Desktop Access for Linux

[Riprock]

Add support for remote desktop sessions on Linux with a similar browser-based flow to what we offer for Windows.

Start with an RFD that considers which protocol(s) to support (VNC, RDP via XRDP or FreeRDP, etc)

[zmb3]

See also #12023

[marcosimioni]

any news re. this @zmb3 ?

[ashleyepirus]

Is there an ETA for this feature?

[ibeckermayer]

@ashleyepirus @marcosimioni

No news at this time but I’m hoping to get into it after the big performance improvement push that’s currently underway. In the meantime you can consider using VNC over Teleport App Access

[marcosimioni]

@ashleyepirus @marcosimioni

No news at this time but I’m hoping to get into it after the big performance improvement push that’s currently underway. In the meantime you can consider using VNC over Teleport App Access

Thanks for your update!

Can you please elaborate? What do you mean with VNC over Teleport App Access? Is there an HTTPS tunneled version of VNC you are referring to, that we can proxy via teleport as a regular web app?

[zmb3]

You can use TCP App Access with an app that looks something like this:

 - name: vnc
    description: "Connect to VNC server"
    uri: "tcp://server.example.com:5900"
    insecure_skip_verify: true
    labels:
      foo: bar

Then you'd use tsh proxy app vnc and point a VNC viewer at localhost.

[shizayn]

@ibeckermayer

No news at this time but I’m hoping to get into it after the big performance improvement push that’s currently underway. In the meantime you can consider using VNC over Teleport App Access

Really keen for having xRDP supported as well!

[ibeckermayer]

@shizayn noted, thanks for the input. We haven't settled on VNC yet, adding support for xRDP would likely be easier since we already have an RDP stack integrated in Teleport.

[johansenha]

voting this feature request as well. Would love to get the integration without the VNC workaround.

[ibeckermayer]

@johansenha "without the VNC workaround" meaning you want the underlying protocol to be RDP rather than VNC?

[johansenha]

Native RDP support to connect to a Linux based distro running xrdp would be my favorite (including screen recording feature at best)

[johansenha]

Hello Team, any expectations for waiting customers on getting this feature integrated? :)

[acfranken]

Looking forward to it as well. Do you have any update?

[ibeckermayer]

There's a concrete plan for deeply researching/experimenting with xrdp auth integration from April 8-12. Ideally that turns into something in the proceeding couple of quarters, but we can't commit to that at present.

[fuzzysteve]

Any information on how that experimentation went?

[ibeckermayer]

It went pretty well, discounting XRDP specifically.

XRDP holds a lot of legacy baggage that make it difficult to integrate with Teleport's existing auth system. Currently we use a virtualized smart card to authenticate, and while there's ongoing discussion of building this in to XRDP, realistically it's beyond our control to push that timeline.

Another option could be a more standard x.509 cert-based auth integration, however XRDP's existing auth system could not presently support this. Again, there is an effort to update that piece of the system, but again it's very complex and out of our control.

All that said, if we leave XRDP out of it, we were able to develop an agent-based architecture (closer to how Teleport's SSH access typically works) which uses an existing authenticated reverse tunnel made by the agent (which is simply the present-day windows_desktop_service) to the proxy and then creates an x11-based RDP server. It would take some time to build this up to feature parity (i.e. clipboard sharing, directory sharing, etc) with our windows system, but we were able to get basic mouse + keyboard + GUI going within the few days we were working on it.

Can't make any promises about the timeline but I'm hoping we will make it the top priority for next quarter.

[andrewbks]

An x11-based RDP server option sounds worthwhile.

[waldemar-kindler]

Would an x11-based RDP server have the same performance limitations as x11?

Have you also considered something similar to KasmVNC or x2go, which both provide much better performance and native web clients?