Skip to content

Instantly share code, notes, and snippets.

@shawngmc

shawngmc/test.md

Created September 21, 2025 18:32
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save shawngmc/0cd4604c1e979025ad12b97a689a864e to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save shawngmc/0cd4604c1e979025ad12b97a689a864e to your computer and use it in GitHub Desktop.
Download ZIP
Rocky 10 RDP VM/EC2 test
Raw
test.md

Test 2: EC2

Instructions

# Install packages
sudo dnf install -y \
  freerdp \
  gnome-remote-desktop \
  gdm \
  openssl

# Handle SELinux
sudo setenforce 0
sudo sed -i 's/^SELINUX=.*/SELINUX=permissive/g' /etc/selinux/config

# There is no default firewall!

# Make certs
IP_ADDR=$(ip addr show $(ip route | awk '/default/ { print $5 }') | grep "inet " | head -n 1 | awk '{print $2}' | cut -d'/' -f1)
sudo -u gnome-remote-desktop winpr-makecert -silent -rdp -n $IP_ADDR -path ~gnome-remote-desktop rdp-tls

# Config certs
sudo grdctl --system rdp set-tls-key ~gnome-remote-desktop/rdp-tls.key
sudo grdctl --system rdp set-tls-cert ~gnome-remote-desktop/rdp-tls.crt
# RDP Certificate is invalid!

# Config auth
sudo grdctl --system rdp set-credentials

# Enable RDP Daemon in Service
sudo grdctl --system rdp enable

# Check status
sudo grdctl --system status
# Overall:
#         Unit status: activating
# RDP:
#         Status: enabled
#         Port: 3389
#         TLS certificate: /var/lib/gnome-remote-desktop/rdp-tls.crt
#         TLS fingerprint: 00:01:02:...
#         TLS key: /var/lib/gnome-remote-desktop/rdp-tls.key
#         Username: (hidden)
#         Password: (hidden)

# If we try to start now, gnome-remote-desktop times out, so...
# Reboot! 
sudo reboot now

# GDM currently needs started manually every time, because it needs the mode targeted
sudo systemctl set-default graphical.target

# Reboot! 
sudo reboot now

Test 1: Hyper-V

  • Run on a Hyper-V VM: AMD CPU
  • Must allocate sufficient RAM - recommend 4GB minimum if using dynamic memory
  • Tested with Rocky 10.0
  • Differences from EC2 env
    • Commands were entered into local TTY via Hyper-V window
    • When GDM is started or graphical target enabled, reboot moves to GDM login - this could be helping, and might not work without a local display.
    • Created from Rocky 10.0 DVD ISO. Minimal install selected - could behave differently then pre-baked AMI.

Instructions

# Install packages
sudo dnf install -y \
  freerdp \
  gnome-remote-desktop \
  gdm \
  openssl

# Handle SELinux
sudo setenforce 0
sudo sed -i 's/^SELINUX=.*/SELINUX=permissive/g' /etc/selinux/config

# Disable Firewall
sudo systemctl stop firewalld
sudo systemctl disable firewalld


# Make certs
IP_ADDR=$(ip addr show $(ip route | awk '/default/ { print $5 }') | grep "inet " | head -n 1 | awk '{print $2}' | cut -d'/' -f1)
sudo -u gnome-remote-desktop winpr-makecert -silent -rdp -n $IP_ADDR -path ~gnome-remote-desktop rdp-tls

# Config certs
grdctl --system rdp set-tls-key ~gnome-remote-desktop/rdp-tls.key
grdctl --system rdp set-tls-cert ~gnome-remote-desktop/rdp-tls.crt
# RDP Certificate is invalid!

# Config auth
grdctl --system rdp set-credentials

# Enable RDP Daemon in Service
grdctl --system rdp enable

# Check status
grdctl --system status
# Overall:
#         Unit status: activating
# RDP:
#         Status: enabled
#         Port: 3389
#         TLS certificate: /var/lib/gnome-remote-desktop/rdp-tls.crt
#         TLS fingerprint: 00:01:02:...
#         TLS key: /var/lib/gnome-remote-desktop/rdp-tls.key
#         Username: (hidden)
#         Password: (hidden)

# If we try to start now, gnome-remote-desktop times out, so...
# Reboot! 
sudo reboot now

# GDM currently needs started manually every time, because it needs the mode targeted
sudo systemctl set-default graphical.target

# Reboot! 
sudo reboot now

Sources

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment