Setup user account
apt -y update
apt -y upgrade
adduser someuser
usermod -aG sudo someuser
Setup xrdp with xfce4
sudo apt -y update
sudo apt -y upgrade
sudo apt -y install xrdp xfce4 xfce4-goodies
sudo systemctl enable xrdp
# ---
echo "xfce4-session" > ~/.xsession
D=/usr/share/xfce4:/usr/share/xubuntu:/usr/local/share
D=${D}:/usr/share:/var/lib/snapd/desktop:/usr/share
cat <<EOF > ~/.xsessionrc
export XDG_SESSION_DESKTOP=xubuntu
export XDG_DATA_DIRS=${D}
export XDG_CONFIG_DIRS=/etc/xdg/xdg-xubuntu:/etc/xdg:/etc/xdg
EOF
sudo mv /usr/bin/light-locker /usr/bin/light-locker.orig
cat <<EOF | sudo tee /usr/bin/light-locker
#!/bin/sh
# The light-locker uses XDG_SESSION_PATH provided by lightdm.
if [ ! -z "\${XDG_SESSION_PATH}" ]; then
/usr/bin/light-locker.orig
else
# Disable light-locker in XRDP.
true
fi
EOF
sudo chmod a+x /usr/bin/light-locker
You really shouldn’t leave RDP exposed to the internet. You could block it with UFW and tunnel via SSH. Or hide it behind a static IP.
ufw allow from 120.88.117.33 to any port 3389 proto tcp