How do I setup a remote access solution in Wayland?

There are several users who need to connect to my remote server, each with their own accounts, who need to interact with Firefox. They’re mostly connecting from Windows machines. I’m looking into retiring the Windows server that was responsible for this until now.

This is my first time setting up a remote access solution on Linux. It turned out to be pretty easy with xrdp and GNOME. I installed it, allowed access to port 3389, and started the service. Logging in didn’t initially work. I needed to create a startwm.sh file in the user’s home directory with this command:

#!/bin/sh

dbus-launch --exit-with-session /usr/bin/gnome-session

After that, it worked. XRDP is fast and responsive, too. It’s a little weird in that sometimes I end up at the lock screen instead of logged in, but I don’t have any other complaints.

But what about Wayland?

XRDP works for X. But Fedora Workstation is deprecating X11 in Fedora 41 by removing it from the installation media, which suggests its full removal can’t be far away. GNOME themselves are going to remove their X11 session code in the next few releases. It can’t be long until X11 disappears from Fedora’s repositories altogether.

So, it makes sense to embrace Wayland now. I can’t find much about setting up a Wayland RDP server on Linux, though.

Does anybody have some tips on where to start?

I ended up trying to use GNOME Remote Desktop through grdctl. I struggled for quite some time until stumbling upon this thread: Gnome Remote Desktop with SELinux enforced

After I pasted in the command :person_shrugging: it worked and I could connect to a Wayland session.

The Wayland session seemed more resource-intensive than the X11 session, but I’m not sure why. It wasn’t the overhead of GRD; the session overall just seemed more sluggish.

Still need to do some more testing and figure out how GNOME Remote Desktop works, exactly. There doesn’t seem to be much documentation, but maybe I’m looking in all the wrong places.

Edit: One thing that does suck is that the session ends as soon as I disconnect from it. This is very undesirable. It’s possible you’d lose your internet connection and need to set everything up again on each login. This didn’t happen with XRDP. It’s probably just a configuration option I can change.

I learned GNOME Remote Desktop doesn’t yet support multiple users logging into the desktop: Support multiple simultaneous VNC clients to connect to a session (#84) · Issues · GNOME / gnome-remote-desktop · GitLab

GNOME Remote Desktop doesn’t really seem suitable as an RDP solution right now. Not for my needs, at least.

I’ll have a look at the solutions over in KDE land, but I think the most mature solutions are in the wlroots ecosystem with wayvnc. I didn’t think I’d be going back to Sway like this, but I’ll see what I can do to make it user-friendly. I don’t know if there’s another great wlroots-based compositor out there that’s more user-friendly. Maybe Labwc?

I dropped one of my requirements: as long as it works in Remote Desktop Manager, it doesn’t need to be RDP. It could be VNC or whatever works.

Both solutions support headless multi-user access:

This works for me on Fedora 40.

1 Like

Thanks for the links! I think I misunderstood the issue about “multiple simultaneous VNC clients” in that it seemed to be multiple people connected to a single user, rather than multiple people accessing multiple users on a single server.

And I did actually find your posts while I was trying to figure out how to set this up. They were greatly helpful! :slight_smile:

Where did you figure out how to use grdctl? I was having trouble figuring it out just from grdctl --help and couldn’t seem to find deeper documentation.

Like, what does --system do exactly?

Am I meant to run this command for every user on the server to enable multiple users to be accessed remotely?

sudo grdctl --system rdp set-credentials "${RDP_USER}" "${RDP_PASS}"

Or why set the RDP_USER and RDP_PASS variables if you’re only passing them to a single command anyway? The way it’s formatted makes it seem like all these commands are meant to be run in a script but it doesn’t seem like they need to be run more than once?

And now that I think of it, why even switch users to gnome-remote-desktop to run:

sudo -u gnome-remote-desktop winpr-makecert \
    -silent -rdp -path ~gnome-remote-desktop rdp-tls

(oh, it’s probably to have the right permissions so gnome-remote-desktop can read the cert, huh.)

I’m sorry for having so many questions! I’m just very new to this and want to understand how to use GNOME Remote Desktop to its fullest extent.

Edit: I just learned a new tilde expansion: https://www.gnu.org/software/bash/manual/html_node/Tilde-Expansion.html

~fred/foo

    The subdirectory foo of the home directory of the user fred

That makes so much more sense now.

Edit 2:

Does the --headless option come into play at any point? I can’t figure out what “Use headless credentials storage” means. Is there some kind of wiki for GNOME Remote Desktop?

Okay, I think I’ve figured it out. I also looked at this presentation which helped somewhat as documentation: https://www.youtube.com/watch?v=XkH_jZ21t7g

The presentation also informed me that wayvnc doesn’t do real headless sessions, so I won’t look into that.

Key things I’ve learned:

  1. --system rdp set-credentials sets credentials for the RDP server itself. You’re logging into GDM so you can then login to a specific user.
  2. You can’t continue other user’s sessions where they left off; you need to force them out of their session to start a new session.
  3. As far as I can tell, the second you leave your session, the session ends and you can no longer continue it (which is consistent with point 2).

I still don’t know what --headless does but I don’t think it matters much :slight_smile:

What’s there with GNOME Remote Desktop seems to work pretty well. It would be really nice for sessions not to combust as soon as you stop touching them, though, and I don’t think there’s a way to do that with GNOME Remote Desktop right now.

I’ll setup a remote desktop solution with one of the X + VNC solutions (TigerVNC seems venerable) to see what it offers, though probably on Alma Linux/Rocky Linux in case X disappears suddenly from Fedora’s repositories. Thanks so much for your assistance!

1 Like

That’s it and the rest can be deduced using common sense and trial and error.

This is necessary to configure Remote Login.
Remote Login is a system service while Desktop Sharing is a user service.

No, once globally configured, Remote Login works for all users.
The common RDP credentials are used to reach GDM.
Then each user should log in with their own credentials.

This makes it easier to notice what needs to be customized.
The remaining instructions can be copy-pasted as is.

Yes, unless you have more than one server.
This also makes testing easier and helps minimize human error.

That option allows to store credentials as plain text for Desktop Sharing.
It seems to apply implicitly for Remote Login.

Yes, that should work for persistent sessions.
GRD should also support persistent sessions in the next major release.

2 Likes

I understand g-r-d better now, thank you!

Awesome to hear! Very much looking forward to that. That’s the last feature I really need.

I love that g-r-d is so much simpler to setup and understand than VNC, even if I struggled at first.

1 Like

Hey, @vgaetera. Do you know if this has been addressed in a package update?

It’s weird that one has to resolve to such a workaround.

Thanks again for the helpful tip!

This is work in progress, there are a few related issues like this:
2271661 – gnome-remote-desktop system login feature is disallowed in enforcing mode
I hope to see some improvements in the next Fedora release.

1 Like

Thanks! I really hope this is resolved soon because it’s an advertised feature that doesn’t work out of the box on the current release.