oracular (7) weston-rdp.7.gz

Provided by: weston_13.0.3-1_amd64 bug

NAME

       weston-rdp - the RDP backend for Weston

SYNOPSIS

       weston --backend=rdp

DESCRIPTION

       The  RDP  backend  allows to run a weston environment without the need of specific graphic
       hardware, or input devices. Users can interact with weston only by  connecting  using  the
       RDP protocol.

       The  RDP backend uses FreeRDP to implement the RDP part, it acts as a RDP server listening
       for incoming connections. It supports different codecs for encoding the graphical content.
       Depending  on  what  is  supported by the RDP client, the backend will encode images using
       remoteFx codec, NS codec or will fallback to raw bitmapUpdate.

       On the security part, the backend supports RDP security or TLS, keys and certificates must
       be  provided  to  the  backend  depending  on which kind of security is requested. The RDP
       backend will announce security options based on which files have been given.

       The RDP backend is multi-seat aware, so if two clients connect on the backend,  they  will
       get their own seat.

CONFIGURATION

       The RDP backend uses the following entries from weston.ini.

   Section rdp
       refresh-rate=rate
              Specifies  the  desktop  redraw  rate  in  Hz. If unspecified, the default is 60Hz.
              Changing this may be useful if you have a faster than 60Hz display, or if you  want
              to reduce updates to reduce network traffic.

       tls-key=file
              The  file  containing the key for doing TLS security. To have TLS security you also
              need to ship a file containing a certificate.

       tls-cert=file
              The file containing the certificate for doing TLS security. To  have  TLS  security
              you also need to ship a key file.

OPTIONS

       When  the  RDP  backend is loaded, weston will understand the following additional command
       line options.

       --address=address
              The IP address on which the RDP backend will listen for RDP connections. By default
              it listens on 0.0.0.0.

       --port=port
              The TCP port to listen on for connections, it defaults to 3389.

       --no-clients-resize
              By  default  when  a client connects on the RDP backend, it will instruct weston to
              resize to the dimensions of the client's announced resolution. When this option  is
              set, weston will force the client to resize to its own resolution.

       --no-remotefx-codec
              The  RemoteFX  compression  codec is enabled by default, but it may be necessary to
              disable it to work around incompatabilities between  implementations.  This  option
              may be removed in the future when all known issues are resolved.

       --rdp4-key=file
              The file containing the RSA key for doing RDP security. As RDP security is known to
              be insecure, this option should be avoided in production.

       --rdp-tls-key=file
              The file containing the key for doing TLS security. To have TLS security  you  also
              need to ship a file containing a certificate.

       --rdp-tls-cert=file
              The  file  containing  the certificate for doing TLS security. To have TLS security
              you also need to ship a key file.

       --external-listener-fd=fd
              Specifies a file descriptor inherited from the process that launched weston  to  be
              listened on for client connections. Only local (such as AF_VSOCK) sockets should be
              used, as this will be considered to be a local connection by the RDP  backend,  and
              TLS and RDP security will be bypassed.

Generating cryptographic material for the RDP backend

       To  generate  a  key  file  to  use  for RDP security, you need the winpr-makecert utility
       shipped with FreeRDP:

       $ winpr-makecert -rdp -silent -n rdp-security

       This will create a rdp-security.key file.

       You can generate a key and certificate file to use  with  TLS  security  using  a  typical
       openssl invocations:

       $ openssl genrsa -out tls.key 2048
       Generating RSA private key, 2048 bit long modulus
       [...]
       $ openssl req -new -key tls.key -out tls.csr
       [...]
       $ openssl x509 -req -days 365 -signkey tls.key -in tls.csr -out tls.crt
       [...]

       You will get the tls.key and tls.crt files to use with the RDP backend.

SEE ALSO

       weston(1)