Start Wayland
Gnome RDP Remotely on Debian 12
HOME
This Bash script configures and starts a Gnome Remote Desktop
session for you so that you can then log in via RDP.
It does everything, including setting up of an SSL certificate, entering
your remote desktop password into your Gnome Keyring, and starting up
the the GUI session so that you can immediately log in. Warning: the
script changes settings for the RDP remote desktop user! Bookworm does
not directly support VNC under Wayland.
Instructions: Download the zipfile and create the desired remote desktop
(RDP) user on your Debian Bookworm system. SSH into your Debian system
as any user having sudo privileges and extract the zipfile into your
home directory. Perform the installation instructions described in
launch-GRD-debian.txt and then execute the script:
./launch-GRD-debian.sh ‹rdpUserName› ‹rdpUserPassword›
DebianRemoteDesktop.zip
Safety, accuracy and completeness of information provided herein is not guaranteed,
so be inspired by it but do not use it as a basis for experimentation or other actions.
Congrenation.com 2024-11-21T06:36:38.907Z
Version 20231217
Here is the script
#!/usr/bin/env bash
# This is launch-GRD-debian.sh which needs to be run by a user with sudo privileges.
# Configures then activates gnome-remote-desktop from the command line so that you can remote in.
# SSH in remotely as root or any user with sudo privileges and run this script.
# Use Windows application Remote Desktop Connection pointed to server IP Address.
################################################################################################
# Define remote desktop user #
################################################################################################
# Fill in the variables below if a default user is wanted:
SESSION_USER="admin"
SESSION_PASS="guessme"
RDP_USER=${SESSION_USER}
RDP_PASS=${SESSION_PASS}
#VNC_PASS=${SESSION_PASS} # VNC appears to have been disabled at compile time in Debian 12 Bookworm running Wayland.
Allow credentials to be passed on the command line as $ ./thisscript username password
if [ $# -eq 2 ]; then SESSION_USER="$1" SESSION_PASS="$2" RDP_USER=${SESSION_USER} RDP_PASS=${SESSION_PASS}
elif [ $# -gt 0 ]; then echo $'Usage: <UserName> <PassWord>'; exit 1
elif test "${SESSION_USER}"; then echo $'\nDefault UserName and PassWord are assumed!'
else echo $'Usage: <UserName> <PassWord>\nOr set defaults within script'; exit 1
fi
################################################################################################
# Log the user into Gnome #
################################################################################################
# Create temporary desktop session configuration file having permissions 644.
echo -e "[daemon]\nAutomaticLogin=${SESSION_USER}\nAutomaticLoginEnable=true" | sudo tee /run/gdm3/custom.conf > /dev/null
echo $'\nCreated /run/gdm3/custom.conf containing:'
cat /run/gdm3/custom.conf
# Start Gnome Desktop Manager now. It runs as root.
#sudo loginctl unlock-sessions # Deactivate screen lock if necessary.
sudo systemctl --no-pager restart gdm3
echo $'\nRestarted gdm3:'
sleep 9
# This needs some time and hopefully it is a Gnome session using Wayland.
ps xua | grep -v grep | grep gdm3
systemctl --no-pager --system status gdm3.service
# We should now have an local auto-login GUI session for the remote desktop user.
echo $'\nCurrently running sessions:'
loginctl list-sessions | grep ' seat[0-9] '
################################################################################################
# The session D-Bus ought to be running now #
################################################################################################
echo $'\nD-Bus session daemon:'
DSBA="unix:path=/run/user/$(id -u ${SESSION_USER})/bus"
ps xuU ${SESSION_USER} | grep -v grep | grep dbus-daemon
sudo DBUS_SESSION_BUS_ADDRESS=${DSBA} systemctl --no-pager --machine=${SESSION_USER}@.host --user status dbus.service
sudo DBUS_SESSION_BUS_ADDRESS=${DSBA} systemctl --no-pager --machine=${SESSION_USER}@.host --user status dbus.socket
################################################################################################
# Disable screen lock timeout to prevent remote desktop lockouts #
################################################################################################
sudo -i -u ${SESSION_USER} DBUS_SESSION_BUS_ADDRESS=${DSBA} gsettings set org.gnome.desktop.session idle-delay 0
echo -n $'\nIdle Delay has been set to :'
sudo -i -u ${SESSION_USER} DBUS_SESSION_BUS_ADDRESS=${DSBA} gsettings get org.gnome.desktop.session idle-delay
################################################################################################
# Unlock Gnome Keyring #
################################################################################################
# We should not need to kill any running keyrings:
#sudo killall -w -q gnome-keyring-daemon
#sudo killall -w -q -u ${SESSION_USER} gnome-keyring-daemon
#unset GNOME_KEYRING_CONTROL # Probably not present in the first place
# The next step stopped working in 2023:
#eval $(echo -n ${SESSION_PASS} | gnome-keyring-daemon --daemonize --login | sed -e 's/^/export /')
echo $'\nRelaunching and unlocking gnome-keyring-daemon:'
# Command to relaunch and unlock the keyring when logged in as the keyring owner:
#GKEV=$(echo -n ${SESSION_PASS} | gnome-keyring-daemon -C /run/user/$(id -u ${SESSION_USER})/keyring -r --unlock)
# Command to relaunch and unlock the keyring as root or a sudoer or the keyring owner:
#sudo -i -u ${SESSION_USER} SESSION_USER="${SESSION_USER}" SESSION_PASS=${SESSION_PASS} bash -c 'echo $(echo -n ${SESSION_PASS} | gnome-keyring-daemon -C /run/user/$(id -u ${SESSION_USER})/keyring -r --unlock)'
GKEV="$( sudo -i -u ${SESSION_USER} SESSION_USER=${SESSION_USER} SESSION_PASS=${SESSION_PASS} bash -c 'echo $(echo -n ${SESSION_PASS} | gnome-keyring-daemon -C /run/user/$(id -u ${SESSION_USER})/keyring -r --unlock)' )"
echo $'\nKeyring environment:\n'${GKEV}
# The above will emit GKEV='GNOME_KEYRING_CONTROL=/run/user/«UserID»/keyring SSH_AUTH_SOCK=/run/user/«UserID»/keyring/ssh'
# Print out the new keyring process, status, ID, and whether it is unlocked:
echo $'\nKeyring service:'
ps xuU ${SESSION_USER} | grep -v grep | grep gnome-keyring-daemon
sudo DBUS_SESSION_BUS_ADDRESS=${DSBA} systemctl --no-pager --machine=${SESSION_USER}@.host --user status gnome-keyring-daemon.service
sudo DBUS_SESSION_BUS_ADDRESS=${DSBA} systemctl --no-pager --machine=${SESSION_USER}@.host --user status gnome-keyring-daemon.socket
echo -n $'\nKeyRing Lock Status: '
sudo busctl --machine=${SESSION_USER}@.host --user get-property org.freedesktop.secrets /org/freedesktop/secrets/collection/login org.freedesktop.Secret.Collection Locked
################################################################################################
# Write RDP Credentials to keyring #
################################################################################################
RDP_CREDS="{'username': <'${RDP_USER}'>, 'password': <'${RDP_PASS}'>}"
sudo -i -u ${SESSION_USER} RDP_CREDS="${RDP_CREDS}" DBUS_SESSION_BUS_ADDRESS=${DSBA} bash -c 'echo -n ${RDP_CREDS} | secret-tool store --label "GRD RDP creds" xdg:schema org.gnome.RemoteDesktop.RdpCredentials'
echo $'\nCreated RDP Credentials:'
sudo -i -u ${SESSION_USER} DBUS_SESSION_BUS_ADDRESS=${DSBA} secret-tool lookup xdg:schema org.gnome.RemoteDesktop.RdpCredentials
################################################################################################
# Write VNC Password to keyring #
################################################################################################
# VNC appears to have been disabled at compile time in Debian 12 Bookworm running Wayland.
#sudo -i -u ${SESSION_USER} VNC_PASS="${VNC_PASS}" DBUS_SESSION_BUS_ADDRESS=${DSBA} bash -c 'echo -n ${VNC_PASS} | secret-tool store --label "GRD VNC pass" xdg:schema org.gnome.RemoteDesktop.VncPassword'
#echo $'\nCreated VNC Password:'
#sudo -i -u ${SESSION_USER} DBUS_SESSION_BUS_ADDRESS=${DSBA} secret-tool lookup xdg:schema org.gnome.RemoteDesktop.VncPassword
################################################################################################
# Create RDP SSL certificates if missing #
################################################################################################
# Permissions on dir gnome-remote-desktop must be drwxr-xr-x «username»:«username» 0755
# Permissions on file rdp-tls.crt must be -rw-r--r-- «username»:«username» 0644
# Permissions on file rdp-tls.key must be -rw------- «username»:«username» 0600
# Check whether certificates already exist at the specified path.
TLS_STORE=$(getent passwd ${SESSION_USER} | cut -d: -f6)/.local/share/gnome-remote-desktop
if sudo [ -e "${TLS_STORE}/rdp-tls.crt" ]; then echo $'\nFound existing crt & key:'
sudo TLS_STORE=${TLS_STORE} sh -c 'ls -l ${TLS_STORE}/*.*'
else
# Create the temporary certificate store directory in the proper location.
sudo install -d -m 0755 -o ${SESSION_USER} -g ${SESSION_USER} ${TLS_STORE}
echo $'\nCreated cert store dir: '
sudo TLS_STORE=${TLS_STORE} sh -c 'ls -ld ${TLS_STORE}'
# Create a new certificate in the store but suppress the progress characters on stderr.
sudo -i -u ${SESSION_USER} openssl req -new -newkey rsa:4096 -days 9999 -nodes -x509 -subj "/C=US/CN=GNOME" -keyout ${TLS_STORE}/rdp-tls.key -out ${TLS_STORE}/rdp-tls.crt 2> >(tr -d '*+.\-\n' 1>&2)
echo $'\nCreated crt & key:'
sudo TLS_STORE=${TLS_STORE} sh -c 'ls -l ${TLS_STORE}/*.*'
fi
# Set RDP TLS certificate path to ${TLS_STORE}/rdp-tls.crt
echo $'\nTLS crt and key Paths:'
sudo -i -u ${SESSION_USER} DBUS_SESSION_BUS_ADDRESS=${DSBA} gsettings set org.gnome.desktop.remote-desktop.rdp tls-cert ${TLS_STORE}/rdp-tls.crt
sudo -i -u ${SESSION_USER} DBUS_SESSION_BUS_ADDRESS=${DSBA} gsettings get org.gnome.desktop.remote-desktop.rdp tls-cert
# Set RDP TLS private key path to ${TLS_STORE}/rdp-tls.key
sudo -i -u ${SESSION_USER} DBUS_SESSION_BUS_ADDRESS=${DSBA} gsettings set org.gnome.desktop.remote-desktop.rdp tls-key ${TLS_STORE}/rdp-tls.key
sudo -i -u ${SESSION_USER} DBUS_SESSION_BUS_ADDRESS=${DSBA} gsettings get org.gnome.desktop.remote-desktop.rdp tls-key
################################################################################################
# Enable RDP Remote Desktop #
################################################################################################
sudo -i -u ${SESSION_USER} DBUS_SESSION_BUS_ADDRESS=${DSBA} gsettings set org.gnome.desktop.remote-desktop.rdp view-only false
echo -n $'\nRDP ViewOnly Status: '
sudo -i -u ${SESSION_USER} DBUS_SESSION_BUS_ADDRESS=${DSBA} gsettings get org.gnome.desktop.remote-desktop.rdp view-only
sudo -i -u ${SESSION_USER} DBUS_SESSION_BUS_ADDRESS=${DSBA} gsettings set org.gnome.desktop.remote-desktop.rdp enable true
echo -n $'\nRDP Enabled Status: '
sudo -i -u ${SESSION_USER} DBUS_SESSION_BUS_ADDRESS=${DSBA} gsettings get org.gnome.desktop.remote-desktop.rdp enable
################################################################################################
# Enable VNC Remote Desktop #
################################################################################################
# VNC appears to have been disabled at compile time in Debian 12 Bookworm running Wayland.
#sudo -i -u ${SESSION_USER} DBUS_SESSION_BUS_ADDRESS=${DSBA} gsettings set org.gnome.desktop.remote-desktop.vnc view-only false
#echo -n $'\nVNC ViewOnly Status: '
#sudo -i -u ${SESSION_USER} DBUS_SESSION_BUS_ADDRESS=${DSBA} gsettings get org.gnome.desktop.remote-desktop.vnc view-only
#sudo -i -u ${SESSION_USER} DBUS_SESSION_BUS_ADDRESS=${DSBA} gsettings set org.gnome.desktop.remote-desktop.vnc auth-method password
#echo -n $'\nVNC Auth Method: '
#sudo -i -u ${SESSION_USER} DBUS_SESSION_BUS_ADDRESS=${DSBA} gsettings get org.gnome.desktop.remote-desktop.vnc auth-method
#sudo -i -u ${SESSION_USER} DBUS_SESSION_BUS_ADDRESS=${DSBA} gsettings set org.gnome.desktop.remote-desktop.vnc enable true
#echo -n $'\nVNC Auth Method: '
#sudo -i -u ${SESSION_USER} DBUS_SESSION_BUS_ADDRESS=${DSBA} gsettings get org.gnome.desktop.remote-desktop.vnc enable
################################################################################################
# Start gnome-remote-desktop service #
################################################################################################
# Kill all instances with -w to prevent Failed to register: Unable to acquire bus name 'org.gnome.RemoteDesktop'
sudo killall -w -q gnome-remote-desktop-daemon
#Start it the proper way and for the correct user and orphan it.
#sudo -i -u ${SESSION_USER} export XDG_SESSION_TYPE=Wayland;
sudo DBUS_SESSION_BUS_ADDRESS=${DSBA} systemctl --no-pager --machine=${SESSION_USER}@.host --user start gnome-remote-desktop.service
echo $'\nRestarted gnome-remote-desktop-daemon:'
ps xuU ${SESSION_USER} | grep -v grep | grep gnome-remote-desktop-daemon
sudo DBUS_SESSION_BUS_ADDRESS=${DSBA} systemctl --no-pager --machine=${SESSION_USER}@.host --user status gnome-remote-desktop.service
sudo -i -u ${SESSION_USER} DBUS_SESSION_BUS_ADDRESS=${DSBA} grdctl status
################################################################################################
# Start VNC service #
################################################################################################
# VNC appears to have been disabled at compile time in Debian 12 Bookworm running Wayland.
################################################################################################
Here is the help file
Configures then activates gnome-remote-desktop from the command line so that you can remote in.
This is necessary because Wayland and Gnome do not currently support multi-seat remote access.
This is not headliess, meaning that a (dummy) monitor must be physically attached to the system.
SSH in as any admin user having sudo privileges and run:
./launch-GRD-debian.sh ‹rdpUserName› ‹rdpUserPassword›
Now RDP into the server with the above credentials.
Warning: this program changes settings for rdpUserName!
############ Installation ############
Install the secret-tool command line utility:
$ apt-install libsecret-tools
Set the user name and password variables within the script.
Execute the script as the remote user upon system startup.
############ Uninstallation ############
# Remove the passwords from the keyring if desired:
$ secret-tool clear xdg:schema org.gnome.RemoteDesktop.RdpCredentials
$ secret-tool clear xdg:schema org.gnome.RemoteDesktop.VncPassword
# Run the following as the user under which it was used:
$ gsettings set org.gnome.desktop.remote-desktop.rdp enable false
$ gsettings set org.gnome.desktop.remote-desktop.rdp view-only true
$ gsettings set org.gnome.desktop.remote-desktop.vnc enable false
$ gsettings set org.gnome.desktop.remote-desktop.vnc view-only true
$ gsettings set org.gnome.desktop.remote-desktop.vnc auth-method prompt
# The following lines are only necessary if a non-standard TLS store location was being used:
$ gsettings set org.gnome.desktop.remote-desktop.rdp tls-cert $HOME/.local/share/gnome-remote-desktop/rdp-tls.crt
$ gsettings set org.gnome.desktop.remote-desktop.rdp tls-key $HOME/.local/share/gnome-remote-desktop/rdp-tls.key
############### REMOTE DESKTOP TROUBLESHOOTING #################
1. GDM3 display manager must be configured and running.
1.1 A monitor or dummy plug must be attached to the video card or GDM3 will not run.
Alternately, a dummy monitor driver might become available for Wayland in the future.
1.2 Automatic login for the remote desktop user must be enabled:
$ loginctl list-sessions | grep ' seat[0-9] ' # Stuck at Debian-gdm login?
$ ps -aux | grep -v grep | grep gnome-remote-desktop-daemon # Not running?
Keyring is locked and so if you try to use secret-tool then you get error:
secret-tool: Cannot create an item in a locked collection
To solve the above two problems the we must set the user to "automatic login".
1.3 The Lock Screen causes remote desktop connections to abort as soon as the user authenticates and so screen lock must be disabled:
$ gsettings set 'org.gnome.desktop.session' 'idle-delay' 0
The above command must by run from the remote desktop user account.
1.4 Configuring GDM3 to initiate a specific autologin session can be done within any of the following files:
The dynamic settings file: /run/gdm3/custom.conf 644 root:root # Not normally present
Overrides the custom settings file: /etc/gdm3/custom.conf 644 root:root # Not normally present
[daemon]
AutomaticLogin=«UserName»
AutomaticLoginEnable=True
Which overrides the standard settings file: /etc/gdm3/daemon.conf 644 root:root # Normally present
[daemon] # Already present in this file by default.
AutomaticLogin=«UserName» # Added by Gnome GUI if autologin is enabled in Settings / Users / Automatic Login: On
AutomaticLoginEnable=True # Added by Gnome GUI if autologin is enabled in Settings / Users / Automatic Login: On
1.5 Then restart GDM3 and show status with: sudo systemctl restart gdm3; systemctl status gdm3
It must show that GDM3 is active and running.
2. Check to see which kinds of user sessions are running.
2.1 Show all currently running sessions:
$ loginctl list-sessions
SESSION UID USER SEAT TTY
2 1000 admin # An SSh login session
4 0 root # An SSh login session
6 1000 admin pts/1 # An SSh login session
7 1002 guest seat0 tty2 # User guest logged in at the console
8 1001 user seat0 tty3 # User user logged into Gnome
c1 115 Debian-gdm seat0 tty1 # Gnome Display Manager
2.2 Show details for one of the above line items:
$ loginctl show-session «Session» # All sorts of details
$ ps -t «TTY» -o pid,ppid,cmd # Parent process and command
3. Keyring must contain RDP credentials and be unlocked.
3.1 The credentials are stored in the Keyring of the system so we need to install the secret-tool command line utility:
$ sudo apt-get install -y libsecret-tools
3.2 Checking whether the keychain is unlocked via busctl:
$ busctl --user introspect org.freedesktop.secrets /org/freedesktop/secrets/collection/login
$ busctl --user get-property org.freedesktop.secrets /org/freedesktop/secrets/collection/login org.freedesktop.Secret.Collection Locked
3.3 Checking whether the keychain is unlocked via gdbus:
$ gdbus introspect -e -d org.freedesktop.secrets -o /org/freedesktop/secrets/collection/login
$ gdbus call -e -d org.freedesktop.secrets -o /org/freedesktop/secrets/collection/login -m org.freedesktop.DBus.Properties.Get org.freedesktop.Secret.Collection Locked
3.4 Show the RDP credentials but only if keychain is not locked:
$ secret-tool search --all xdg:schema org.gnome.RemoteDesktop.RdpCredentials
[/2]
label = GNOME Remote Desktop RDP credentials
secret = {'password': <'«Password»'>, 'username': <'«UserName»'>}
created = 2023-07-07 14:25:02
modified = 2023-07-07 21:24:17
3.5 To manually enter RDP credentials into the keyring:
$ secret-tool store -l 'GNOME Remote Desktop RDP credentials' xdg:schema org.gnome.RemoteDesktop.RdpCredentials
When prompted for secret use this format: {'username': <'«UserName»'>, 'password': <'«Password»'>}
3.6 Setting them within an unattended script using pipes:
$ printf "{'username': <'«UserName»'>, 'password': <'«Password»'>}" | secret-tool store -l 'GNOME Remote Desktop RDP credentials' xdg:schema org.gnome.RemoteDesktop.RdpCredentials
3.7 For troubleshooting we can remove the keyring password to make it unencrypted and unlocked:
Punch the Windows key and search for KeyRing.
Click the Passwords and Keys icon.
Right-click the Login item and select Change Password.
Change the password to blank meaning no password.
4. RDP service must be configured and running.
4.1 TLS certificates must be in place so the gnome-remote-desktop service can run.
Directory: gnome-remote-desktop must be drwxr-xr-x «UserName»:«UserName» 0755
File: rdp-tls.crt must be -rw-r--r-- «UserName»:«UserName» 0644
File: rdp-tls.key must be -rw------- «UserName»:«UserName» 0600
$ gsettings get org.gnome.desktop.remote-desktop.rdp tls-cert # Normally: '/home/«UserName»/.local/share/gnome-remote-desktop/rdp-tls.crt'
$ gsettings get org.gnome.desktop.remote-desktop.rdp tls-key # Normally: '/home/«UserName»/.local/share/gnome-remote-desktop/rdp-tls.key'
4.2 RDP must be enabled.
$ gsettings get org.gnome.desktop.remote-desktop.rdp enable # Must be: true
$ gsettings get org.gnome.desktop.remote-desktop.rdp view-only # Must be: false
4.3 Some useful commands are:
$ systemctl --user enable gnome-remote-desktop.service
$ systemctl --user restart gnome-remote-desktop.service
$ systemctl --user status gnome-remote-desktop.service
5. VNC service must be configured and running.
VNC appears to have been disabled at compile time in Debian 12 Bookworm running Wayland.
5.1 BNC must be enabled.
$ gsettings get org.gnome.desktop.remote-desktop.vnc enable # Must be: true
$ gsettings get org.gnome.desktop.remote-desktop.vnc view-only # Must be: false
$ gsettings get org.gnome.desktop.remote-desktop.vnc auth-method # Must be: 'password'
Refer to script to see configuration details and startup.
############### CORRECTLY RUNNING REMOTE DESKTOP DAEMONS ##################
Be logged in as the actual user to run the commands below.
They are listed in dependency sequence order.
# Process of dbus-daemon system daemon:
$ ps xuU messagebus | grep -v grep | grep dbus-daemon
messagebus 664 0.0 0.2 12328 7904 ? Ss Sep22 0:28 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
# Status of dbus-daemon system daemon:
$ systemctl --system status dbus
● dbus.service - D-Bus System Message Bus
Loaded: loaded (/lib/systemd/system/dbus.service; static)
Active: active (running) since Fri 2023-09-08 23:06:02 PDT; 2h 9min ago
TriggeredBy: ● dbus.socket
Docs: man:dbus-daemon(1)
Main PID: 611 (dbus-daemon)
Tasks: 1 (limit: 4517)
Memory: 6.1M
CPU: 1min 15.759s
CGroup: /system.slice/dbus.service
└─611 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
# Process of gdm3 system daemon:
$ ps xua | grep -v grep | grep gdm3
root 844 0.0 0.2 459200 9336 ? Ssl Sep22 0:00 /usr/sbin/gdm3
# Status of gdm3 system daemon:
$ systemctl --system status gdm3
● gdm.service - GNOME Display Manager
Loaded: loaded (/lib/systemd/system/gdm.service; static)
Active: active (running) since Tue 2023-09-19 01:33:35 PDT; 18h ago
Process: 745 ExecStartPre=/usr/share/gdm/generate-config (code=exited, status=0/SUCCESS)
Main PID: 805 (gdm3)
Tasks: 3 (limit: 4517)
Memory: 10.0M
CPU: 784ms
CGroup: /system.slice/gdm.service
└─805 /usr/sbin/gdm3
# Gnome session
$ loginctl list-sessions | grep ' seat[0-9] '
45 «UserID» «UserName» seat0 tty2
# If GDM3 is running then output will be:
c2 115 Debian-gdm seat0 tty1
# But we need a «UserName» Gnome session.
# Process of dbus-daemon session daemon:
$ ps xuU $USER | grep -v grep | grep dbus-daemon
«UserName» 3071375 0.0 0.1 10528 6228 ? Ss 12:04 0:02 /usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
«UserName» 3738635 0.0 0.1 9252 4824 ? S 16:18 0:00 /usr/bin/dbus-daemon --config-file=/usr/share/defaults/at-spi2/accessibility.conf --nofork --print-address 12 --address=unix:path=/run/user/«UserID»/at-spi/bus
# The second instance is not the Session D-Bus but rather a private D-Bus which is only used for accessibility features.
# Status of dbus-daemon session daemon:
$ systemctl --machine=$USER@.host --user status dbus
● dbus.service - D-Bus User Message Bus
Loaded: loaded (/usr/lib/systemd/user/dbus.service; static)
Active: active (running) since Tue 2023-09-19 12:03:47 PDT; 8h ago
TriggeredBy: ● dbus.socket
Docs: man:dbus-daemon(1)
Main PID: 1708847
Tasks: 31 (limit: 4517)
Memory: 47.1M
CPU: 4.321s
CGroup: /user.slice/user-«UserID».slice/user@«UserID».service/session.slice/dbus.service
├─1708847 /usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
├─1708931 /usr/libexec/goa-daemon
├─1708938 /usr/libexec/goa-identity-service
├─3049933 /usr/libexec/gnome-shell-calendar-server
├─3050012 /usr/bin/gjs /usr/share/gnome-shell/org.gnome.Shell.Notifications
├─3050209 /usr/libexec/ibus-portal
└─3050215 /usr/bin/gjs /usr/share/gnome-shell/org.gnome.ScreenSaver
# Process of gnome-keyring-daemon session daemon:
$ ps xuU $USER | grep -v grep | grep gnome-keyring-daemon
«UserName» 3738579 0.0 0.2 606076 10536 ? SLsl 16:18 0:00 /usr/bin/gnome-keyring-daemon --foreground --components=pkcs11,secrets --control-directory=/run/user/«UserID»/keyring
# Status of gnome-keyring-daemon session daemon:
$ systemctl --machine=$USER@.host --user status gnome-keyring-daemon.service
● gnome-keyring-daemon.service - GNOME Keyring daemon
Loaded: loaded (/usr/lib/systemd/user/gnome-keyring-daemon.service; enabled; preset: enabled)
Active: active (running) since Sat 2023-09-23 21:14:40 PDT; 5h 34min ago
TriggeredBy: ● gnome-keyring-daemon.socket
Main PID: 183155
Tasks: 4 (limit: 4517)
Memory: 1.5M
CPU: 649ms
CGroup: /user.slice/user-«UserID».slice/user@«UserID».service/app.slice/gnome-keyring-daemon.service
└─183155 /usr/bin/gnome-keyring-daemon --foreground --components=pkcs11,secrets --control-directory=/run/user/«UserID»/keyring
# Process of gnome-remote-desktop session daemon:
$ ps xuU $USER | grep -v grep | grep gnome-remote-desktop-daemon
«UserName» 3738580 2.6 2.1 869836 83116 ? SLsl 16:18 0:00 /usr/libexec/gnome-remote-desktop-daemon
# Status of gnome-remote-desktop session daemon:
$ systemctl --machine=$USER@.host --user status gnome-remote-desktop.service
● gnome-remote-desktop.service - GNOME Remote Desktop
Loaded: loaded (/usr/lib/systemd/user/gnome-remote-desktop.service; enabled; preset: enabled)
Active: active (running) since Tue 2023-09-19 20:26:52 PDT; 9min ago
Main PID: 3049773
Tasks: 7 (limit: 4517)
Memory: 23.2M
CPU: 434ms
CGroup: /user.slice/user-«UserID».slice/user@«UserID».service/app.slice/gnome-remote-desktop.service
└─3049773 /usr/libexec/gnome-remote-desktop-daemon
# Status of gnome-remote-desktop session service:
$ DBUS_SESSION_BUS_ADDRESS="unix:path=/run/user/$(id -u $USER)/bus" grdctl status
RDP:
Status: enabled
TLS certificate: /home/«UserName»/.local/share/gnome-remote-desktop/rdp-tls.crt
TLS key: /home/«UserName»/.local/share/gnome-remote-desktop/rdp-tls.key
View-only: no
Username: (hidden)
Password: (hidden)
############### ENVIRONMENT VARIABLES IN RUNNING SESSION #################
SHELL=/bin/bash
SESSION_MANAGER=local/zero:@/tmp/.ICE-unix/«PID»,unix/zero:/tmp/.ICE-unix/«PID»
QT_ACCESSIBILITY=1
COLORTERM=truecolor
SSH_AGENT_LAUNCHER=openssh
XDG_MENU_PREFIX=gnome-
GNOME_DESKTOP_SESSION_ID=this-is-deprecated
LANGUAGE=en_CA:en
SSH_AUTH_SOCK=/run/user/«UID»/keyring/ssh
XMODIFIERS=@im=ibus
DESKTOP_SESSION=gnome
GTK_MODULES=gail:atk-bridge
PWD=/home/«UserName»
LOGNAME=«UserName»
XDG_SESSION_DESKTOP=gnome
XDG_SESSION_TYPE=wayland
SYSTEMD_EXEC_PID=«PID»
XAUTHORITY=/run/user/«UID»/.mutter-Xwaylandauth.«magic-cookie»
IM_CONFIG_CHECK_ENV=1
GDM_LANG=en_CA.UTF-8
HOME=/home/«UserName»
USERNAME=«UserName»
IM_CONFIG_PHASE=1
LANG=en_CA.UTF-8
LS_COLORS=rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=00:su=37;41:sg=30;43:ca=00:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arc=01;31:*.arj=01;31:*.taz=01;31:*.lha=01;31:*.lz4=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.tzo=01;31:*.t7z=01;31:*.zip=01;31:*.z=01;31:*.dz=01;31:*.gz=01;31:*.lrz=01;31:*.lz=01;31:*.lzo=01;31:*.xz=01;31:*.zst=01;31:*.tzst=01;31:*.bz2=01;31:*.bz=01;31:*.tbz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.war=01;31:*.ear=01;31:*.sar=01;31:*.rar=01;31:*.alz=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.cab=01;31:*.wim=01;31:*.swm=01;31:*.dwm=01;31:*.esd=01;31:*.avif=01;35:*.jpg=01;35:*.jpeg=01;35:*.mjpg=01;35:*.mjpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.webm=01;35:*.webp=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=00;36:*.au=00;36:*.flac=00;36:*.m4a=00;36:*.mid=00;36:*.midi=00;36:*.mka=00;36:*.mp3=00;36:*.mpc=00;36:*.ogg=00;36:*.ra=00;36:*.wav=00;36:*.oga=00;36:*.opus=00;36:*.spx=00;36:*.xspf=00;36:*~=00;90:*#=00;90:*.bak=00;90:*.old=00;90:*.orig=00;90:*.part=00;90:*.rej=00;90:*.swp=00;90:*.tmp=00;90:*.dpkg-dist=00;90:*.dpkg-old=00;90:*.ucf-dist=00;90:*.ucf-new=00;90:*.ucf-old=00;90:*.rpmnew=00;90:*.rpmorig=00;90:*.rpmsave=00;90:
XDG_CURRENT_DESKTOP=GNOME
VTE_VERSION=7006
WAYLAND_DISPLAY=wayland-0
GNOME_TERMINAL_SCREEN=/org/gnome/Terminal/screen/«unique-identifier»
QTWEBENGINE_DICTIONARIES_PATH=/usr/share/hunspell-bdic/
GNOME_SETUP_DISPLAY=:1
XDG_SESSION_CLASS=user
TERM=xterm-256color
USER=«UserName»
GNOME_TERMINAL_SERVICE=:«numeric-dbus-Name»
DISPLAY=:0
SHLVL=1
QT_IM_MODULE=ibus
XDG_RUNTIME_DIR=/run/user/«UID»
XDG_DATA_DIRS=/usr/share/gnome:/home/«UserName»/.local/share/flatpak/exports/share:/var/lib/flatpak/exports/share:/usr/local/share/:/usr/share/:/var/lib/snapd/desktop
PATH=/home/«UserName»/.local/bin:/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games:/snap/bin:/home/«UserName»/.local/bin
GDMSESSION=gnome
DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/«UID»/bus
############### ORIGINAL RDP SETTINGS FOR A USER ##################
# The following must be run as the user who's profile is being modified
# All readouts shown are Gnome defaults after installation
Keyring Entry: org.gnome.RemoteDesktop.RdpCredentials
Description: GNOME Remote Desktop RDP credentials
Password: {'«UserName»': <'user'>, 'password': <'«password»'>}
Use: Saved password or login
Type: Password
$ secret-tool lookup xdg:schema org.gnome.RemoteDesktop.RdpCredentials
{'username': <'«UserName»'>, 'password': <'«password»'>}
$ gsettings list-schemas | grep remote-desktop
org.gnome.desktop.remote-desktop
org.gnome.desktop.remote-desktop.rdp
org.gnome.desktop.remote-desktop.vnc
$ gsettings list-keys org.gnome.desktop.remote-desktop.rdp
enable
screen-share-mode
tls-cert
tls-key
view-only
$ gsettings list-keys org.gnome.desktop.remote-desktop.vnc
auth-method
enable
screen-share-mode
view-only
$ gsettings get 'org.gnome.desktop.remote-desktop.rdp' 'enable'
false
$ gsettings set 'org.gnome.desktop.remote-desktop.rdp' 'enable' false
$ gsettings get 'org.gnome.desktop.remote-desktop.rdp' 'screen-share-mode'
'mirror-primary'
$ gsettings set 'org.gnome.desktop.remote-desktop.rdp' 'screen-share-mode' 'mirror-primary'
$ gsettings get 'org.gnome.desktop.remote-desktop.rdp' 'tls-cert'
'/home/«UserName»/.local/share/gnome-remote-desktop/rdp-tls.crt'
$ gsettings set 'org.gnome.desktop.remote-desktop.rdp' 'tls-cert' "$HOME/.local/share/gnome-remote-desktop/rdp-tls.crt"
$ gsettings get 'org.gnome.desktop.remote-desktop.rdp' 'tls-key'
'/home/«UserName»/.local/share/gnome-remote-desktop/rdp-tls.key'
$ gsettings set 'org.gnome.desktop.remote-desktop.rdp' 'tls-key' "$HOME/.local/share/gnome-remote-desktop/rdp-tls.key"
$ gsettings get 'org.gnome.desktop.remote-desktop.rdp' 'view-only'
true
$ gsettings set 'org.gnome.desktop.remote-desktop.rdp' 'view-only' true
TO ENABLE RDP LOG IN AS THE USER AND EXECUTE THE FOLLOWING:
echo -n "{'username': <'«UserName»'>, 'password': <'«password»'>}" | secret-tool store --label "GNOME Remote Desktop RDP credentials" xdg:schema org.gnome.RemoteDesktop.RdpCredentials
$ gsettings set 'org.gnome.desktop.remote-desktop.rdp' 'enable' true
$ gsettings set 'org.gnome.desktop.remote-desktop.rdp' 'view-only' false
################ ORIGINAL VNC SETTINGS FOR A USER ###################
# The following must be run as the user who's profile is being modified
# All readouts shown are Gnome defaults after installation.
Keyring Entry: org.gnome.RemoteDesktop.VncPassword
Description: «no entry exists by default»
Password: «no entry exists by default»
Use: «no entry exists by default»
Type: «no entry exists by default»
$ secret-tool lookup xdg:schema org.gnome.RemoteDesktop.VncPassword
«by default no entry exists so the above generates no response»
$ gsettings list-schemas | grep remote-desktop
org.gnome.desktop.remote-desktop
org.gnome.desktop.remote-desktop.rdp
org.gnome.desktop.remote-desktop.vnc
$ gsettings list-keys org.gnome.desktop.remote-desktop.vnc
auth-method
enable
screen-share-mode
view-only
$ gsettings get 'org.gnome.desktop.remote-desktop.vnc' 'auth-method'
'prompt'
$ gsettings set 'org.gnome.desktop.remote-desktop.vnc' 'auth-method' 'prompt'
$ gsettings get 'org.gnome.desktop.remote-desktop.vnc' 'enable'
false
$ gsettings set 'org.gnome.desktop.remote-desktop.vnc' 'enable' false
$ gsettings get 'org.gnome.desktop.remote-desktop.vnc' 'screen-share-mode'
'mirror-primary'
$ gsettings set 'org.gnome.desktop.remote-desktop.vnc' 'screen-share-mode' 'mirror-primary'
$ gsettings get 'org.gnome.desktop.remote-desktop.vnc' 'view-only'
true
$ gsettings set 'org.gnome.desktop.remote-desktop.vnc' 'view-only' true
TO ENABLE VNC LOG IN AS THE USER AND EXECUTE THE FOLLOWING:
# VNC appears to have been disabled at compile time in Debian 12 Bookworm
echo -n "\'guessme\'" | secret-tool store --label "GNOME Remote Desktop VNC credentials" xdg:schema org.gnome.RemoteDesktop.VncPassword
$ gsettings set org.gnome.desktop.remote-desktop.vnc auth-method password
$ gsettings set org.gnome.desktop.remote-desktop.vnc enable true
$ gsettings set org.gnome.desktop.remote-desktop.vnc view-only false
############################################################
Example how to run a command with temporary environment variables and as a specific user:
sudo -i -u ${SESSION_USER} export XDG_SESSION_TYPE=Wayland export DBUS_SESSION_BUS_ADDRESS="unix:path=/run/user/$(id -u ${SESSION_USER})/bus" bash -c 'echo "do something here"'
