xRDP Guide: How to Set Up a Linux Remote Desktop on Your VPS

Remote desktop access is not just a Windows thing. If you run a Linux VPS and want a graphical desktop environment you can connect to from anywhere, xRDP makes it happen. It is an open-source implementation of the Microsoft Remote Desktop Protocol that runs on Linux, which means you can connect to your Linux server using the same Remote Desktop client you would use for a Windows machine.

This is particularly useful for people who need a graphical interface for certain applications but prefer Linux for its performance, cost, and flexibility advantages. Running a desktop environment on a Linux VPS with xRDP gives you the best of both worlds.

What xRDP Actually Does

xRDP is a server application that listens for incoming RDP connections and translates them into a Linux desktop session. When you connect from a Windows, Mac, or mobile RDP client, xRDP handles the protocol negotiation, encryption, and display rendering. From the client side, it looks and feels exactly like connecting to a Windows Remote Desktop session, except you see a Linux desktop instead.

Under the hood, xRDP works with a Linux display server to create and manage the graphical session. It supports multiple simultaneous connections, meaning several users can each have their own independent desktop session on the same server. Each session is isolated, so users cannot see or interact with each other's desktops.

The protocol handles keyboard input, mouse input, clipboard sharing, audio redirection, and drive mapping. You can copy text between your local computer and the remote Linux desktop, transfer files through mapped drives, and in some configurations even hear audio from the remote session.

Why Use xRDP Instead of VNC

VNC is the traditional way to get a graphical desktop on a remote Linux machine, and many people default to it without considering alternatives. xRDP has several practical advantages over VNC that make it the better choice for most use cases.

Built-in Encryption

RDP connections are encrypted by default using TLS. VNC connections are unencrypted by default, which means your keystrokes, screen contents, and any data you interact with are transmitted in plain text across the network. You can tunnel VNC through SSH to add encryption, but that is an extra step that xRDP handles automatically.

Better Performance

The RDP protocol is more efficient than VNC at transmitting screen updates. RDP sends drawing commands and bitmap differences rather than full screen captures, which results in lower bandwidth usage and a more responsive experience, especially over slower or higher-latency connections.

Native Client Support

Windows has a built-in RDP client. Mac has the free Microsoft Remote Desktop app. iOS and Android have official Microsoft RDP apps. You do not need to install any special software to connect to an xRDP server from any major platform.

Multi-Session Support

xRDP creates a new session for each connection by default. Multiple users can connect simultaneously and each gets their own independent desktop. VNC typically shares a single session, meaning all connected users see and control the same desktop.

Choosing a Desktop Environment

xRDP provides the remote access protocol, but you also need a desktop environment installed on your Linux server. The choice of desktop environment significantly impacts resource usage and the remote desktop experience.

XFCE (Recommended)

XFCE is the most popular choice for remote desktop servers because it is lightweight, fast, and works well over RDP connections. It uses around 200 to 400 megabytes of RAM and minimal CPU. The interface is clean and functional without unnecessary visual effects that waste bandwidth over a remote connection.

MATE

MATE is a continuation of the GNOME 2 desktop environment. It is slightly heavier than XFCE but still lightweight by modern desktop standards. RAM usage is typically 300 to 500 megabytes. If you prefer the traditional GNOME 2 layout with panels at the top and bottom, MATE provides that familiar experience.

GNOME and KDE

The full GNOME and KDE desktop environments are feature-rich but resource-heavy. GNOME uses 800 megabytes to over a gigabyte of RAM, and KDE is similar. Both rely heavily on GPU acceleration for their visual effects, which does not translate well over RDP. Avoid them for remote desktop use unless you specifically need them.

Installation on Ubuntu

Install the Desktop Environment

On a fresh Ubuntu server, install XFCE:

sudo apt update && sudo apt upgrade -y
sudo apt install -y xfce4 xfce4-goodies

The xfce4-goodies package adds useful extras like a terminal emulator, file manager plugins, and additional panel applets. The download is a few hundred megabytes.

Install xRDP

Install xRDP from the Ubuntu repositories:

sudo apt install -y xrdp
sudo systemctl enable xrdp
sudo systemctl start xrdp

Verify it is running:

sudo systemctl status xrdp

You should see it active and listening on port 3389.

Configure the Session

Tell xRDP to use XFCE when a user connects. Create the session configuration file:

echo 'xfce4-session' > ~/.xsession
chmod +x ~/.xsession

For system-wide configuration that applies to all users:

sudo sed -i 's/^test -x/#test -x/' /etc/xrdp/startwm.sh
sudo sed -i 's/^exec/#exec/' /etc/xrdp/startwm.sh
echo 'startxfce4' | sudo tee -a /etc/xrdp/startwm.sh

Without this configuration, you might get a blank screen, a session that immediately disconnects, or the wrong desktop environment. This is the most common issue people encounter during xRDP setup.

Fix the Authentication Dialog

Ubuntu shows an annoying authentication dialog every time you connect via xRDP. Fix it by creating a polkit rule:

sudo bash -c 'cat > /etc/polkit-1/localauthority/50-local.d/45-allow-colord.pkla << EOF
[Allow Colord all Users]
Identity=unix-user:*
Action=org.freedesktop.color-manager.create-device;org.freedesktop.color-manager.create-profile;org.freedesktop.color-manager.delete-device;org.freedesktop.color-manager.delete-profile;org.freedesktop.color-manager.modify-device;org.freedesktop.color-manager.modify-profile
ResultAny=no
ResultInactive=no
ResultActive=yes
EOF'

Firewall Configuration

Open port 3389 for RDP connections:

sudo ufw allow 3389/tcp
sudo ufw allow 22/tcp
sudo ufw enable

For better security, consider changing xRDP to listen on a non-standard port. Port 3389 is constantly scanned by bots. Change it in the xRDP configuration:

sudo nano /etc/xrdp/xrdp.ini
# Change the line: port=3389 to port=13389 (or any port you prefer)
sudo systemctl restart xrdp

# Update firewall
sudo ufw allow 13389/tcp
sudo ufw delete allow 3389/tcp

Installation on Debian

The process on Debian is nearly identical to Ubuntu:

sudo apt update && sudo apt upgrade -y
sudo apt install -y xfce4 xfce4-goodies xrdp
sudo systemctl enable xrdp
sudo systemctl start xrdp
echo 'xfce4-session' > ~/.xsession

One difference is that Debian's repositories sometimes have an older version of xRDP. For most users, the version in Debian's standard repositories works fine.

Installation on CentOS/Rocky Linux

Red Hat-based distributions use different package management:

sudo dnf install -y epel-release
sudo dnf groupinstall -y 'Xfce'
sudo dnf install -y xrdp
sudo systemctl enable xrdp
sudo systemctl start xrdp

Open the firewall port using firewalld:

sudo firewall-cmd --permanent --add-port=3389/tcp
sudo firewall-cmd --reload

SELinux on Red Hat-based systems can interfere with xRDP. If you encounter permission errors:

sudo setsebool -P xrdp_connect_all 1
# If that doesn't exist, check audit log:
sudo ausearch -m avc -ts recent | grep xrdp

Securing Your xRDP Installation

Limit Access by IP

If you only connect from specific locations, restrict access:

# Allow only your IP
sudo ufw allow from 203.0.113.50 to any port 3389 proto tcp
# Remove the general allow rule
sudo ufw delete allow 3389/tcp

Use SSH Tunneling

For maximum security, do not expose the RDP port to the internet at all. Tunnel through SSH:

# On your local machine:
ssh -L 3389:localhost:3389 user@your-server-ip

# Then connect your RDP client to:
# localhost:3389

This means an attacker would need to compromise your SSH access before they could even attempt to connect to xRDP. Block port 3389 from external access entirely:

sudo ufw delete allow 3389/tcp
# xRDP is now only accessible through SSH tunnel

Install Fail2Ban

Protect against brute force attacks on the RDP port:

sudo apt install -y fail2ban
sudo nano /etc/fail2ban/jail.local

[xrdp]
enabled = true
port = 3389
filter = xrdp
logpath = /var/log/xrdp.log
maxretry = 3
bantime = 3600
findtime = 600

Create the filter:

sudo nano /etc/fail2ban/filter.d/xrdp.conf

[Definition]
failregex = ^.*xrdp_sec_incoming_packet: .*from <HOST>.*$
            ^.*sesman: login failed for user.*from <HOST>.*$

sudo systemctl restart fail2ban

Performance Tuning

Reduce Color Depth

Lower color depth reduces bandwidth and improves responsiveness:

sudo nano /etc/xrdp/xrdp.ini

# Find and change:
max_bpp=16

sudo systemctl restart xrdp

16-bit color is visually almost identical to 32-bit for most tasks but uses half the bandwidth. For text-heavy work like coding or system administration, you will not notice the difference.

Disable Desktop Effects

After connecting, disable any compositor or visual effects in XFCE:

# In XFCE Settings > Window Manager Tweaks > Compositor tab:
# Uncheck 'Enable display compositing'

# Or from terminal:
xfconf-query -c xfwm4 -p /general/use_compositing -s false

Session Cleanup

Disconnected sessions consume RAM. Set up automatic cleanup:

sudo nano /etc/xrdp/sesman.ini

# Set these values:
KillDisconnected=true
DisconnectedTimeLimit=300

This terminates sessions 5 minutes after disconnection, freeing resources. Restart the service:

sudo systemctl restart xrdp

Troubleshooting

Black screen after login: The desktop environment is not configured correctly. Verify ~/.xsession contains the correct session command. For XFCE, it should be xfce4-session. Check /var/log/xrdp-sesman.log for errors.

Session disconnects immediately: Check if another session is already running for your user. xRDP can conflict with existing X sessions. Kill any existing sessions with the command below and reconnect:

# List sessions
who
# Kill a specific session
sudo pkill -u yourusername -f Xorg

Slow or laggy display: Reduce color depth to 16-bit, disable compositing, and check your network bandwidth. xRDP needs at least 1-2 Mbps for a smooth experience. Over cellular connections, reduce the resolution in your RDP client settings.

Clipboard not working: The xrdp-cliprdr module handles clipboard sharing. Verify it is loaded:

# Check if clipboard module is running
ps aux | grep cliprdr

# If not, restart xRDP
sudo systemctl restart xrdp

Cannot connect from Mac: Download Microsoft Remote Desktop from the Mac App Store. The built-in Screen Sharing app does not support RDP. Configure the connection with your server IP and port.

BlastVPS offers Linux VPS plans that work perfectly with xRDP, giving you a full graphical desktop experience on a high-performance server with NVMe storage and generous bandwidth.