search

MichaIng / DietPi

Lightweight justice for your single-board computer!
https://dietpi.com/
GNU General Public License v2.0
4.81k stars 494 forks source link

xRDP – cannot read /etc/xrdp/key.pem. Permission denied error #5976

Closed amibumping closed 1 year ago

amibumping commented 1 year ago

Creating a bug report/issue

Required Information

Randomly I've found this error on xRDP log:

[20221214-09:43:09] [ERROR] Cannot read private key file /etc/xrdp/key.pem: Permission denied

As I can read, the problem is because the user xrdp don't have access to ssl folder to read the real cert that is linked.

https://c-nergy.be/blog/?p=13708

The solution is to add user xrdp into ssl-cert group

MichaIng commented 1 year ago

I recognised this but thought it is only relevant if you do key authentication instead of password authentication, isn't it? Sadly the guide you linked as well doesn't say anything about what it's used for. However, that those are symlinks to the dummy/snakeoil certificate (shipped by ssl-cert package, not pre-installed on DietPi), shows that it should be properly configured instead and is optional.

So instead of setting it up to use snakeoil, we should find out what exactly it is, how to use it properly, document that and disable it completely by default (so that it does not try to load the snakeoil cert).

MichaIng commented 1 year ago

Okay its about TLS encryption for client connections via TLS. A key and a cert needs to be set both: https://manpages.debian.org/bullseye/xrdp/xrdp.ini.5.en.html#certificate

This generally makes sense to have enabled OOTB, but I'm not sure what the Windows RDP client does when not trusting the cert, which would be the case with the default snake oil one or any self-signed one, unless going through the process or adding it to the trusted certs/CA store.

MichaIng commented 1 year ago

Found the Debian bug report about this: https://bugs.debian.org/860890

Control: tags -1 + wontfix

This is entirely normal, common to many Debian packages and basic knowledge for a Debian administrator.

-nik

How I hate such kind of answers. This is one of the reasons so many "How to start with Linux" guides recommend Ubuntu over Debian, which is otherwise nonsense...

Why is the ssl-cert package a strict dependency if it cannot be used by XRDP without manual setup. If access permissions is such common admin knowledge, then adding a proper certificate, or at least installing the snakeoil certificate is just the same common knowledge. But the bigger problem is that it degrades security completely unnecessarily until this setup is done.

We'll do this in dietpi-software now.

MichaIng commented 1 year ago

Done with: https://github.com/MichaIng/DietPi/commit/f8a272a

amibumping commented 1 year ago

I dont' know if it's correct to answer on a closed issue, but xrdp has received and update, and after this I can no login with root&dietpi users. I tried to reinstall xrdp but again the same. I run journalctl -u xrdp and I see the same error of this issue: Cannot read private key file /etc/xrdp/key.pem: Permission denied

Thank you @MichaIng

MichaIng commented 1 year ago

This error did never break anything but was only an information that XRDP had no permissions to access the snakeoil certificate, and hence only non-encrypted traffic was possible. This is however negotiated automatically between client and server, unless you enforce TLS at one side.

The last update of XRDP was last December, hence before this issue was solved, so since then nothing about the matter has changed.

We did never apply the change for running systems, only for fresh XRDP installs or reinstall. You can manually apply it:

sudo usermod -aG ssl-cert xrdp

While this mutes the warning, I guess it does not solve your connection issue. Could you paste the full service log?

amibumping commented 1 year ago

I am not saying is a dietpi problem but xrdp. I use it everyday, yesterday was working, and today after the update and restarting the service it broke.

This is the full log, and an attempt to log.

Sep 20 08:58:52 DietPi systemd[1]: xrdp.service: Succeeded.
Sep 20 08:58:52 DietPi systemd[1]: Stopped xrdp daemon.
Sep 20 08:58:52 DietPi systemd[1]: Starting xrdp daemon...
Sep 20 08:58:52 DietPi xrdp[1312991]: [INFO ] address [0.0.0.0] port [62826] mode 1
Sep 20 08:58:52 DietPi xrdp[1312991]: [INFO ] listening to port 62826 on 0.0.0.0
Sep 20 08:58:52 DietPi xrdp[1312991]: [INFO ] xrdp_listen_pp done
Sep 20 08:58:52 DietPi xrdp[1312991]: [DEBUG] Closed socket 7 (AF_INET6 :: port 62826)
Sep 20 08:58:52 DietPi systemd[1]: xrdp.service: Can't open PID file /run/xrdp/xrdp.pid (yet?) after start: Operation not permitted
Sep 20 08:58:53 DietPi systemd[1]: Started xrdp daemon.
Sep 20 08:58:54 DietPi xrdp[1312992]: [INFO ] starting xrdp with pid 1312992
Sep 20 08:58:54 DietPi xrdp[1312992]: [INFO ] address [0.0.0.0] port [62826] mode 1
Sep 20 08:58:54 DietPi xrdp[1312992]: [INFO ] listening to port 62826 on 0.0.0.0
Sep 20 08:58:54 DietPi xrdp[1312992]: [INFO ] xrdp_listen_pp done
Sep 20 08:59:04 DietPi xrdp[1312992]: [INFO ] Socket 12: AF_INET6 connection received from ::ffff:10.2.181.5 port 49077
Sep 20 08:59:04 DietPi xrdp[1312992]: [DEBUG] Closed socket 12 (AF_INET6 ::ffff:192.168.1.3 port 62826)
Sep 20 08:59:04 DietPi xrdp[1313188]: [DEBUG] Closed socket 11 (AF_INET6 :: port 62826)
Sep 20 08:59:04 DietPi xrdp[1313188]: [DEBUG] item ini_version, value 1
Sep 20 08:59:04 DietPi xrdp[1313188]: [DEBUG] item fork, value true
Sep 20 08:59:04 DietPi xrdp[1313188]: [DEBUG] item port, value 62826
Sep 20 08:59:04 DietPi xrdp[1313188]: [DEBUG] item use_vsock, value false
Sep 20 08:59:04 DietPi xrdp[1313188]: [DEBUG] item tcp_nodelay, value true
Sep 20 08:59:04 DietPi xrdp[1313188]: [DEBUG] item tcp_keepalive, value true
Sep 20 08:59:04 DietPi xrdp[1313188]: [DEBUG] item security_layer, value negotiate
Sep 20 08:59:04 DietPi xrdp[1313188]: [DEBUG] item crypt_level, value high
Sep 20 08:59:04 DietPi xrdp[1313188]: [DEBUG] item certificate, value
Sep 20 08:59:04 DietPi xrdp[1313188]: [INFO ] Using default X.509 certificate: /etc/xrdp/cert.pem
Sep 20 08:59:04 DietPi xrdp[1313188]: [DEBUG] item key_file, value
Sep 20 08:59:04 DietPi xrdp[1313188]: [INFO ] Using default X.509 key file: /etc/xrdp/key.pem
Sep 20 08:59:04 DietPi xrdp[1313188]: [DEBUG] item ssl_protocols, value TLSv1.2, TLSv1.3
Sep 20 08:59:04 DietPi xrdp[1313188]: [DEBUG] TLSv1.3 enabled
Sep 20 08:59:04 DietPi xrdp[1313188]: [DEBUG] TLSv1.2 enabled
Sep 20 08:59:04 DietPi xrdp[1313188]: [DEBUG] item autorun, value
Sep 20 08:59:04 DietPi xrdp[1313188]: [DEBUG] item allow_channels, value true
Sep 20 08:59:04 DietPi xrdp[1313188]: [DEBUG] item allow_multimon, value true
Sep 20 08:59:04 DietPi xrdp[1313188]: [DEBUG] item bitmap_cache, value true
Sep 20 08:59:04 DietPi xrdp[1313188]: [DEBUG] item bitmap_compression, value true
Sep 20 08:59:04 DietPi xrdp[1313188]: [DEBUG] item bulk_compression, value true
Sep 20 08:59:04 DietPi xrdp[1313188]: [DEBUG] item max_bpp, value 32
Sep 20 08:59:04 DietPi xrdp[1313188]: [DEBUG] item new_cursors, value true
Sep 20 08:59:04 DietPi xrdp[1313188]: [DEBUG] item use_fastpath, value both
Sep 20 08:59:04 DietPi xrdp[1313188]: [DEBUG] item blue, value 009cb5
Sep 20 08:59:04 DietPi xrdp[1313188]: [DEBUG] item grey, value dedede
Sep 20 08:59:04 DietPi xrdp[1313188]: [DEBUG] item ls_top_window_bg_color, value e0ecf0
Sep 20 08:59:04 DietPi xrdp[1313188]: [DEBUG] item ls_width, value 350
Sep 20 08:59:04 DietPi xrdp[1313188]: [DEBUG] item ls_height, value 430
Sep 20 08:59:04 DietPi xrdp[1313188]: [DEBUG] item ls_bg_color, value 59667d
Sep 20 08:59:04 DietPi xrdp[1313188]: [DEBUG] item ls_logo_filename, value
Sep 20 08:59:04 DietPi xrdp[1313188]: [DEBUG] item ls_logo_x_pos, value 55
Sep 20 08:59:04 DietPi xrdp[1313188]: [DEBUG] item ls_logo_y_pos, value 50
Sep 20 08:59:04 DietPi xrdp[1313188]: [DEBUG] item ls_label_x_pos, value 30
Sep 20 08:59:04 DietPi xrdp[1313188]: [DEBUG] item ls_label_width, value 65
Sep 20 08:59:04 DietPi xrdp[1313188]: [DEBUG] item ls_input_x_pos, value 110
Sep 20 08:59:04 DietPi xrdp[1313188]: [DEBUG] item ls_input_width, value 210
Sep 20 08:59:04 DietPi xrdp[1313188]: [DEBUG] item ls_input_y_pos, value 220
Sep 20 08:59:04 DietPi xrdp[1313188]: [DEBUG] item ls_btn_ok_x_pos, value 142
Sep 20 08:59:04 DietPi xrdp[1313188]: [DEBUG] item ls_btn_ok_y_pos, value 370
Sep 20 08:59:04 DietPi xrdp[1313188]: [DEBUG] item ls_btn_ok_width, value 85
Sep 20 08:59:04 DietPi xrdp[1313188]: [DEBUG] item ls_btn_ok_height, value 30
Sep 20 08:59:04 DietPi xrdp[1313188]: [DEBUG] item ls_btn_cancel_x_pos, value 237
Sep 20 08:59:04 DietPi xrdp[1313188]: [DEBUG] item ls_btn_cancel_y_pos, value 370
Sep 20 08:59:04 DietPi xrdp[1313188]: [DEBUG] item ls_btn_cancel_width, value 85
Sep 20 08:59:04 DietPi xrdp[1313188]: [DEBUG] item ls_btn_cancel_height, value 30
Sep 20 08:59:04 DietPi xrdp[1313188]: [INFO ] Security protocol: configured [SSL|RDP], requested [SSL|HYBRID|HYBRID_EX|RDP], selected [SSL]
Sep 20 08:59:04 DietPi xrdp[1313188]: [DEBUG] Using TLS security, and setting RDP security crypto to LEVEL_NONE and METHOD_NONE
Sep 20 08:59:04 DietPi xrdp[1313188]: [DEBUG] [MCS Connection Sequence] receive connection request
Sep 20 08:59:04 DietPi xrdp[1313188]: [ERROR] SSL_read: I/O error
Sep 20 08:59:04 DietPi xrdp[1313188]: [ERROR] libxrdp_force_read: header read error
Sep 20 08:59:04 DietPi xrdp[1313188]: [ERROR] Processing [ITU-T T.125] Connect-Initial failed
Sep 20 08:59:04 DietPi xrdp[1313188]: [ERROR] [MCS Connection Sequence] receive connection request failed
Sep 20 08:59:04 DietPi xrdp[1313188]: [ERROR] xrdp_sec_incoming: xrdp_mcs_incoming failed
Sep 20 08:59:04 DietPi xrdp[1313188]: [ERROR] xrdp_rdp_incoming: xrdp_sec_incoming failed
Sep 20 08:59:04 DietPi xrdp[1313188]: [ERROR] xrdp_process_main_loop: libxrdp_process_incoming failed
Sep 20 08:59:04 DietPi xrdp[1313188]: [ERROR] xrdp_iso_send: trans_write_copy_s failed
Sep 20 08:59:04 DietPi xrdp[1313188]: [DEBUG] Closed socket 12 (AF_INET6 ::ffff:192.168.1.3 port 62826)
Sep 20 08:59:04 DietPi xrdp[1313188]: [ERROR] Sending [ITU T.125] DisconnectProviderUltimatum failed
Sep 20 08:59:04 DietPi xrdp[1312992]: [INFO ] Socket 12: AF_INET6 connection received from ::ffff:10.2.181.5 port 49078
Sep 20 08:59:04 DietPi xrdp[1312992]: [DEBUG] Closed socket 12 (AF_INET6 ::ffff:192.168.1.3 port 62826)
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] Closed socket 11 (AF_INET6 :: port 62826)
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] item ini_version, value 1
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] item fork, value true
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] item port, value 62826
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] item use_vsock, value false
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] item tcp_nodelay, value true
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] item tcp_keepalive, value true
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] item security_layer, value negotiate
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] item crypt_level, value high
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] item certificate, value
Sep 20 08:59:04 DietPi xrdp[1313193]: [INFO ] Using default X.509 certificate: /etc/xrdp/cert.pem
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] item key_file, value
Sep 20 08:59:04 DietPi xrdp[1313193]: [INFO ] Using default X.509 key file: /etc/xrdp/key.pem
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] item ssl_protocols, value TLSv1.2, TLSv1.3
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] TLSv1.3 enabled
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] TLSv1.2 enabled
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] item autorun, value
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] item allow_channels, value true
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] item allow_multimon, value true
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] item bitmap_cache, value true
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] item bitmap_compression, value true
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] item bulk_compression, value true
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] item max_bpp, value 32
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] item new_cursors, value true
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] item use_fastpath, value both
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] item blue, value 009cb5
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] item grey, value dedede
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] item ls_top_window_bg_color, value e0ecf0
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] item ls_width, value 350
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] item ls_height, value 430
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] item ls_bg_color, value 59667d
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] item ls_logo_filename, value
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] item ls_logo_x_pos, value 55
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] item ls_logo_y_pos, value 50
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] item ls_label_x_pos, value 30
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] item ls_label_width, value 65
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] item ls_input_x_pos, value 110
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] item ls_input_width, value 210
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] item ls_input_y_pos, value 220
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] item ls_btn_ok_x_pos, value 142
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] item ls_btn_ok_y_pos, value 370
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] item ls_btn_ok_width, value 85
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] item ls_btn_ok_height, value 30
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] item ls_btn_cancel_x_pos, value 237
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] item ls_btn_cancel_y_pos, value 370
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] item ls_btn_cancel_width, value 85
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] item ls_btn_cancel_height, value 30
Sep 20 08:59:04 DietPi xrdp[1313193]: [INFO ] Security protocol: configured [SSL|RDP], requested [SSL|HYBRID|HYBRID_EX|RDP], selected [SSL]
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] Using TLS security, and setting RDP security crypto to LEVEL_NONE and METHOD_NONE
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] [MCS Connection Sequence] receive connection request
Sep 20 08:59:04 DietPi xrdp[1313193]: [INFO ] Connected client computer name: PCRODRIGO
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] Client supports 40 bit encryption
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] Client supports 128 bit encryption
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] Client supports 56 bit encryption
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] Client supports fips encryption
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] The connection is using TLS, skipping RDP crypto negotiation
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] Adding channel: name rdpdr, channel id 1004, flags 0x80800000
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] Adding channel: name rdpsnd, channel id 1005, flags 0xc0000000
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] Adding channel: name cliprdr, channel id 1006, flags 0xc0a00000
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] Adding channel: name drdynvc, channel id 1007, flags 0xc0800000
Sep 20 08:59:04 DietPi xrdp[1313193]: [WARN ] Received [MS-RDPBCGR] TS_UD_HEADER type 0xc006 is unknown (ignored)
Sep 20 08:59:04 DietPi xrdp[1313193]: [WARN ] Received [MS-RDPBCGR] TS_UD_HEADER type 0xc00a is unknown (ignored)
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] [MCS Connection Sequence] construct connection response
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] using no security
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] [MCS Connection Sequence] send connection response
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] [MCS Connection Sequence] receive erect domain request
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] [MCS Connection Sequence] receive attach user request
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] [MCS Connection Sequence] send attach user confirm
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] [MCS Connection Sequence (TLS)] receive channel join request
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] [MCS Connection Sequence (TLS)] send channel join confirm
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] [MCS Connection Sequence (TLS)] receive channel join request
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] [MCS Connection Sequence (TLS)] send channel join confirm
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] [MCS Connection Sequence (TLS)] receive channel join request
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] [MCS Connection Sequence (TLS)] send channel join confirm
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] [MCS Connection Sequence (TLS)] receive channel join request
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] [MCS Connection Sequence (TLS)] send channel join confirm
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] [MCS Connection Sequence (TLS)] receive channel join request
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] [MCS Connection Sequence (TLS)] send channel join confirm
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] [MCS Connection Sequence (TLS)] receive channel join request
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] [MCS Connection Sequence (TLS)] send channel join confirm
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] [MCS Connection Sequence (TLS)] completed
Sep 20 08:59:04 DietPi xrdp[1313193]: [INFO ] xrdp_load_keyboard_layout: Keyboard information sent by the RDP client, keyboard_type:[0x04], keyboard_subtype:[0x00], keylayout:[0x0000040A]
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] keyboard_cfg_file /etc/xrdp/xrdp_keyboard.ini
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] xrdp_load_keyboard_layout: item rdp_layout_us value 0x00000409
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] xrdp_load_keyboard_layout: skipping configuration item - rdp_layout_us, continuing to next section
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] xrdp_load_keyboard_layout: item rdp_layout_us value us
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] xrdp_load_keyboard_layout: skipping configuration item - rdp_layout_us, continuing to next section
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] xrdp_load_keyboard_layout: item keyboard_type value 4
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] xrdp_load_keyboard_layout: item keyboard_subtype value 3
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] xrdp_load_keyboard_layout: item keyboard_type value 7
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] xrdp_load_keyboard_layout: item keyboard_subtype value 2
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] xrdp_load_keyboard_layout: item model value pc105
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] xrdp_load_keyboard_layout: item rdp_layouts value default_rdp_layouts
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] xrdp_load_keyboard_layout: item layouts_map value default_layouts_map
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] xrdp_load_keyboard_layout: item rdp_layout_us value us
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] xrdp_load_keyboard_layout: skipping configuration item - rdp_layout_us, continuing to next section
Sep 20 08:59:04 DietPi xrdp[1313193]: [INFO ] xrdp_load_keyboard_layout: model [] variant [] layout [es] options []
Sep 20 08:59:04 DietPi xrdp[1313193]: [INFO ] TLS connection established from ::ffff:10.2.181.5 port 49078: TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] Client requested compression enabled.
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] Client supplied domain:
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] Client supplied username:
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] Client supplied password: <omitted from log>
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] Client supplied program:
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] Client supplied directory:
Sep 20 08:59:04 DietPi xrdp[1313193]: [INFO ] xrdp_caps_process_pointer: client supports new(color) cursor
Sep 20 08:59:04 DietPi xrdp[1313193]: [INFO ] xrdp_process_offscreen_bmpcache: support level 1 cache size 5242880 MB cache entries 100
Sep 20 08:59:04 DietPi xrdp[1313193]: [INFO ] xrdp_caps_process_codecs: nscodec, codec id 1, properties len 3
Sep 20 08:59:04 DietPi xrdp[1313193]: [WARN ] xrdp_caps_process_codecs: unknown codec id 5
Sep 20 08:59:04 DietPi xrdp[1313193]: [INFO ] xrdp_caps_process_codecs: RemoteFX, codec id 3, properties len 49
Sep 20 08:59:04 DietPi xrdp[1313193]: [DEBUG] xrdp_001409a9_wm_login_state_event_00000001
Sep 20 08:59:05 DietPi xrdp[1313193]: [INFO ] Loading keymap file /etc/xrdp/km-0000040a.ini
Sep 20 08:59:05 DietPi xrdp[1313193]: [WARN ] local keymap file for 0x0000040a found and doesn't match built in keymap, using local keymap file
Sep 20 08:59:05 DietPi xrdp[1313193]: [DEBUG] Login state change request WMLS_RESET -> WMLS_RESET
Sep 20 08:59:05 DietPi xrdp[1313193]: [DEBUG] xrdp_wm_login_mode_changed: login_mode is 0
Sep 20 08:59:05 DietPi xrdp[1313193]: [DEBUG] Login state change request WMLS_RESET -> WMLS_USER_PROMPT
Sep 20 08:59:05 DietPi xrdp[1313193]: [DEBUG] in xrdp_wm_init:
Sep 20 08:59:05 DietPi xrdp[1313193]: [DEBUG] ini_version:             1
Sep 20 08:59:05 DietPi xrdp[1313193]: [DEBUG] use_bitmap_cache:        1
Sep 20 08:59:05 DietPi xrdp[1313193]: [DEBUG] use_bitmap_compression:  1
Sep 20 08:59:05 DietPi xrdp[1313193]: [DEBUG] port:                    62826
Sep 20 08:59:05 DietPi xrdp[1313193]: [DEBUG] crypt_level:             3
Sep 20 08:59:05 DietPi xrdp[1313193]: [DEBUG] allow_channels:          1
Sep 20 08:59:05 DietPi xrdp[1313193]: [DEBUG] max_bpp:                 32
Sep 20 08:59:05 DietPi xrdp[1313193]: [DEBUG] fork:                    1
Sep 20 08:59:05 DietPi xrdp[1313193]: [DEBUG] tcp_nodelay:             1
Sep 20 08:59:05 DietPi xrdp[1313193]: [DEBUG] tcp_keepalive:           1
Sep 20 08:59:05 DietPi xrdp[1313193]: [DEBUG] tcp_send_buffer_bytes:   0
Sep 20 08:59:05 DietPi xrdp[1313193]: [DEBUG] tcp_recv_buffer_bytes:   0
Sep 20 08:59:05 DietPi xrdp[1313193]: [DEBUG] new_cursors:             1
Sep 20 08:59:05 DietPi xrdp[1313193]: [DEBUG] allow_multimon:          1
Sep 20 08:59:05 DietPi xrdp[1313193]: [DEBUG] grey:                    14606046
Sep 20 08:59:05 DietPi xrdp[1313193]: [DEBUG] black:                   0
Sep 20 08:59:05 DietPi xrdp[1313193]: [DEBUG] dark_grey:               0
Sep 20 08:59:05 DietPi xrdp[1313193]: [DEBUG] blue:                    40117
Sep 20 08:59:05 DietPi xrdp[1313193]: [DEBUG] dark_blue:               0
Sep 20 08:59:05 DietPi xrdp[1313193]: [DEBUG] white:                   0
Sep 20 08:59:05 DietPi xrdp[1313193]: [DEBUG] red:                     0
Sep 20 08:59:05 DietPi xrdp[1313193]: [DEBUG] green:                   0
Sep 20 08:59:05 DietPi xrdp[1313193]: [DEBUG] background:              0
Sep 20 08:59:05 DietPi xrdp[1313193]: [DEBUG] autorun:
Sep 20 08:59:05 DietPi xrdp[1313193]: [DEBUG] hidelogwindow:           0
Sep 20 08:59:05 DietPi xrdp[1313193]: [DEBUG] require_credentials:     0
Sep 20 08:59:05 DietPi xrdp[1313193]: [DEBUG] bulk_compression:        1
Sep 20 08:59:05 DietPi xrdp[1313193]: [DEBUG] new_cursors:             1
Sep 20 08:59:05 DietPi xrdp[1313193]: [DEBUG] nego_sec_layer:          0
Sep 20 08:59:05 DietPi xrdp[1313193]: [DEBUG] allow_multimon:          1
Sep 20 08:59:05 DietPi xrdp[1313193]: [DEBUG] enable_token_login:      0
Sep 20 08:59:05 DietPi xrdp[1313193]: [DEBUG] ls_top_window_bg_color:  e77e
Sep 20 08:59:05 DietPi xrdp[1313193]: [DEBUG] ls_width:                350
Sep 20 08:59:05 DietPi xrdp[1313193]: [DEBUG] ls_height:               430
Sep 20 08:59:05 DietPi xrdp[1313193]: [DEBUG] ls_bg_color:             5b2f
Sep 20 08:59:05 DietPi xrdp[1313193]: [DEBUG] ls_title:
Sep 20 08:59:05 DietPi xrdp[1313193]: [DEBUG] ls_logo_filename:
Sep 20 08:59:05 DietPi xrdp[1313193]: [DEBUG] ls_logo_x_pos:           55
Sep 20 08:59:05 DietPi xrdp[1313193]: [DEBUG] ls_logo_y_pos:           50
Sep 20 08:59:05 DietPi xrdp[1313193]: [DEBUG] ls_label_x_pos:          30
Sep 20 08:59:05 DietPi xrdp[1313193]: [DEBUG] ls_label_width:          65
Sep 20 08:59:05 DietPi xrdp[1313193]: [DEBUG] ls_input_x_pos:          110
Sep 20 08:59:05 DietPi xrdp[1313193]: [DEBUG] ls_input_width:          210
Sep 20 08:59:05 DietPi xrdp[1313193]: [DEBUG] ls_input_y_pos:          220
Sep 20 08:59:05 DietPi xrdp[1313193]: [DEBUG] ls_btn_ok_x_pos:         142
Sep 20 08:59:05 DietPi xrdp[1313193]: [DEBUG] ls_btn_ok_y_pos:         370
Sep 20 08:59:05 DietPi xrdp[1313193]: [DEBUG] ls_btn_ok_width:         85
Sep 20 08:59:05 DietPi xrdp[1313193]: [DEBUG] ls_btn_ok_height:        30
Sep 20 08:59:05 DietPi xrdp[1313193]: [DEBUG] ls_btn_cancel_x_pos:     237
Sep 20 08:59:05 DietPi xrdp[1313193]: [DEBUG] ls_btn_cancel_y_pos:     370
Sep 20 08:59:05 DietPi xrdp[1313193]: [DEBUG] ls_btn_cancel_width:     85
Sep 20 08:59:05 DietPi xrdp[1313193]: [DEBUG] ls_btn_cancel_height:    30
Sep 20 08:59:05 DietPi xrdp[1313193]: [DEBUG] libxrdp_query_channel - Channel 0 name rdpdr
Sep 20 08:59:05 DietPi xrdp[1313193]: [DEBUG] xrdp_wm_init: channel rdpdr channel id 0 is enabled
Sep 20 08:59:05 DietPi xrdp[1313193]: [DEBUG] Enabling channel 1004 (rdpdr)
Sep 20 08:59:05 DietPi xrdp[1313193]: [DEBUG] libxrdp_query_channel - Channel 1 name rdpsnd
Sep 20 08:59:05 DietPi xrdp[1313193]: [DEBUG] xrdp_wm_init: channel rdpsnd channel id 1 is enabled
Sep 20 08:59:05 DietPi xrdp[1313193]: [DEBUG] Enabling channel 1005 (rdpsnd)
Sep 20 08:59:05 DietPi xrdp[1313193]: [DEBUG] libxrdp_query_channel - Channel 2 name cliprdr
Sep 20 08:59:05 DietPi xrdp[1313193]: [DEBUG] xrdp_wm_init: channel cliprdr channel id 2 is enabled
Sep 20 08:59:05 DietPi xrdp[1313193]: [DEBUG] Enabling channel 1006 (cliprdr)
Sep 20 08:59:05 DietPi xrdp[1313193]: [DEBUG] libxrdp_query_channel - Channel 3 name drdynvc
Sep 20 08:59:05 DietPi xrdp[1313193]: [DEBUG] xrdp_wm_init: channel drdynvc channel id 3 is enabled
Sep 20 08:59:05 DietPi xrdp[1313193]: [DEBUG] Enabling channel 1007 (drdynvc)
Sep 20 08:59:05 DietPi xrdp[1313193]: [DEBUG]    xrdp_wm_init: no autologin / auto run detected, draw login window
Sep 20 08:59:05 DietPi xrdp[1313193]: [DEBUG] Login state change request WMLS_USER_PROMPT -> WMLS_USER_PROMPT
Sep 20 08:59:05 DietPi xrdp[1313193]: [DEBUG] out xrdp_wm_init:
Sep 20 08:59:05 DietPi xrdp[1313193]: [DEBUG] xrdp_wm_login_mode_changed: login_mode is 1
Sep 20 08:59:09 DietPi xrdp[1313193]: [DEBUG] Login state change request WMLS_USER_PROMPT -> WMLS_START_CONNECT
Sep 20 08:59:09 DietPi xrdp[1313193]: [DEBUG] xrdp_wm_login_mode_changed: login_mode is 2
Sep 20 08:59:09 DietPi xrdp[1313193]: [DEBUG] Login state change request WMLS_START_CONNECT -> WMLS_CONNECT_IN_PROGRESS
Sep 20 08:59:09 DietPi xrdp[1313193]: [DEBUG] xrdp_wm_log_msg: connecting to sesman on 127.0.0.1:3350
Sep 20 08:59:09 DietPi xrdp[1313193]: [INFO ] connecting to sesman on 127.0.0.1:3350
Sep 20 08:59:09 DietPi xrdp[1313193]: [INFO ] xrdp_wm_log_msg: sesman connect ok
Sep 20 08:59:09 DietPi xrdp[1313193]: [INFO ] sesman connect ok
Sep 20 08:59:09 DietPi xrdp[1313193]: [DEBUG] xrdp_wm_log_msg: sending login info to session manager. Please wait...
Sep 20 08:59:09 DietPi xrdp[1313193]: [INFO ] sending login info to session manager. Please wait...
Sep 20 08:59:09 DietPi xrdp[1313193]: [DEBUG] xrdp_wm_login_mode_changed: login_mode is 3
Sep 20 08:59:10 DietPi xrdp[1313193]: [INFO ] xrdp_wm_log_msg: login failed for user dietpi
Sep 20 08:59:10 DietPi xrdp[1313193]: [INFO ] login failed for user dietpi
Sep 20 08:59:10 DietPi xrdp[1313193]: [DEBUG] Login state change request WMLS_CONNECT_IN_PROGRESS -> WMLS_INACTIVE
Sep 20 08:59:10 DietPi xrdp[1313193]: [DEBUG] xrdp_mm_module_cleanup
Sep 20 08:59:10 DietPi xrdp[1313193]: [DEBUG] status from xrdp_mm_connect() : 1
Sep 20 08:59:10 DietPi xrdp[1313193]: [DEBUG] Login state change request WMLS_INACTIVE -> WMLS_INACTIVE
Sep 20 08:59:10 DietPi xrdp[1313193]: [DEBUG] Closed socket 18 (AF_INET6 ::ffff:127.0.0.1 port 44720)
Sep 20 08:59:10 DietPi xrdp[1313193]: [DEBUG] xrdp_wm_login_mode_changed: login_mode is 5
Sep 20 08:59:12 DietPi xrdp[1313193]: [DEBUG] Login state change request WMLS_INACTIVE -> WMLS_RESET
Sep 20 08:59:12 DietPi xrdp[1313193]: [DEBUG] xrdp_wm_login_mode_changed: login_mode is 0
Sep 20 08:59:12 DietPi xrdp[1313193]: [DEBUG] Login state change request WMLS_RESET -> WMLS_USER_PROMPT
Sep 20 08:59:12 DietPi xrdp[1313193]: [DEBUG] in xrdp_wm_init:
Sep 20 08:59:12 DietPi xrdp[1313193]: [DEBUG] ini_version:             1
Sep 20 08:59:12 DietPi xrdp[1313193]: [DEBUG] use_bitmap_cache:        1
Sep 20 08:59:12 DietPi xrdp[1313193]: [DEBUG] use_bitmap_compression:  1
Sep 20 08:59:12 DietPi xrdp[1313193]: [DEBUG] port:                    62826
Sep 20 08:59:12 DietPi xrdp[1313193]: [DEBUG] crypt_level:             3
Sep 20 08:59:12 DietPi xrdp[1313193]: [DEBUG] allow_channels:          1
Sep 20 08:59:12 DietPi xrdp[1313193]: [DEBUG] max_bpp:                 32
Sep 20 08:59:12 DietPi xrdp[1313193]: [DEBUG] fork:                    1
Sep 20 08:59:12 DietPi xrdp[1313193]: [DEBUG] tcp_nodelay:             1
Sep 20 08:59:12 DietPi xrdp[1313193]: [DEBUG] tcp_keepalive:           1
Sep 20 08:59:12 DietPi xrdp[1313193]: [DEBUG] tcp_send_buffer_bytes:   0
Sep 20 08:59:12 DietPi xrdp[1313193]: [DEBUG] tcp_recv_buffer_bytes:   0
Sep 20 08:59:12 DietPi xrdp[1313193]: [DEBUG] new_cursors:             1
Sep 20 08:59:12 DietPi xrdp[1313193]: [DEBUG] allow_multimon:          1
Sep 20 08:59:12 DietPi xrdp[1313193]: [DEBUG] grey:                    14606046
Sep 20 08:59:12 DietPi xrdp[1313193]: [DEBUG] black:                   0
Sep 20 08:59:12 DietPi xrdp[1313193]: [DEBUG] dark_grey:               0
Sep 20 08:59:12 DietPi xrdp[1313193]: [DEBUG] blue:                    40117
Sep 20 08:59:12 DietPi xrdp[1313193]: [DEBUG] dark_blue:               0
Sep 20 08:59:12 DietPi xrdp[1313193]: [DEBUG] white:                   0
Sep 20 08:59:12 DietPi xrdp[1313193]: [DEBUG] red:                     0
Sep 20 08:59:12 DietPi xrdp[1313193]: [DEBUG] green:                   0
Sep 20 08:59:12 DietPi xrdp[1313193]: [DEBUG] background:              0
Sep 20 08:59:12 DietPi xrdp[1313193]: [DEBUG] autorun:
Sep 20 08:59:12 DietPi xrdp[1313193]: [DEBUG] hidelogwindow:           0
Sep 20 08:59:12 DietPi xrdp[1313193]: [DEBUG] require_credentials:     0
Sep 20 08:59:12 DietPi xrdp[1313193]: [DEBUG] bulk_compression:        1
Sep 20 08:59:12 DietPi xrdp[1313193]: [DEBUG] new_cursors:             1
Sep 20 08:59:12 DietPi xrdp[1313193]: [DEBUG] nego_sec_layer:          0
Sep 20 08:59:12 DietPi xrdp[1313193]: [DEBUG] allow_multimon:          1
Sep 20 08:59:12 DietPi xrdp[1313193]: [DEBUG] enable_token_login:      0
Sep 20 08:59:12 DietPi xrdp[1313193]: [DEBUG] ls_top_window_bg_color:  e77e
Sep 20 08:59:12 DietPi xrdp[1313193]: [DEBUG] ls_width:                350
Sep 20 08:59:12 DietPi xrdp[1313193]: [DEBUG] ls_height:               430
Sep 20 08:59:12 DietPi xrdp[1313193]: [DEBUG] ls_bg_color:             5b2f
Sep 20 08:59:12 DietPi xrdp[1313193]: [DEBUG] ls_title:
Sep 20 08:59:12 DietPi xrdp[1313193]: [DEBUG] ls_logo_filename:
Sep 20 08:59:12 DietPi xrdp[1313193]: [DEBUG] ls_logo_x_pos:           55
Sep 20 08:59:12 DietPi xrdp[1313193]: [DEBUG] ls_logo_y_pos:           50
Sep 20 08:59:12 DietPi xrdp[1313193]: [DEBUG] ls_label_x_pos:          30
Sep 20 08:59:12 DietPi xrdp[1313193]: [DEBUG] ls_label_width:          65
Sep 20 08:59:12 DietPi xrdp[1313193]: [DEBUG] ls_input_x_pos:          110
Sep 20 08:59:12 DietPi xrdp[1313193]: [DEBUG] ls_input_width:          210
Sep 20 08:59:12 DietPi xrdp[1313193]: [DEBUG] ls_input_y_pos:          220
Sep 20 08:59:12 DietPi xrdp[1313193]: [DEBUG] ls_btn_ok_x_pos:         142
Sep 20 08:59:12 DietPi xrdp[1313193]: [DEBUG] ls_btn_ok_y_pos:         370
Sep 20 08:59:12 DietPi xrdp[1313193]: [DEBUG] ls_btn_ok_width:         85
Sep 20 08:59:12 DietPi xrdp[1313193]: [DEBUG] ls_btn_ok_height:        30
Sep 20 08:59:12 DietPi xrdp[1313193]: [DEBUG] ls_btn_cancel_x_pos:     237
Sep 20 08:59:12 DietPi xrdp[1313193]: [DEBUG] ls_btn_cancel_y_pos:     370
Sep 20 08:59:12 DietPi xrdp[1313193]: [DEBUG] ls_btn_cancel_width:     85
Sep 20 08:59:12 DietPi xrdp[1313193]: [DEBUG] ls_btn_cancel_height:    30
Sep 20 08:59:12 DietPi xrdp[1313193]: [DEBUG] libxrdp_query_channel - Channel 0 name rdpdr
Sep 20 08:59:12 DietPi xrdp[1313193]: [DEBUG] xrdp_wm_init: channel rdpdr channel id 0 is enabled
Sep 20 08:59:12 DietPi xrdp[1313193]: [DEBUG] Enabling channel 1004 (rdpdr)
Sep 20 08:59:12 DietPi xrdp[1313193]: [DEBUG] libxrdp_query_channel - Channel 1 name rdpsnd
Sep 20 08:59:12 DietPi xrdp[1313193]: [DEBUG] xrdp_wm_init: channel rdpsnd channel id 1 is enabled
Sep 20 08:59:12 DietPi xrdp[1313193]: [DEBUG] Enabling channel 1005 (rdpsnd)
Sep 20 08:59:12 DietPi xrdp[1313193]: [DEBUG] libxrdp_query_channel - Channel 2 name cliprdr
Sep 20 08:59:12 DietPi xrdp[1313193]: [DEBUG] xrdp_wm_init: channel cliprdr channel id 2 is enabled
Sep 20 08:59:12 DietPi xrdp[1313193]: [DEBUG] Enabling channel 1006 (cliprdr)
Sep 20 08:59:12 DietPi xrdp[1313193]: [DEBUG] libxrdp_query_channel - Channel 3 name drdynvc
Sep 20 08:59:12 DietPi xrdp[1313193]: [DEBUG] xrdp_wm_init: channel drdynvc channel id 3 is enabled
Sep 20 08:59:12 DietPi xrdp[1313193]: [DEBUG] Enabling channel 1007 (drdynvc)
Sep 20 08:59:12 DietPi xrdp[1313193]: [DEBUG]    xrdp_wm_init: no autologin / auto run detected, draw login window
Sep 20 08:59:12 DietPi xrdp[1313193]: [DEBUG] Login state change request WMLS_USER_PROMPT -> WMLS_USER_PROMPT
Sep 20 08:59:12 DietPi xrdp[1313193]: [DEBUG] out xrdp_wm_init:
Sep 20 08:59:12 DietPi xrdp[1313193]: [DEBUG] xrdp_wm_login_mode_changed: login_mode is 1
Sep 20 08:59:14 DietPi xrdp[1313193]: [DEBUG] Closed socket 12 (AF_INET6 ::ffff:192.168.1.3 port 62826)
Sep 20 08:59:14 DietPi xrdp[1313193]: [DEBUG] xrdp_mm_module_cleanup

Screenshot_20230919-231027_Escritorio_remoto_de_Microsoft

EDIT: I format the log better than before.

This is the update it came to the system: https://tracker.debian.org/news/1464392/accepted-xrdp-09211-1deb11u1-source-into-oldstable-security/

Other user having the error after the update, the proposed solution is to rebuild xorgxrdp, how can we do that @MichaIng? https://github.com/neutrinolabs/xrdp/issues/2796

Joulinar commented 1 year ago

We don't build these packages ourselves. We use upstream packages provided by Debian repository.

MichaIng commented 1 year ago

Oh, this version was not yet visible in the online database yesterday. Let me see whether I can replicate the issue.

So the issue is that XRDP is now our of sync with xorgxrdp and the letter needs to be updated by Debian.

amibumping commented 1 year ago

That's correct @MichaIng 2 options, waiting for Debian to update it or rebuilding it manually.

MichaIng commented 1 year ago

Jep, or installing TigerVNC and use Xvnc login method.

I'll try to re-assign the Debian bug report to the xorgxrdp package as the xrdp maintainer does not seem to be aware that xorgxrdp is provided by Debian as well.

amibumping commented 1 year ago

Already fixed :+1:

MichaIng commented 12 months ago

That was fast indeed. They did not pushed a new (upstream) version but backported the particular needed patch.