https://c-nergy.be/blog/?p=13708

Hello World,

We are again back and ready to discuss a really minor issue/annoyance that some people have noticed when performing there remote connection using xRDP software. For some weeks now (see our previous posts), a lot of work has been done to analyse how Ubuntu 19.04 would affect the xRDP installation process and we have included our findings in the latest version of our scripts. The changes are not major but still needed to be tackle to offer an easy way to perform xRDP installation and provide the best user experience.

If you are interested in our findings, you can have a look at the following posts

The post of today will explain why xRDP logs an SSL error in its log and how this can be solved. Please not that this error is not preventing the connection and you could simply ignore the steps described in this post. However, if you are a picky user and want to get rid of this error message, you can proceed….

So, let’s go !

Issue Description

As mentioned earlier, if you have used the manual installation approach or if you have used one of our scripts (Std installation vs Custom installation), you should be able to perform your remote connection and access your beautiful Ubuntu Desktop interface. No popups should be displayed and you should be able to start working almost immediately. However, some advanced users/sysadmins have noticed that an error is thrown in the /var/log/xrdp.log file. The screenshot below shows the error that will be generated each time a user perform a remote connection (if you have not perform any additional actions)

Click on picture for better resolution

https://prod-files-secure.s3.us-west-2.amazonaws.com/ba4bc82a-1efa-4158-9734-9cbd8670c38a/b9143ee7-af6c-4331-9e4b-27d35d0b38ba/Std_install_xRDP_19.04_21.png-nggid043460-ngg0dyn-320x240x100-00f0w010c010r110f110r010t010.png

So, to understand why this error is generated, we need to have a look at the permissions on this specific file. If you open nautilus and your browse to the following location

/etc/xrdp

You will see that the folder contains indeed *the .pem files (cert.pem and key.pem)

Click on picture for better resolution

https://prod-files-secure.s3.us-west-2.amazonaws.com/ba4bc82a-1efa-4158-9734-9cbd8670c38a/dc9c816b-67a4-401d-ad51-409423a1bd4d/xrdp_ssl_err_01.png-nggid043502-ngg0dyn-320x240x100-00f0w010c010r110f110r010t010.png

Looking at the permissions for the the file /etc/xrdp/cert.pem, any user can have a read access on it. This is inline with what the /var/log/xrdp.log is telling us. xRDP can read the cert.pem file but gets an access denied on /etc/xrdp/key.pem

Click on picture for better resolution

https://prod-files-secure.s3.us-west-2.amazonaws.com/ba4bc82a-1efa-4158-9734-9cbd8670c38a/f09a2289-e277-49ae-b982-0809712758a9/xrdp_ssl_err_02.png-nggid043503-ngg0dyn-320x240x100-00f0w010c010r110f110r010t010.png

So, looking at the permissions on the file /etc/xrdp/key.pem, we can see that again, in theory, everybody should have a read access to it