Ubuntu 16.04 / xrdp latest built from GitHub
If I provide user/password in rdp client, logs in fine. If I provide user but not password, I get the "XRDP login screen"
I can't paste my password into the password text box -- I do CTRL-V and it shows only one * character. I have to type the password out. This seems like a bug?
I confirmed the issue however priority is not very high. I have lots of TODOs and issues are to be processed in order of priority.
I'm glad to merge if you fixed the issue :).
I believe this is not a bug since clipboard channel is not supposed to be supported at login screen phase.
I think even in Windows RDP server MS blocks it.
@speidy I can paste password into Windows servers at login just fine.
@metalefty understood. In theory I would fix this and submit PR, but I have no idea where to start. If you have an idea what's going on maybe you can describe it and someone else could fix it?
xrdp channel server is getting started after every session is being created
by seaman.
That's the reason why you can't paste at login window. (There is no active
session managed by seaman yet)
I think it requires too much effort for a little benefit.
It is better to invest in NLA auth instead.
On Mon, Jul 17, 2017 at 7:44 PM John Arnold notifications@github.com
wrote:
@speidy https://github.com/speidy I can paste password into Windows
servers at login just fine.@metalefty https://github.com/metalefty understood. In theory I would
fix this and submit PR, but I have no idea where to start. If you have an
idea what's going on maybe you can describe it and someone else could fix
it?—
You are receiving this because you were mentioned.Reply to this email directly, view it on GitHub
https://github.com/neutrinolabs/xrdp/issues/816#issuecomment-315806451,
or mute the thread
https://github.com/notifications/unsubscribe-auth/ADTH1EM9ZPb6EyjPzY1Oj6td8ZN9h5o1ks5sO44sgaJpZM4OYZIt
.>
Idan Freiberg
PGP FP: 8108 7EC9 806E 4980 75F2 72B3 8AD3 2D04 337B 1F18
Moreover, I think enabling more channels/capabilites for an unauthenticated user might extend the attack surface. So from security perspective I think its a bad idea.
However, you can pass the password in an .rdp file or in rdp client settings.
I think it requires too much effort for a little benefit. It is better to invest in NLA auth instead.
I agree. This is the reason I don't want to implement it by myself.
I once apply "wontfix" label but there's still chance to overturn it.
I conclude this issue "wontfix" due to following reasons.
Workaround, tested with native RDP client in Windows 7:
cmdkey /generic:YOURSERVERNAME /user:YOURUSERNAME /pass:YOURPASSWORD
mstsc /v:YOURSERVERNAME
I conclude this issue "wontfix" due to following reasons.
- It requires too much effort for a little benefit
- From security perspective, it is a bad idea
If you have 40-characters password "too much effort" will be to input it every time :grin:
Password can be passed through client.
It would be pretty easy to implement cliprdr at the login screen.
Maybe text only and paste from client to server only.
MS server even has audio channel working at login screen.
Sounds nice. Worth considering.
Most helpful comment
If you have 40-characters password "too much effort" will be to input it every time :grin: