xrdp는 기본 사용자를 허용하지 않지만 다른 사용자는 허용합니다.

tag-icon tag-icon ubuntu xrdp
xrdp는 기본 사용자를 허용하지 않지만 다른 사용자는 허용합니다.

컴퓨터를 설정한 사용자를 사용할 때 xrdp를 통해 연결할 수 없습니다.

2012 Mac Mini에 Ubuntu 22.04 데스크톱 버전을 설치했습니다. 목표는 이를 헤드리스 서버로 사용하고 원격으로만 연결하는 것입니다(즉, 로컬 네트워크의 다른 컴퓨터에서).

Ubuntu를 설치할 때 첫 번째 사용자를 만들었습니다. xrdp를 설치했습니다. 그런 다음 마우스, 키보드 및 모니터를 제거했습니다. Mobaxterm을 사용하면 내가 만든 첫 번째 사용자 또는 더미 사용자를 사용하여 상자에 SSH로 연결할 수 있습니다.

첫 번째 사용자로는 rdp로 접속이 안되는데, 가상사용자를 이용하면 접속이 되네요. 이 정보는 무슨 일이 일어나고 있는지 추측하기에 충분합니까? 다음에 무엇을 해야 할지 생각하고 있나요?

편집하다:

  • /etc/xrdp/startwm.sh각 @thing이 추가하는 것
  • 나는 과카몰리를 작동시키려고 노력하고 있다는 것을 깨달았습니다. 제거하고 문제가 있는지 확인해 보겠습니다.
  • RDP는 Ubuntu를 설치한 사용자와 협력하고 있습니다. Ubuntu를 업데이트했기 때문이라고 생각하지만 확실하지는 않습니다.

기본값 가져오기

systemctl get-default"graph.target"을 제공합니다. multi-user.target으로 설정을 시도했지만 효과가 없었습니다.

사용자 "GOOD_USER"를 사용한 성공적인 RDP 연결

xrdp.log

[20220815-16:49:29] [INFO ] Socket 12: AF_INET6 connection received from ::ffff:10.0.0.231 port 51503
[20220815-16:49:29] [INFO ] Socket 12: AF_INET6 connection received from 2601:1c2:1100:7740::35b1 port 51502
[20220815-16:49:29] [INFO ] Using default X.509 certificate: /etc/xrdp/cert.pem
[20220815-16:49:30] [INFO ] Using default X.509 certificate: /etc/xrdp/cert.pem
[20220815-16:49:30] [INFO ] Using default X.509 key file: /etc/xrdp/key.pem
[20220815-16:49:30] [INFO ] Using default X.509 key file: /etc/xrdp/key.pem
[20220815-16:49:30] [INFO ] Connected client computer name: ROBS-LG-GRAM
[20220815-16:49:30] [ERROR] libxrdp_force_read: header read error
[20220815-16:49:30] [WARN ] Received [MS-RDPBCGR] TS_UD_HEADER type 0xc006 is unknown (ignored)
[20220815-16:49:30] [ERROR] [ITU-T X.224] Connection Sequence: CR-TPDU (Connection Request) failed
[20220815-16:49:30] [WARN ] Received [MS-RDPBCGR] TS_UD_HEADER type 0xc00a is unknown (ignored)
[20220815-16:49:30] [ERROR] xrdp_sec_incoming: xrdp_iso_incoming failed
[20220815-16:49:30] [ERROR] xrdp_rdp_incoming: xrdp_sec_incoming failed
[20220815-16:49:30] [INFO ] xrdp_load_keyboard_layout: Keyboard information sent by the RDP client, keyboard_type:[0x07], keyboard_subtype:[0x00], keylayout:[0x00000409]
[20220815-16:49:30] [ERROR] xrdp_process_main_loop: libxrdp_process_incoming failed
[20220815-16:49:30] [INFO ] xrdp_load_keyboard_layout: model [] variant [] layout [us] options []
[20220815-16:49:30] [ERROR] xrdp_iso_send: trans_write_copy_s failed
[20220815-16:49:30] [INFO ] TLS connection established from ::ffff:10.0.0.231 port 51503: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384
[20220815-16:49:30] [ERROR] Sending [ITU T.125] DisconnectProviderUltimatum failed
[20220815-16:49:30] [INFO ] xrdp_caps_process_pointer: client supports new(color) cursor
[20220815-16:49:31] [INFO ] xrdp_process_offscreen_bmpcache: support level 1 cache size 5242880 MB cache entries 100
[20220815-16:49:31] [INFO ] xrdp_caps_process_codecs: nscodec, codec id 1, properties len 3
[20220815-16:49:31] [WARN ] xrdp_caps_process_codecs: unknown codec id 5
[20220815-16:49:31] [INFO ] Loading keymap file /etc/xrdp/km-00000409.ini
[20220815-16:49:31] [WARN ] local keymap file for 0x00000409 found and doesn't match built in keymap, using local keymap file
[20220815-16:49:31] [INFO ] connecting to sesman ip 127.0.0.1 port 3350
[20220815-16:49:31] [INFO ] xrdp_wm_log_msg: sesman connect ok
[20220815-16:49:31] [INFO ] sesman connect ok
[20220815-16:49:31] [INFO ] sending login info to session manager, please wait...
[20220815-16:49:31] [INFO ] xrdp_wm_log_msg: login successful for display 11
[20220815-16:49:31] [INFO ] login successful for display 11
[20220815-16:49:31] [INFO ] loaded module 'libxup.so' ok, interface size 10296, version 4
[20220815-16:49:32] [INFO ] started connecting
[20220815-16:49:32] [INFO ] lib_mod_connect: connecting via UNIX socket
[20220815-16:49:32] [INFO ] lib_mod_log_peer: xrdp_pid=10797 connected to X11rdp_pid=6616 X11rdp_uid=1002 X11rdp_gid=1002 client_ip=::ffff:10.0.0.231 client_port=51503
[20220815-16:49:32] [INFO ] connected ok

xrdp-sesman.log

[20220815-16:49:31] [INFO ] Socket 8: AF_INET6 connection received from ::1 port 60266
[20220815-16:49:31] [INFO ] ++ reconnected session: username GOOD_USER, display :11.0, session_pid 6599, ip ::ffff:10.0.0.231:51503 - socket: 12
[20220815-16:49:31] [ERROR] sesman_data_in: scp_process_msg failed
[20220815-16:49:31] [INFO ] Starting session reconnection script on display 11: /etc/xrdp/reconnectwm.sh
[20220815-16:49:31] [ERROR] sesman_main_loop: trans_check_wait_objs failed, removing trans

우분투가 설치된 사용자 이름을 사용한 RDP 연결이 실패합니다.

xrdp.log

[20220815-16:53:06] [ERROR] xrdp_sec_recv: xrdp_mcs_recv failed
[20220815-16:53:07] [ERROR] xrdp_rdp_recv: xrdp_sec_recv failed
[20220815-16:53:07] [ERROR] libxrdp_process_data: xrdp_rdp_recv failed
[20220815-16:53:07] [ERROR] xrdp_process_data_in: xrdp_process_loop failed
[20220815-16:53:07] [ERROR] SSL_write: I/O error
[20220815-16:53:07] [ERROR] xrdp_iso_send: trans_write_copy_s failed
[20220815-16:53:07] [ERROR] Sending [ITU T.125] DisconnectProviderUltimatum failed
[20220815-16:53:27] [INFO ] Socket 12: AF_INET6 connection received from ::ffff:10.0.0.231 port 51577
[20220815-16:53:27] [INFO ] Socket 12: AF_INET6 connection received from 2601:1c2:1100:7740::35b1 port 51576
[20220815-16:53:27] [INFO ] Using default X.509 certificate: /etc/xrdp/cert.pem
[20220815-16:53:28] [INFO ] Using default X.509 certificate: /etc/xrdp/cert.pem
[20220815-16:53:28] [INFO ] Using default X.509 key file: /etc/xrdp/key.pem
[20220815-16:53:28] [INFO ] Using default X.509 key file: /etc/xrdp/key.pem
[20220815-16:53:28] [ERROR] libxrdp_force_read: header read error
[20220815-16:53:28] [INFO ] Connected client computer name: XYZ
[20220815-16:53:28] [ERROR] [ITU-T X.224] Connection Sequence: CR-TPDU (Connection Request) failed
[20220815-16:53:28] [WARN ] Received [MS-RDPBCGR] TS_UD_HEADER type 0xc006 is unknown (ignored)
[20220815-16:53:28] [ERROR] xrdp_sec_incoming: xrdp_iso_incoming failed
[20220815-16:53:28] [WARN ] Received [MS-RDPBCGR] TS_UD_HEADER type 0xc00a is unknown (ignored)
[20220815-16:53:28] [ERROR] xrdp_rdp_incoming: xrdp_sec_incoming failed
[20220815-16:53:28] [INFO ] xrdp_load_keyboard_layout: Keyboard information sent by the RDP client, keyboard_type:[0x07], keyboard_subtype:[0x00], keylayout:[0x00000409]
[20220815-16:53:28] [ERROR] xrdp_process_main_loop: libxrdp_process_incoming failed
[20220815-16:53:28] [INFO ] xrdp_load_keyboard_layout: model [] variant [] layout [us] options []
[20220815-16:53:28] [ERROR] xrdp_iso_send: trans_write_copy_s failed
[20220815-16:53:28] [INFO ] TLS connection established from 2601:1c2:1100:7740::35b1 port 51576: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384
[20220815-16:53:28] [ERROR] Sending [ITU T.125] DisconnectProviderUltimatum failed
[20220815-16:53:28] [INFO ] xrdp_caps_process_pointer: client supports new(color) cursor
[20220815-16:53:29] [INFO ] xrdp_process_offscreen_bmpcache: support level 1 cache size 5242880 MB cache entries 100
[20220815-16:53:29] [INFO ] xrdp_caps_process_codecs: nscodec, codec id 1, properties len 3
[20220815-16:53:29] [WARN ] xrdp_caps_process_codecs: unknown codec id 5
[20220815-16:53:29] [INFO ] Loading keymap file /etc/xrdp/km-00000409.ini
[20220815-16:53:29] [WARN ] local keymap file for 0x00000409 found and doesn't match built in keymap, using local keymap file
[20220815-16:53:29] [INFO ] connecting to sesman ip 127.0.0.1 port 3350
[20220815-16:53:29] [INFO ] xrdp_wm_log_msg: sesman connect ok
[20220815-16:53:29] [INFO ] sesman connect ok
[20220815-16:53:29] [INFO ] sending login info to session manager, please wait...
[20220815-16:53:30] [INFO ] xrdp_wm_log_msg: login successful for display 12
[20220815-16:53:30] [INFO ] login successful for display 12
[20220815-16:53:30] [INFO ] loaded module 'libxup.so' ok, interface size 10296, version 4
[20220815-16:53:30] [INFO ] started connecting
[20220815-16:53:30] [INFO ] lib_mod_connect: connecting via UNIX socket
[20220815-16:53:30] [INFO ] lib_mod_log_peer: xrdp_pid=12176 connected to X11rdp_pid=12182 X11rdp_uid=1000 X11rdp_gid=1000 client_ip=2601:1c2:1100:7740::35b1 client_port=51576
[20220815-16:53:30] [INFO ] connected ok

xrdp-sesman.log

[20220815-16:53:29] [INFO ] Socket 8: AF_INET6 connection received from ::1 port 60268
[20220815-16:53:29] [INFO ] Terminal Server Users group is disabled, allowing authentication
[20220815-16:53:29] [INFO ] ++ created session (access granted): username INSTALL_USER, ip 2601:1c2:1100:7740::35b1:51576 - socket: 12
[20220815-16:53:29] [INFO ] starting Xorg session...
[20220815-16:53:29] [ERROR] g_tcp_bind(9, 6010) failed bind IPv6 (errno=98) and IPv4 (errno=22).
[20220815-16:53:29] [INFO ] Found X server running at 6010
[20220815-16:53:30] [INFO ] Starting session: session_pid 12180, display :12.0, width 1920, height 1035, bpp 24, client ip 2601:1c2:1100:7740::35b1:51576 - socket: 12, user name INSTALL_USER
[20220815-16:53:30] [INFO ] [session start] (display 12): calling auth_start_session from pid 12180
[20220815-16:53:30] [ERROR] sesman_data_in: scp_process_msg failed
[20220815-16:53:30] [INFO ] Starting X server on display 12: /usr/lib/xorg/Xorg :12 -auth .Xauthority -config xrdp/xorg.conf -noreset -nolisten tcp -logfile .xorgxrdp.%s.log
[20220815-16:53:30] [ERROR] sesman_main_loop: trans_check_wait_objs failed, removing trans
[20220815-16:53:30] [INFO ] Found X server running at /tmp/.X11-unix/X12
[20220815-16:53:30] [INFO ] Found X server running at /tmp/.X11-unix/X12
[20220815-16:53:30] [INFO ] Session started successfully for user INSTALL_USER on display 12
[20220815-16:53:30] [INFO ] Starting the xrdp channel server for display 12
[20220815-16:53:30] [INFO ] Found X server running at /tmp/.X11-unix/X12
[20220815-16:53:30] [INFO ] Session in progress on display 12, waiting until the window manager (pid 12181) exits to end the session
[20220815-16:53:31] [INFO ] Starting the default window manager on display 12: /etc/xrdp/startwm.sh
[20220815-16:53:31] [WARN ] Window manager (pid 12181, display 12) exited with non-zero exit code 255 and signal 15. This could indicate a window manager config problem
[20220815-16:53:31] [WARN ] Window manager (pid 12181, display 12) exited quickly (0 secs). This could indicate a window manager config problem
[20220815-16:53:31] [INFO ] Calling auth_stop_session and auth_end from pid 12180
[20220815-16:53:31] [INFO ] Terminating X server (pid 12182) on display 12
[20220815-16:53:31] [INFO ] Terminating the xrdp channel server (pid 12193) on display 12
[20220815-16:53:31] [INFO ] X server on display 12 (pid 12182) returned exit code 0 and signal number 0
[20220815-16:53:31] [INFO ] xrdp channel server for display 12 (pid 12193) exit code 0 and signal number 0
[20220815-16:53:31] [INFO ] cleanup_sockets:
[20220815-16:53:31] [INFO ] ++ terminated session:  username INSTALL_USER, display :12.0, session_pid 12180, ip 2601:1c2:1100:7740::35b1:51576 - socket: 12

/etc/xrdp/startupwm.sh

#!/bin/sh
# xrdp X session start script (c) 2015, 2017, 2021 mirabilos
# published under The MirOS Licence

# Rely on /etc/pam.d/xrdp-sesman using pam_env to load both
# /etc/environment and /etc/default/locale to initialise the
# locale and the user environment properly.

if test -r /etc/profile; then
        . /etc/profile
fi

test -x /etc/X11/Xsession && exec /etc/X11/Xsession
exec /bin/sh /etc/X11/Xsession

/etc/X11/Xsession

me@mmserver:~$ sudo cat /etc/X11/Xsession
[sudo] password for me:
#!/bin/sh
#
# /etc/X11/Xsession
#
# global Xsession file -- used by display managers and xinit (startx)

# $Id: Xsession 967 2005-12-27 07:20:55Z dnusinow $

set -e

PROGNAME=Xsession

message () {
  # pretty-print messages of arbitrary length; use xmessage if it
  # is available and $DISPLAY is set
  MESSAGE="$PROGNAME: $*"
  echo "$MESSAGE" | fold -s -w ${COLUMNS:-80} >&2
  if [ -n "$DISPLAY" ] && command -v xmessage > /dev/null 2>&1; then
    echo "$MESSAGE" | fold -s -w ${COLUMNS:-80} | xmessage -center -file -
  fi
}

message_nonl () {
  # pretty-print messages of arbitrary length (no trailing newline); use
  # xmessage if it is available and $DISPLAY is set
  MESSAGE="$PROGNAME: $*"
  echo -n "$MESSAGE" | fold -s -w ${COLUMNS:-80} >&2;
  if [ -n "$DISPLAY" ] && command -v xmessage > /dev/null 2>&1; then
    echo -n "$MESSAGE" | fold -s -w ${COLUMNS:-80} | xmessage -center -file -
  fi
}

errormsg () {
  # exit script with error
  message "$*"
  exit 1
}

internal_errormsg () {
  # exit script with error; essentially a "THIS SHOULD NEVER HAPPEN" message
  # One big call to message() for the sake of xmessage; if we had two then
  # the user would have dismissed the error we want reported before seeing the
  # request to report it.
  errormsg "$*" \
           "Please report the installed version of the \"x11-common\"" \
           "package and the complete text of this error message to" \
           "<[email protected]>."
}

# initialize variables for use by all session scripts

OPTIONFILE=/etc/X11/Xsession.options

SYSRESOURCES=/etc/X11/Xresources
USRRESOURCES=$HOME/.Xresources

SYSSESSIONDIR=/etc/X11/Xsession.d
USERXSESSION=$HOME/.xsession
USERXSESSIONRC=$HOME/.xsessionrc
ALTUSERXSESSION=$HOME/.Xsession
ERRFILE=$HOME/.xsession-errors

OPTIONS="$(
  if [ -r "$OPTIONFILE" ]; then
    cat "$OPTIONFILE"
  fi
  if [ -d /etc/X11/Xsession.options.d ]; then
    run-parts --list --regex '\.conf$' /etc/X11/Xsession.options.d | xargs -d '\n' cat
  fi
)"

has_option() {
  # Ensure that a later no-foo overrides an earlier foo
  if [ "$(echo "$OPTIONS" | grep -Eo "^(no-)?$1\>" | tail -n 1)" = "$1" ]; then
    return 0
  else
    return 1
  fi
}

# attempt to create an error file; abort if we cannot
if (umask 077 && touch "$ERRFILE") 2> /dev/null && [ -w "$ERRFILE" ] &&
  [ ! -L "$ERRFILE" ]; then
  chmod 600 "$ERRFILE"
elif ERRFILE=$(mktemp 2> /dev/null); then
  if ! ln -sf "$ERRFILE" "${TMPDIR:=/tmp}/xsession-$USER"; then
    message "warning: unable to symlink \"$TMPDIR/xsession-$USER\" to" \
             "\"$ERRFILE\"; look for session log/errors in" \
             "\"$TMPDIR/xsession-$USER\"."
  fi
else
  errormsg "unable to create X session log/error file; aborting."
fi

# truncate ERRFILE if it is too big to avoid disk usage DoS
if [ "`stat -c%s \"$ERRFILE\"`" -gt 500000 ]; then
  T=`mktemp -p "$HOME"`
  tail -c 500000 "$ERRFILE" > "$T" && mv -f "$T" "$ERRFILE" || rm -f "$T"
fi

exec >>"$ERRFILE" 2>&1

echo "$PROGNAME: X session started for $LOGNAME at $(date)"

# sanity check; is our session script directory present?
if [ ! -d "$SYSSESSIONDIR" ]; then
  errormsg "no \"$SYSSESSIONDIR\" directory found; aborting."
fi

# Attempt to create a file of non-zero length in /tmp; a full filesystem can
# cause mysterious X session failures.  We do not use touch, :, or test -w
# because they won't actually create a file with contents.  We also let standard
# error from mktemp and echo go to the error file to aid the user in
# determining what went wrong.
WRITE_TEST=$(mktemp)
if ! echo "*" >>"$WRITE_TEST"; then
  message "warning: unable to write to ${WRITE_TEST%/*}; X session may exit" \
          "with an error"
fi
rm -f "$WRITE_TEST"

# use run-parts to source every file in the session directory; we source
# instead of executing so that the variables and functions defined above
# are available to the scripts, and so that they can pass variables to each
# other
SESSIONFILES=$(run-parts --list $SYSSESSIONDIR)
if [ -n "$SESSIONFILES" ]; then
  set +e
  for SESSIONFILE in $SESSIONFILES; do
    . $SESSIONFILE
  done
  set -e
fi

exit 0

# vim:set ai et sts=2 sw=2 tw=80:

관련 정보