Fix divert for xrdp.ini
Daniel Ruiz de AlegrÃa
1 year, 11 months ago
0 | [Globals] | |
1 | ; xrdp.ini file version number | |
2 | ini_version=1 | |
3 | ||
4 | ; fork a new process for each incoming connection | |
5 | fork=true | |
6 | ||
7 | ; ports to listen on, number alone means listen on all interfaces | |
8 | ; 0.0.0.0 or :: if ipv6 is configured | |
9 | ; space between multiple occurrences | |
10 | ; ALL specified interfaces must be UP when xrdp starts, otherwise xrdp will fail to start | |
11 | ; | |
12 | ; Examples: | |
13 | ; port=3389 | |
14 | ; port=unix://./tmp/xrdp.socket | |
15 | ; port=tcp://.:3389 127.0.0.1:3389 | |
16 | ; port=tcp://:3389 *:3389 | |
17 | ; port=tcp://<any ipv4 format addr>:3389 192.168.1.1:3389 | |
18 | ; port=tcp6://.:3389 ::1:3389 | |
19 | ; port=tcp6://:3389 *:3389 | |
20 | ; port=tcp6://{<any ipv6 format addr>}:3389 {FC00:0:0:0:0:0:0:1}:3389 | |
21 | ; port=vsock://<cid>:<port> | |
22 | port=3389 | |
23 | ||
24 | ; 'port' above should be connected to with vsock instead of tcp | |
25 | ; use this only with number alone in port above | |
26 | ; prefer use vsock://<cid>:<port> above | |
27 | use_vsock=false | |
28 | ||
29 | ; regulate if the listening socket use socket option tcp_nodelay | |
30 | ; no buffering will be performed in the TCP stack | |
31 | tcp_nodelay=true | |
32 | ||
33 | ; regulate if the listening socket use socket option keepalive | |
34 | ; if the network connection disappear without close messages the connection will be closed | |
35 | tcp_keepalive=true | |
36 | ||
37 | ; set tcp send/recv buffer (for experts) | |
38 | #tcp_send_buffer_bytes=32768 | |
39 | #tcp_recv_buffer_bytes=32768 | |
40 | ||
41 | ; security layer can be 'tls', 'rdp' or 'negotiate' | |
42 | ; for client compatible layer | |
43 | security_layer=negotiate | |
44 | ||
45 | ; minimum security level allowed for client for classic RDP encryption | |
46 | ; use tls_ciphers to configure TLS encryption | |
47 | ; can be 'none', 'low', 'medium', 'high', 'fips' | |
48 | crypt_level=high | |
49 | ||
50 | ; X.509 certificate and private key | |
51 | ; openssl req -x509 -newkey rsa:2048 -nodes -keyout key.pem -out cert.pem -days 365 | |
52 | ; note this needs the user xrdp to be a member of the ssl-cert group, do with e.g. | |
53 | ;$ sudo adduser xrdp ssl-cert | |
54 | certificate= | |
55 | key_file= | |
56 | ||
57 | ; set SSL protocols | |
58 | ; can be comma separated list of 'SSLv3', 'TLSv1', 'TLSv1.1', 'TLSv1.2', 'TLSv1.3' | |
59 | ssl_protocols=TLSv1.2, TLSv1.3 | |
60 | ; set TLS cipher suites | |
61 | #tls_ciphers=HIGH | |
62 | ||
63 | ; concats the domain name to the user if set for authentication with the separator | |
64 | ; for example when the server is multi homed with SSSd | |
65 | #domain_user_separator=@ | |
66 | ||
67 | ; The following options will override the keyboard layout settings. | |
68 | ; These options are for DEBUG and are not recommended for regular use. | |
69 | #xrdp.override_keyboard_type=0x04 | |
70 | #xrdp.override_keyboard_subtype=0x01 | |
71 | #xrdp.override_keylayout=0x00000409 | |
72 | ||
73 | ; Section name to use for automatic login if the client sends username | |
74 | ; and password. If empty, the domain name sent by the client is used. | |
75 | ; If empty and no domain name is given, the first suitable section in | |
76 | ; this file will be used. | |
77 | autorun= | |
78 | ||
79 | allow_channels=true | |
80 | allow_multimon=true | |
81 | bitmap_cache=true | |
82 | bitmap_compression=true | |
83 | bulk_compression=true | |
84 | #hidelogwindow=true | |
85 | max_bpp=32 | |
86 | new_cursors=true | |
87 | ; fastpath - can be 'input', 'output', 'both', 'none' | |
88 | use_fastpath=both | |
89 | ; when true, userid/password *must* be passed on cmd line | |
90 | #require_credentials=true | |
91 | ; when true, the userid will be used to try to authenticate | |
92 | #enable_token_login=true | |
93 | ; You can set the PAM error text in a gateway setup (MAX 256 chars) | |
94 | #pamerrortxt=change your password according to policy at http://url | |
95 | ||
96 | ; | |
97 | ; colors used by windows in RGB format | |
98 | ; | |
99 | grey=ffffff | |
100 | black=555555 | |
101 | dark_grey=ffffff | |
102 | blue=19315a | |
103 | dark_blue=2777ff | |
104 | white=eeeeee | |
105 | #red=ff0000 | |
106 | #green=00ff00 | |
107 | #background=626c72 | |
108 | ||
109 | ; | |
110 | ; configure login screen | |
111 | ; | |
112 | ||
113 | ; Login Screen Window Title | |
114 | #ls_title=My Login Title | |
115 | ||
116 | ; top level window background color in RGB format | |
117 | ls_top_window_bg_color=2b62c0 | |
118 | ||
119 | ; width and height of login screen | |
120 | ; | |
121 | ; The default height allows for about 5 fields to be comfortably displayed | |
122 | ; above the buttons at the bottom. To display more fields, make <ls_height> | |
123 | ; larger, and also increase <ls_btn_ok_y_pos> and <ls_btn_cancel_y_pos> | |
124 | ; below | |
125 | ; | |
126 | ls_width=350 | |
127 | ls_height=370 | |
128 | ||
129 | ; login screen background color in RGB format | |
130 | ls_bg_color=ffffff | |
131 | ||
132 | ; optional background image filename (bmp format). | |
133 | #ls_background_image= | |
134 | ||
135 | ; logo | |
136 | ; full path to bmp-file or file in shared folder | |
137 | ls_logo_filename=/usr/share/xrdp/kali.bmp | |
138 | ls_logo_x_pos=0 | |
139 | ls_logo_y_pos=0 | |
140 | ||
141 | ; for positioning labels such as username, password etc | |
142 | ls_label_x_pos=30 | |
143 | ls_label_width=65 | |
144 | ||
145 | ; for positioning text and combo boxes next to above labels | |
146 | ls_input_x_pos=110 | |
147 | ls_input_width=210 | |
148 | ||
149 | ; y pos for first label and combo box | |
150 | ls_input_y_pos=240 | |
151 | ||
152 | ; OK button | |
153 | ls_btn_ok_x_pos=142 | |
154 | ls_btn_ok_y_pos=325 | |
155 | ls_btn_ok_width=85 | |
156 | ls_btn_ok_height=30 | |
157 | ||
158 | ; Cancel button | |
159 | ls_btn_cancel_x_pos=237 | |
160 | ls_btn_cancel_y_pos=325 | |
161 | ls_btn_cancel_width=85 | |
162 | ls_btn_cancel_height=30 | |
163 | ||
164 | [Logging] | |
165 | ; Note: Log levels can be any of: core, error, warning, info, debug, or trace | |
166 | LogFile=xrdp.log | |
167 | LogLevel=INFO | |
168 | EnableSyslog=true | |
169 | #SyslogLevel=INFO | |
170 | #EnableConsole=false | |
171 | #ConsoleLevel=INFO | |
172 | #EnableProcessId=false | |
173 | ||
174 | [LoggingPerLogger] | |
175 | ; Note: per logger configuration is only used if xrdp is built with | |
176 | ; --enable-devel-logging | |
177 | #xrdp.c=INFO | |
178 | #main()=INFO | |
179 | ||
180 | [Channels] | |
181 | ; Channel names not listed here will be blocked by XRDP. | |
182 | ; You can block any channel by setting its value to false. | |
183 | ; IMPORTANT! All channels are not supported in all use | |
184 | ; cases even if you set all values to true. | |
185 | ; You can override these settings on each session type | |
186 | ; These settings are only used if allow_channels=true | |
187 | rdpdr=true | |
188 | rdpsnd=true | |
189 | drdynvc=true | |
190 | cliprdr=true | |
191 | rail=true | |
192 | xrdpvr=true | |
193 | tcutils=true | |
194 | ||
195 | ; for debugging xrdp, in section xrdp1, change port=-1 to this: | |
196 | #port=/tmp/.xrdp/xrdp_display_10 | |
197 | ||
198 | ||
199 | ; | |
200 | ; Session types | |
201 | ; | |
202 | ||
203 | ; Some session types such as Xorg, X11rdp and Xvnc start a display server. | |
204 | ; Startup command-line parameters for the display server are configured | |
205 | ; in sesman.ini. See and configure also sesman.ini. | |
206 | [Xorg] | |
207 | name=Xorg | |
208 | lib=libxup.so | |
209 | username=ask | |
210 | password=ask | |
211 | ip=127.0.0.1 | |
212 | port=-1 | |
213 | code=20 | |
214 | ||
215 | [Xvnc] | |
216 | name=Xvnc | |
217 | lib=libvnc.so | |
218 | username=ask | |
219 | password=ask | |
220 | ip=127.0.0.1 | |
221 | port=-1 | |
222 | #xserverbpp=24 | |
223 | #delay_ms=2000 | |
224 | ; Disable requested encodings to support buggy VNC servers | |
225 | ; (1 = ExtendedDesktopSize) | |
226 | #disabled_encodings_mask=0 | |
227 | ; Use this to connect to a chansrv instance created outside of sesman | |
228 | ; (e.g. as part of an x11vnc console session). Replace '0' with the | |
229 | ; display number of the session | |
230 | #chansrvport=DISPLAY(0) | |
231 | ||
232 | ; Generic VNC Proxy | |
233 | ; Tailor this to specific hosts and VNC instances by specifying an ip | |
234 | ; and port and setting a suitable name. | |
235 | [vnc-any] | |
236 | name=vnc-any | |
237 | lib=libvnc.so | |
238 | ip=ask | |
239 | port=ask5900 | |
240 | username=na | |
241 | password=ask | |
242 | #pamusername=asksame | |
243 | #pampassword=asksame | |
244 | #pamsessionmng=127.0.0.1 | |
245 | #delay_ms=2000 | |
246 | ||
247 | ; Generic RDP proxy using NeutrinoRDP | |
248 | ; Tailor this to specific hosts by specifying an ip and port and setting | |
249 | ; a suitable name. | |
250 | [neutrinordp-any] | |
251 | name=neutrinordp-any | |
252 | ; To use this section, you should build xrdp with configure option | |
253 | ; --enable-neutrinordp. | |
254 | lib=libxrdpneutrinordp.so | |
255 | ip=ask | |
256 | port=ask3389 | |
257 | username=ask | |
258 | password=ask | |
259 | ; Uncomment the following lines to enable PAM authentication for proxy | |
260 | ; connections. | |
261 | #pamusername=ask | |
262 | #pampassword=ask | |
263 | #pamsessionmng=127.0.0.1 | |
264 | ; Currently NeutrinoRDP doesn't support dynamic resizing. Uncomment | |
265 | ; this line if you're using a client which does. | |
266 | #enable_dynamic_resizing=false | |
267 | ; By default, performance settings requested by the RDP client are ignored | |
268 | ; and chosen by NeutrinoRDP. Uncomment this line to allow the user to | |
269 | ; select performance settings in the RDP client. | |
270 | #perf.allow_client_experiencesettings=true | |
271 | ; Override any experience setting by uncommenting one or more of the | |
272 | ; following lines. | |
273 | #perf.wallpaper=false | |
274 | #perf.font_smoothing=false | |
275 | #perf.desktop_composition=false | |
276 | #perf.full_window_drag=false | |
277 | #perf.menu_anims=false | |
278 | #perf.themes=false | |
279 | #perf.cursor_blink=false | |
280 | ; By default NeutrinoRDP supports cursor shadows. If this is giving | |
281 | ; you problems (e.g. cursor is a black rectangle) try disabling cursor | |
282 | ; shadows by uncommenting the following line. | |
283 | #perf.cursor_shadow=false | |
284 | ; By default, NeutrinoRDP uses the keyboard layout of the remote RDP Server. | |
285 | ; If you want to tell the remote the keyboard layout of the RDP Client, | |
286 | ; by uncommenting the following line. | |
287 | #neutrinordp.allow_client_keyboardLayout=true | |
288 | ; The following options will override the remote keyboard layout settings. | |
289 | ; These options are for DEBUG and are not recommended for regular use. | |
290 | #neutrinordp.override_keyboardLayout_mask=0x0000FFFF | |
291 | #neutrinordp.override_kbd_type=0x04 | |
292 | #neutrinordp.override_kbd_subtype=0x01 | |
293 | #neutrinordp.override_kbd_fn_keys=12 | |
294 | #neutrinordp.override_kbd_layout=0x00000409 | |
295 | ||
296 | ; You can override the common channel settings for each session type | |
297 | #channel.rdpdr=true | |
298 | #channel.rdpsnd=true | |
299 | #channel.drdynvc=true | |
300 | #channel.cliprdr=true | |
301 | #channel.rail=true | |
302 | #channel.xrdpvr=true | |
303 |