document remote access with RDP

_toc.yml

@@ -12,6 +12,7 @@ chapters:
       - file: user-guide/login_servers
       - file: user-guide/evolution_for_o365
       - file: user-guide/thunderbird_for_o365
+      - file: user-guide/xrdp
       - file: user-guide/ssh_host_key_certificates
       - file: user-guide/ssh_client_config
       - file: user-guide/firefox_profile_per_host

user-guide/index.md

@@ -5,6 +5,8 @@ This guide contains tricks and recipies for end users using Red Hat Enterprise L
 - [Login Servers](login_servers)
 - [Connect Evolution with Office365](evolution_for_o365)
 - [Connect Thunderbird with Office365](thunderbird_for_o365)
+- [Remote Access with RDP](xrdp)
+- [RDP Access to winterm4(Windows)](https://psi.service-now.com/kb_view.do?sys_kb_id=c3fc386e8788dd10bc150d830cbb358a&sysparm_language=en&sysparm_nostack=true&sysparm_no_create_incident=&sysparm_no_rating=&sysparm_no_suggest=&sysparm_no_update=)
 - SSH asks to accept key on unknown host -> [SSH Host Key Certificates](ssh_host_key_certificates)
 - [SSH Client Configuration](ssh_client_config)
 - Firefox refuses to start with home directory on the network drive -> [Per Host Default Profile for Firefox](firefox_profile_per_host) 

user-guide/xrdp.md

@@ -0,0 +1,112 @@
+# Remote Access with RDP
+
+This guide shows how to access a Red Hat Enterprise Linux system with RDP.
+
+Note that this currently only works on RHEL8.
+
+
+## Configure RDP Remote Access
+
+Your computer administrator needs to set in Hiera:
+```
+xrdp::enable: true
+```
+and after the next Puppet run the RDP remote access is available.
+
+## Access from Windows
+
+Start the `Remote Desktop Connection` tool:
+
+![Remote Desktop Connection tool](xrdp/windows_remote_desktop_client_00.png)
+
+First enter the destination host name you want to connect to, then adapt the user name for the logn. For this go to `Show Options`:
+
+![Remote Desktop Connection tool with options](xrdp/windows_remote_desktop_client_01.png)
+
+Enable the `Always ask for credentials` checkbox and remove the Windows domain part (`PSICH\`) from your login name:
+
+![Remote Desktop Connection tool with proper user name](xrdp/windows_remote_desktop_client_02.png)
+
+Then press `Connect`. Now on the first time it will ask to accept the certficate of the device you try to connect to:
+
+![Remote Desktop Connection tool certificate warning](xrdp/windows_remote_desktop_client_03.png)
+
+and finally you get to the login screen:
+
+![XRDP login screen](xrdp/login_screen.png)
+
+## Access from Linux
+
+There is a number of GUI-clients like `Remmina`, `Vinagre` or `KRDC`, but it can also be connected from the terminal with `xfreerdp`:
+
+```
+xfreerdp /u:$USER /v:$REMOVE_RDP_SERVER +clipboard +fonts +bitmap-cache +glyph-cache /dynamic-resolution
+```
+Adapt `$USER` (not needed if the user is the same than on the client machine) and `$REMOVE_RDP_SERVER` as required.
+
+The keyboard layout can be set by an additional parameter `/kbd:0x409` (US) or `/kbd:0x807` (Swiss German).
+
+If you connect to an real desktop session (see "Access Existing Desktop Session" below) I recommend to remove the `/dynamic-resolution` parameter.
+
+Also here you need to accept the certificate on first connect.
+
+## Virtual Remote Session
+
+The default option when you connect is `remote session (new or existing)` which will create a new virtual desktop session or attach again to an existing one.
+
+Note that if there is already a local desktop session, it is not possible ot create a virtual desktop session and the connection will simply close without error message when this is tried.
+
+## Access Existing Desktop Session
+
+This will give access to the deskop session which is running on the local screen. But this does not work automatically, that needs a bit of preparation. To be able to connect, the desktop session needs to be accessible with VNC on port 5900.
+
+### Gnome Desktop Sharing
+An userfriendly way to achive this is to use the Gnome Desktop Sharing feature. But you need to prepare that while working locally connected on the real attached screen and keyboard.
+
+Open the `Settings` tool and therein `Sharing`:
+
+![Gnome Settings Sharing](xrdp/gnome_desktop_sharing_00.png)
+
+and then click on `Screen Sharing`:
+
+![Gnome Settings Screen Sharing](xrdp/gnome_desktop_sharing_01.png)
+
+Then switch to `ON` on the top, set `require a password` and set a password. There are only 8 characters allowed. But it is important else everyone with access to your RDP port can access also the session.
+
+When connecting with RDP, then select on the login screen `local desktop session (existing only)` and enter the password you set before:
+
+![Login Screen Local Desktop Session](xrdp/login_screen_local_desktop_session.png)
+
+
+### `x11vnc`
+
+Another option is to use `x11vnc` to share the desktop. This tool is run from the terminal and can be used to share also other desktop envrionments like XFCE or KDE. It can also be started on demand from remote if an `ssh` connection to the host can be etablished. It will use your normal password to authenticate the connection.
+
+The suggested way to start it is:
+```
+x11vnc -extra_fbur 5 -forever -shared -loop -find -rfbport 5900 -unixpw $USER
+```
+and keep it running somewhere in the background as long as you need remote access.
+
+When connecting with RDP, then select on the login screen `local desktop session (existing only)` go on without entering the password (it will be ignored):
+
+![Login Screen Local Desktop Session](xrdp/xvnc11_desktop_sharing_00.png)
+
+
+Then you get to a login black screen where you need to hit the Enter key first:
+
+![Login Screen Local Desktop Session](xrdp/xvnc11_desktop_sharing_01.png)
+
+Now it is possible to set your user name:
+
+![Login Screen Local Desktop Session](xrdp/xvnc11_desktop_sharing_02.png)
+
+And after the normal password:
+
+![Login Screen Local Desktop Session](xrdp/xvnc11_desktop_sharing_03.png)
+
+it authenticates anc connects.
+
+
+
+Note that `xvnc11` does not support non-US keyboard layouts very well. If you want to connect and use e.g. the Swiss German keyboard, it works best if you switch the desktop keyboard layout to English (there seams to be some double conversion in place ...).