Ubuntu
xrdp package

xrdp needs to be in ssl-cert group to read server private key

Bug #1908795 reported by John Paul Morrison on 2020-12-19

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	xrdp (Ubuntu)	Opinion	Undecided	Unassigned

xrdp installs links system certificate/private key but user xrdp can't read the key

TLS should be enabled by default xrdp but the server will still run and allow insecure connections

/etc/xrdp/key.pem -> /etc/ssl/private/ssl-cert-snakeoil.key
-rw-r----- 1 root ssl-cert 1708 Dec 11 14:52 /etc/ssl/private/ssl-cert-snakeoil.key

works if user xrdp belongs to group ssl-cert
grep xrdp /etc/group
ssl-cert:x:121:xrdp
xrdp:x:122:

xrd.ini should have the cert/key configured
certificate=/etc/xrdp/cert.pem
key_file=/etc/xrdp/key.pem

John Paul Morrison (jmorrison-w) on 2020-12-19

summary:

- xrdp needs to be in ssl-cert group to read server priate key
+ xrdp needs to be in ssl-cert group to read server private key

Seth Arnold (seth-arnold) on 2020-12-22

information type:

Private Security → Public

Revision history for this message

Lenin (gagarin) wrote on 2024-03-18:

Lenin (gagarin) on 2024-05-03

Changed in xrdp (Ubuntu):
status:	New → Opinion

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Bug watches keep track of this bug in other bug trackers.