Freerdp
Версия от 15:03, 11 марта 2025; Petr-akhlamov (обсуждение | вклад)
FreeRDP | |
---|---|
Разработчик(и) | FreeRDP Team |
Первый выпуск | 2009 |
Лицензия | Apache 2.0 |
Репозиторий | freerdp freerdp3 |
Сайт | freerdp.com |
Сервер
FreeRDP - свободная реализация протокола удаленного рабочего стола (RDP), выпущенная под лицензией Apache. Является форком rdesktop.
Функции
Удаленный доступ к рабочему столу
- Удалённый доступ к рабочему столу: позволяет подключаться к удалённым сессиям по протоколу RDP.
- Шифрование соединения: поддержка различных уровней безопасности, включая TLS и NLA (Network Level Authentication).
- Поддержка нескольких пользователей: одновременная работа нескольких удалённых сессий.
- Мультиплатформенность: работает на Linux, Windows, macOS, Android и других системах.
Доступ к удаленным ресурсам
- Передача аудио и видео: поддержка передачи мультимедийного контента с удалённого устройства.
- Поддержка USB и других устройств: проброс устройств (например, принтеров, смарт-карт) с клиента на сервер.
Клиент
Установка
В ALT Linux есть четыре версии клиента FreeRDP:
- xfreerdp - клиент для X.org v2
- wlfreerdp - клиент для Wayland v2
- xfreerdp3 - клиент для X.org v3
- wlfreerdp3 - клиент для Wayland v3
Выберите нужную и установите командой:
# apt-get install xfreerdp3
Использование
Usage: xfreerdp [file] [options] [/v:<server>[:port]] Syntax: /flag (enables flag) /option:<value> (specifies option with value) +toggle -toggle (enables or disables toggle, where '/' is a synonym of '+') /a:<addin>[,<options>] Addin /action-script:<file-name> Action script /admin Admin (or console) session +aero Enable desktop composition /app:<path> or ||<alias> Remote application program /app-cmd:<parameters> Remote application command-line parameters /app-file:<file-name> File to open with remote application /app-guid:<app-guid> Remote application GUID /app-icon:<icon-path> Remote application icon for user interface /app-name:<app-name> Remote application name for user interface /app-workdir:<workspace path> Remote application workspace path /assistance:<password> Remote assistance password /auto-request-control Automatically request remote assistance input control +async-channels Enable Asynchronous channels (experimental) +async-input Enable Asynchronous input +async-update Enable Asynchronous update /audio-mode:<mode> Audio output mode +auth-only Enable Authenticate only -authentication Disable Authentication (experimental) +auto-reconnect Enable Automatic reconnection /auto-reconnect-max-retries:<retries> Automatic reconnection maximum retries, 0 for unlimited [0,1000] +bitmap-cache Enable bitmap cache /bpp:<depth> Session bpp (color depth) /buildconfig Print the build configuration /cert:[deny,ignore,name:<name>,tofu,fingerprint:<hash>:<hash as hex> [,fingerprint:<hash>:<another hash>]] Certificate accept options. Use with care! * deny ... Automatically abort connection if the certificate does not match, no user interaction. * ignore ... Ignore the certificate checks altogether (overrules all other options) * name ... Use the alternate <name> instead of the certificate subject to match locally stored certificates * tofu ... Accept certificate unconditionally on first connect and deny on subsequent connections if the certificate does not match * fingerprints ... A list of certificate hashes that are accepted unconditionally for a connection /cert-deny [deprecated, use /cert:deny] Automatically abort connection for any certificate that can not be validated. /cert-ignore [deprecated, use /cert:ignore] Ignore certificate /cert-name:<name> [deprecated, use /cert:name:<name>] Certificate name /cert-tofu [deprecated, use /cert:tofu] Automatically accept certificate on first connect /client-build-number:<number> Client Build Number sent to server (influences smartcard behaviour, see [MS-RDPESC]) /client-hostname:<name> Client Hostname to send to server -clipboard[:[use-selection:<atom>]] Disable Redirect clipboard. * use-selection:<atom> ... (X11) Specify which X selection to access. Default is CLIPBOARD. PRIMARY is the X-style middle-click selection. /codec-cache:[rfx|nsc|jpeg] Bitmap codec cache -compression Disable compression /compression-level:<level> Compression level (0,1,2) +credentials-delegation Enable credentials delegation /d:<domain> Domain -decorations Disable Window decorations /disp Display control /drive:<name>,<path> Redirect directory <path> as named share <name>. Hotplug support is enabled with /drive:hotplug,*. This argument provides the same function as "Drives that I plug in later" option in MSTSC. +drives Enable Redirect all mount points as shares /dvc:<channel>[,<options>] Dynamic virtual channel /dynamic-resolution Send resolution updates when the window is resized /echo Echo channel -encryption Disable Encryption (experimental) /encryption-methods:[40,][56,][128,][FIPS] RDP standard security encryption methods /f Fullscreen mode (<Ctrl>+<Alt>+<Enter> toggles fullscreen) -fast-path Disable fast-path input/output +fipsmode Enable FIPS mode /floatbar[:sticky:[on|off],default:[visible|hidden],show: [always|fullscreen||window]] floatbar is disabled by default (when enabled defaults to sticky in fullscreen mode) -fonts Disable smooth fonts (ClearType) /frame-ack:<number> Number of frame acknowledgement /from-stdin[:force] Read credentials from stdin. With <force> the prompt is done before connection, otherwise on server request. /g:<gateway>[:<port>] Gateway Hostname /gateway-usage-method:[direct|detect] Gateway usage method /gd:<domain> Gateway domain /gdi:sw|hw GDI rendering /geometry Geometry tracking channel +gestures Enable Consume multitouch input locally /gfx[:[[RFX|AVC420|AVC444],mask:<value>]] RDP8 graphics pipeline /gfx-h264[:[[AVC420|AVC444],mask:<value>] [DEPRECATED] use /gfx:avc420 instead] RDP8.1 graphics pipeline using H264 codec +gfx-progressive Enable RDP8 graphics pipeline using progressive codec +gfx-small-cache Enable RDP8 graphics pipeline using small cache mode +gfx-thin-client Enable RDP8 graphics pipeline using thin client mode +glyph-cache Enable Glyph cache (experimental) /gp:<password> Gateway password -grab-keyboard Disable Grab keyboard -grab-mouse Disable Grab mouse /gt:[rpc|http[,no-websockets]|auto[,no-websockets]] Gateway transport type /gu:[[<domain>\]<user>|<user>[@<domain>]] Gateway username /gat:<access token> Gateway Access Token /h:<height> Height -heartbeat Disable Support heartbeat PDUs /help Print help +home-drive Enable Redirect user home as share /ipv6 Prefer IPv6 AAA record over IPv4 A record /jpeg JPEG codec support /jpeg-quality:<percentage> JPEG quality /kbd:0x<id> or <name> Keyboard layout /kbd-lang:0x<id> Keyboard active language identifier /kbd-fn-key:<value> Function key value /kbd-list List keyboard layouts /kbd-lang-list List keyboard languages /kbd-remap:List of <key>=<value>,... pairs to remap scancodes Keyboard scancode remapping /kbd-subtype:<id> Keyboard subtype /kbd-type:<id> Keyboard type /load-balance-info:<info-string> Load balance info /log-filters:<tag>:<level>[,<tag>:<level>[,...]] Set logger filters, see wLog(7) for details /log-level:[OFF|FATAL|ERROR|WARN|INFO|DEBUG|TRACE] Set the default log level, see wLog(7) for details /max-fast-path-size:<size> Specify maximum fast-path update size /max-loop-time:<time> Specify maximum time in milliseconds spend treating packets +menu-anims Enable menu animations /microphone[:[sys:<sys>,][dev:<dev>,][format:<format>,][rate:<rate>,] [channel:<channel>]] Audio input (microphone) /monitor-list List detected monitors /monitors:<id>[,<id>[,...]] Select monitors to use -mouse-motion Disable Send mouse motion /multimon[:force] Use multiple monitors +multitouch Enable Redirect multitouch input +multitransport Enable Support multitransport protocol -nego Disable protocol security negotiation /network:[modem|broadband|broadband-low|broadband-high|wan|lan|auto] Network connection type /nsc NSCodec support +offscreen-cache Enable offscreen bitmap cache /orientation:[0|90|180|270] Orientation of display in degrees +old-license Enable Use the old license workflow (no CAL and hwId set to 0) /p:<password> Password /parallel[:<name>[,<path>]] Redirect parallel device /parent-window:<window-id> Parent window id +password-is-pin Enable Use smart card authentication with password as smart card PIN /pcb:<blob> Preconnection Blob /pcid:<id> Preconnection Id /pheight:<height> Physical height of display (in millimeters) /play-rfx:<pcap-file> Replay rfx pcap file /port:<number> Server port -suppress-output Disable suppress output when minimized +print-reconnect-cookie Enable Print base64 reconnect cookie after connecting /printer[:<name>[,<driver>]] Redirect printer device /proxy:[<proto>://][<user>:<password>@]<host>:<port> Proxy settings: override env. var (see also environment variable below). Protocol "socks5" should be given explicitly where "http" is default. /pth:<password-hash> Pass the hash (restricted admin mode) /pwidth:<width> Physical width of display (in millimeters) /rdp2tcp:<executable path[:arg...]> TCP redirection /reconnect-cookie:<base64-cookie> Pass base64 reconnect cookie to the connection /redirect-prefer:<FQDN|IP|NETBIOS>,[...] Override the preferred redirection order /relax-order-checks Do not check if a RDP order was announced during capability exchange, only use when connecting to a buggy server /restricted-admin Restricted admin mode /rfx RemoteFX /rfx-mode:[image|video] RemoteFX mode /scale:[100|140|180] Scaling factor of the display /scale-desktop:<percentage> Scaling factor for desktop applications (value between 100 and 500) /scale-device:100|140|180 Scaling factor for app store applications /sec:[rdp|tls|nla|ext] Force specific protocol security +sec-ext Enable NLA extended protocol security -sec-nla Disable NLA protocol security -sec-rdp Disable RDP protocol security -sec-tls Disable TLS protocol security /serial[:<name>[,<path>[,<driver>[,permissive]]]] Redirect serial device /shell:<shell> Alternate shell /shell-dir:<dir> Shell working directory /size:<width>x<height> or <percent>%[wh] Screen size /smart-sizing[:<width>x<height>] Scale remote desktop to window size /smartcard[:<str>[,<str>...]] Redirect the smartcard devices containing any of the <str> in their names. /smartcard-logon Activates Smartcard Logon authentication. (EXPERIMENTAL: NLA not supported) /sound[:[sys:<sys>,][dev:<dev>,][format:<format>,][rate:<rate>,] [channel:<channel>,][latency:<latency>,][quality:<quality>]] Audio output (sound) /span Span screen over multiple monitors /spn-class:<service-class> SPN authentication service class /ssh-agent SSH Agent forwarding channel /t:<title> Window title -themes Disable themes /timeout:<time in ms> Advanced setting for high latency links: Adjust connection timeout, use if you encounter timeout failures with your connection /tls-ciphers:[netmon|ma|ciphers] Allowed TLS ciphers /tls-seclevel:<level> TLS security level - defaults to 1 +enforce-tlsv1_2 Enable Force use of TLS1.2 for connection. Some servers have a buggy TLS version negotiation and might fail without this -toggle-fullscreen Disable Alt+Ctrl+Enter to toggle fullscreen /tune:<setting:value>,<setting:value> [experimental] directly manipulate freerdp settings, use with extreme caution! /tune-list Print options allowed for /tune /u:[[<domain>\]<user>|<user>[@<domain>]] Username +unmap-buttons Enable Let server see real physical pointer button /usb:[dbg,][id:<vid>:<pid>#...,][addr:<bus>:<addr>#...,][auto] Redirect USB device /v:<server>[:port] Server hostname /vc:<channel>[,<options>] Static virtual channel /version Print version /video Video optimized remoting channel /vmconnect[:<vmid>] Hyper-V console (use port 2179, disable negotiation) /w:<width> Width -wallpaper Disable wallpaper +window-drag Enable full window drag /window-position:<xpos>x<ypos> window position /wm-class:<class-name> Set the WM_CLASS hint for the window instance /workarea Use available work area Examples: xfreerdp connection.rdp /p:Pwd123! /f xfreerdp /u:CONTOSO\JohnDoe /p:Pwd123! /v:rdp.contoso.com xfreerdp /u:JohnDoe /p:Pwd123! /w:1366 /h:768 /v:192.168.1.100:4489 xfreerdp /u:JohnDoe /p:Pwd123! /vmconnect:C824F53E-95D2-46C6-9A18-23A5BB403532 /v:192.168.1.100 Clipboard Redirection: +clipboard Drive Redirection: /drive:home,/home/user Smartcard Redirection: /smartcard:<device> Serial Port Redirection: /serial:<name>,<device>,[SerCx2|SerCx|Serial],[permissive] Serial Port Redirection: /serial:COM1,/dev/ttyS0 Parallel Port Redirection: /parallel:<name>,<device> Printer Redirection: /printer:<device>,<driver> TCP redirection: /rdp2tcp:/usr/bin/rdp2tcp Audio Output Redirection: /sound:sys:oss,dev:1,format:1 Audio Output Redirection: /sound:sys:alsa Audio Input Redirection: /microphone:sys:oss,dev:1,format:1 Audio Input Redirection: /microphone:sys:alsa Multimedia Redirection: /video USB Device Redirection: /usb:id:054c:0268#4669:6e6b,addr:04:0c For Gateways, the https_proxy environment variable is respected: export https_proxy=http://proxy.contoso.com:3128/ xfreerdp /g:rdp.contoso.com ... More documentation is coming, in the meantime consult source files