Better Resolution

Click on the Connect button and you will be presented within your VM with the familiar xRDP login page 

Click on Picture for Better Resolution

Enter your credentials and you should be presented with your Ubuntu customized version of Gnome Desktop.  A simple check on the vm settings shows also that the machine is indeed using Enhanced mode 

Click on Picture for Better Resolution

 

Some Issues detected….!? 

If you have followed the instructions above,  you will be able to use the Enhanced mode on Linux Virtual machines.  This is really cool as indeed, drive redirection and clipboard are supposed to work from this mode.   Howerver, while performing some really basic testing, we have encountered some issues with this approach.  Let’s go through them

Default Gnome Desktop Reverting back

This is really a minor issue and I’m not sure what triggers it.  The first login on the Linux VM using enhanced mode display the custom Ubuntu desktop (gnome + Dock).  Rebooting the system or not using the Enhanced mode (will check later what we did), the next login does not show you the Ubuntu Gnome Desktop but the standard Gnome Desktop

Click on Picture for Better Resolution

No Remote Desktop Connection from Network 

The other issue we have noticed is that with this configuration, it’s not possible to perform a remote desktop connection from the network.  So, the script basically allows you to access the Linux VM through the Hyper-v Management console but not anymore from a normal Remote Desktop Client.  This is annoying and defeats the purpose of the xRDP software solution.  It’s really cool to have Enhanced mode enabled but on the other hand if an admin needs remote access to the Linux VM directly, this functionality is not there anymore….. 

Click on Picture for Better Resolution

Looking through the script, it seems that the change in the xrdp.ini configuration file is causing the blocking connection from network

Click on Picture for Better Resolution

Changing this value back to false allows you to remote desktop from network but you are loosing the enhanced capability mode….  I’m wondering if there is a way to have both options available (Enhanced mode and RDP from network).  Maybe we need to specify a different port or configure the system to accept tcp connection as well…..???  If someone has more information about that, thank you to share with us….:-)

Final notes

In this post, we have performed some basic testing of the script that would enable Enhanced mode in Hyper-v Linux Virtual machine.  The script is working as expected and the configuration allow indeed to perform Enhanced mode session to the VM.  However, we have noticed that using the script will basically limit the access of the virtual machine from the network.  Usually, (or historically), xRDP software has been used to perform remote desktop connection (through the network) to gain access to Linux machine and since the latest release of xRDP to improve user experience (Drive Redirection, Clipboard,…).  

So, at this stage, there are basically two options available for the users.  Either, you are mainly using Hyper-v management console and you can then run the Microsoft script to enable Enhanced mode or you are like most of the users/customers, access need to be granted through network and thus performing either a standard xrdp installation or modifying back the xrdp.ini file is needed to have this working… We will look/ask if it’s possible to have vsock enabled and still have access through network.. 

We hope that the team behind this initiative will keep working on this subject as it can indeed bring a better experience when working with Linux Machines…Microsoft really start to love Linux 🙂 

This is it for this post 

Till next time 

See ya

Reference : https://github.com/Microsoft/linux-vm-tools/wiki/Onboarding

 

 

 

 

 

2 thoughts on “xRDP – Microsoft adding Enhanced mode support for Ubuntu through xRDP

  1. Hi,

    You do great work here for xRDP. I’ve used it a lot to get a good setup going at home.

    Sorry this is not on topic for this particular blog post, but I’d like to suggest an idea for a blog post.

    Recently, I’ve set up xRDP to listen on port 443 at home so I have less trouble getting to it from various outside networks (since they often don’t block that port).

    I was wary to open this port and would like to secure it as well as possible. I did a port scan using nmap with service detection enabled and it detected the presence of xrdp.

    I’d love to see an article on how we could fix this so that its far harder to detect the presence of xrdp…is this even possible / practical?

  2. @Challenge,

    As we are really busy creating procedures and scripts to have xRDP working smoothly with UBuntu Operating systems, we never had much time looking into security aspect of it… This will be definitly one of the topics that will be tackled in the future

    Till next time
    See ya

Leave a Reply