GNOME Remote Desktop is the remote desktop server of the GNOME project. It supports operating as a remote assistance remote desktop server, as a single user headless remote desktop server, and as a headless remote login remote desktop server.
It has two protocol backends, RDP and VNC. Not all modes of operation are supported with all protocol backends.
It uses PipeWire for streaming pixel content, libei for input event plumbing, and the Mutter remote desktop API for high level management.
For RDP support, it uses FreeRDP, and for VNC support, it uses LibVNCServer.
It's licensed under the GNU General Public License v2 or later.
[[TOC]]
The remote assistance mode provides a way to access an already active session remotely, where both the user physically by the machine is present, and a remote user is connecting. This means for example that locking the screen also closes the remote desktop connection.
Running as a remote assistance remote desktop server is supported with both RDP and VNC.
Open Settings, open the Systems panel then Remote Desktop. Select Screen Sharing, enable Desktop Sharing and configure it for your needs.
-
Generate a TLS key and certificate. See here.
-
Configure GNOME Remote Desktop:
grdctl rdp set-tls-key ~/.local/share/gnome-remote-desktop/tls.key
grdctl rdp set-tls-cert ~/.local/share/gnome-remote-desktop/tls.crt
grdctl rdp set-credentials # Enter credentials via standard input
grdctl rdp enableTo enable remote controlling, run:
grdctl rdp disable-view-onlyFor more options, run:
grdctl --help- Enable remote assistance user service.
systemctl --user enable --now gnome-remote-desktop.service- Configure GNOME Remote Desktop:
VNC supports two authentication methods: password or prompt. To e.g. use a password, run:
grdctl vnc set-auth-method password
grdctl vnc set-password # Enter password via standard inputTo enable remote controlling, run:
grdctl vnc disable-view-onlyThen enable VNC support:
grdctl vnc enableFor more options, run:
grdctl --help- Enable remote assistance user service.
systemctl --user enable --now gnome-remote-desktop.serviceGNOME Remote Desktop supports integrating with the GNOME Display Manager (GDM) to achieve remote login functionality. This feature is only available via the RDP protocol. It works by the remote user first authenticating via a system wide password, which gives access to the graphical login screen, where they can login using their user specific credentials.
Open Settings, open the Systems panel then Remote Desktop. Select Remote Login. Unlock the panel (requires administrative privileges). Enable Remote Login, and configure the remote login feature according to your needs.
-
Generate a TLS key and certificate. See here.
-
Configure GNOME Remote Desktop:
grdctl --system rdp set-tls-key ~gnome-remote-desktop/.local/share/gnome-remote-desktop/tls.key
grdctl --system rdp set-tls-cert ~gnome-remote-desktop/.local/share/gnome-remote-desktop/tls.crt
grdctl --system rdp set-credentials # Enter credentials via standard input
grdctl --system rdp enableFor more options, run:
grdctl --help- Enable system remote login service and GDM.
systemctl enable --now gdm.service
systemctl enable --now gnome-remote-desktop.serviceA single user headless remote desktop means the remote desktop client connects directly to a GNOME Remote Desktop server running in an independently set up headless graphical user session.
-
Generate a TLS key and certificate. See here.
-
Configure GNOME Remote Desktop:
grdctl --headless rdp set-tls-key ~/.local/share/gnome-remote-desktop/tls.key
grdctl --headless rdp set-tls-cert ~/.local/share/gnome-remote-desktop/tls.crt
grdctl --headless rdp set-credentials # Enter credentials via standard input
grdctl --headless rdp enableFor more options, run:
grdctl --help- Enable headless single user service.
systemctl --user enable --now gnome-remote-desktop-headless.service- Configure GNOME Remote Desktop:
grdctl --headless vnc set-password # Enter password via standard input
grdctl --headless vnc enable- Enable headless single user service.
systemctl --user enable --now gnome-remote-desktop-headless.serviceConnecting via RDP requires setting up a TLS key and a TLS certificate. Here are some examples for how to do that.
Note that for when the key and certificate is intended to be used with the
remote login system service, run each of the following commands as the
gnome-remote-desktop user. For example
sudo -u gnome-remote-desktop sh -c 'winpr-makecert -silent -rdp -path ~/.local/share/gnome-remote-desktop tls'winpr-makecert is a tool from FreeRDP for generating TLS keys and
certificates for among other things RDP servers.
winpr-makecert -silent -rdp -path ~/.local/share/gnome-remote-desktop tlscerttool is an interactive tool for generating keys and certificates.
mkdir -p ~/.local/share/gnome-remote-desktop/
certtool --generate-privkey --outfile ~/.local/share/gnome-remote-desktop/tls.key
certtool --generate-self-signed --load-privkey ~/.local/share/gnome-remote-desktop/tls.keyopenssl is a tool for among other things generating TLS keys and
certificates. The below example creates a certificate expiring in 720 days with
the country set to Sweden.
mkdir -p ~/.local/share/gnome-remote-desktop/
openssl req -new -newkey rsa:4096 -days 720 -nodes -x509 -subj /C=SE/ST=NONE/L=NONE/O=GNOME/CN=gnome.org -out ~/.local/share/gnome-remote-desktop/tls.crt -keyout ~/.local/share/gnome-remote-desktop/tls.keyCaution is advised when considering opening up the firewall to the open Internet. If it is necessary, here are some hints on how to achieve it.
To open up the firewall for connections on the default RDP port, run:
sudo firewall-cmd --permanent --add-service=rdp
sudo firewall-cmd --reloadTo open up the firewall for connections on the default VNC port, run:
sudo firewall-cmd --permanent --add-service=vnc
sudo firewall-cmd --reloadPlease file issues in the issue tracker on GNOME GitLab.
gnome-remote-desktop uses merge requests filed against the gnome-remote-desktop GitLab module.
