How to Create a FreeBSD Jail Hosting XRDP and XFCE for Remote Desktop Access
Introduction
This tutorial guides you through the process of setting up a FreeBSD jail that hosts XRDP and XFCE. This setup enables secure remote desktop access.
Prerequisites
- FreeBSD system
- Basic knowledge of FreeBSD jails using BastilleBSD
- SSH access to the FreeBSD server
Step 1: Create a New Jail with Bastille
First, we create a new jail using BastilleBSD. The following command initializes a jail named xfce with FreeBSD 14.1-RELEASE on IP 10.0.0.200:
bastille create xfce 14.1-RELEASE 10.0.0.200 bastille0
After creating the jail, modify its configuration (in a default environment, it would be /usr/local/bastille/jails/xfce/jail.conf) to enable certain features. Default configuration of xrdp needs an IPv6 address:
sysvshm = new;
allow.mount.procfs = 1;
ip6.addr = "fd12:3456:789a:1::1";
Step 2: Restart the Jail
Restart the jail to apply the new settings:
bastille restart xfce
Step 3: Install XRDP and XFCE
Access the jail's console, and install XRDP and XFCE:
bastille console xfce
pkg install xorg xrdp xfce
Step 4: Configure XRDP
Enable XRDP services by adding the following lines to your jail's /etc/rc.conf:
xrdp_enable="YES"
xrdp_sesman_enable="YES" # Enable if running xrdp-sesman on the same machine
Step 5: Modify the startwm script
Edit the /usr/local/etc/xrdp/startwm.sh file:
Uncomment exec startxfce4 to ensure XFCE is started with XRDP.
Step 6: Add a User
Create a user in the jail for remote access:
adduser
Follow the prompts to set up the user.
Step 7: Secure the Connection
Never expose the RDP port directly. Instead, use an SSH tunnel:
- Restart the jail. Establish an SSH tunnel from your local machine to the host machine of the jail, forwarding the traffic to the jail's IP address (10.0.0.200) on port 3389, which is the default port for xrdp.
- Connect to the jail using an RDP client through the tunnel.
You now have a secure, remote desktop environment using XFCE within a FreeBSD jail, accessible through an SSH tunnel. This setup is ideal for managing isolated environments or for secure, remote workspace solutions.