SUSE Linux Enterprise Server 16.0

Configuring a Remote Desktop Server on SUSE Linux Enterprise Server 16.0

Publication Date: 24 Oct 2025

WHAT?

This article describes how to set up a GNOME remote login desktop server on SUSE Linux Enterprise Server.

WHY?

A remote desktop server can host multiple users even without dedicated graphics hardware.

EFFORT

Five minutes of configuration.

GOAL

Learn how to set up a remote login desktop server for multiple users.

REQUIREMENTS

A system with GNOME installed that acts as a remote desktop server
One or more clients to access the server via an RDP viewer

Revision History: Configuring a Remote Desktop Server on SUSE Linux Enterprise Server 16.0

1 What is GNOME Remote Desktop? #

GNOME Remote Desktop supports operating as a remote assistance remote desktop server, as a single user remote desktop server, and as a remote login desktop server. This even works headless, meaning the server does not require a graphics processing unit (GPU). This is particularly useful for servers, where a powerful system can serve multiple users without the need for graphics hardware.

GNOME Remote Desktop has two protocol back-ends, RDP and VNC. Not all modes of operation are supported with all protocol back-ends.

2 Configuring GNOME remote desktop #

This section describes how to configure GNOME Remote Desktop for integration with the GNOME Display Manager (GDM).

2.1 Introduction #

GNOME Remote Desktop supports integrating with the GNOME Display Manager to achieve remote login functionality. It works by having the remote user first authenticate with system-wide credentials to access the graphical login screen, where they can then log in using their user-specific credentials.

2.2 Requirements #

A SUSE Linux Enterprise system with the GNOME desktop environment that acts as a server. You can select GNOME during installation with Software › Change selection › GNOME Desktop Environment (Wayland). On a running system, install GNOME with zypper in -t pattern gnome.
One or more client(s) with gnome-connections, remmina or any other viewer that supports the RDP protocol.

2.3 Configuration #

The following procedure describes how to configure GNOME Remote Desktop for integration with GNOME Display Manager.

Procedure 1: Configure GNOME remote desktop #

Create a directory for the TLS encryption key and certificate:
```
> sudo -u gnome-remote-desktop mkdir -p ~/.local/share/gnome-remote-desktop/
```
The gnome-remote-desktop user is created automatically when the gnome-remote-desktop package is installed. Its home directory is /var/lib/gnome-remote-desktop.
Generate a TLS key and certificate for encryption. There are different ways to do this:
- With openssl. To generate a 4096 bit RSA key with a validity of 365 days, run:
```
> sudo -u gnome-remote-desktop openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 -subj \
  /C=COUNTRY_CODE/ST=STATE/L=LOCALITY/O=ORGANIZATION/CN=example.net \
  -out ~/.local/share/gnome-remote-desktop/tls.crt \
  -keyout ~/.local/share/gnome-remote-desktop/tls.key
```
  Replace the country code, state, locality, organization, and common name or omit parameters you do not need. For the country code, use a two-letter ISO 3166-1 alpha-2 code from https://www.iso.org/obp/ui/#search/code/.
- If you prefer an interactive command to guide you through the certificate generation, use certtool from the gnutls package:
```
> sudo zypper in gnutls
> sudo -u gnome-remote-desktop certtool --generate-privkey --outfile ~/.local/share/gnome-remote-desktop/tls.key
> sudo -u gnome-remote-desktop certtool --generate-self-signed --load-privkey  ~/.local/share/gnome-remote-desktop/tls.key
```
Configure GNOME Remote Desktop with grdctl.
1. Configure encryption for GNOME Remote Desktop:
```
> sudo grdctl --system rdp set-tls-key ~gnome-remote-desktop/.local/share/gnome-remote-desktop/tls.key
> sudo grdctl --system rdp set-tls-cert ~gnome-remote-desktop/.local/share/gnome-remote-desktop/tls.crt
```
2. Set the system credentials for accessing the login manager via RDP:
```
> sudo grdctl --system rdp set-credentials
```
  This combination of user name and password is not to be confused with the individual user credentials. The RDP system credentials are used by all users to access the GNOME Display Manager, where they can log in with their user credentials.
3. Enable the RDP protocol:
```
> sudo grdctl --system rdp enable
```

Enable and start the GNOME Remote Desktop service:

> sudo systemctl enable --now gnome-remote-desktop.service

Open the firewall for connections on the default RDP port:

> sudo firewall-cmd --permanent --add-service=rdp
> sudo firewall-cmd --reload

2.4 Summary #

You have now configured a GNOME Remote Desktop server. Connect to the system with gnome-connections, remmina or any other viewer that supports the RDP protocol.

2.5 Troubleshooting #

If you have problems connecting to the remote desktop server, please follow these steps for troubleshooting.

If you can connect to the GNOME Display Manager but have problems logging in as a user, try connecting with ssh to verify your user password.
If you can connect to the remote desktop server but GNOME Remote Desktop does not accept the system credentials for the RDP connection, you may have configured them while the service was already running. Restart it to pick up the changes:
```
> sudo systemctl restart gnome-remote-desktop.service
```

If the RDP system credentials are still not accepted, reset them:

> sudo grdctl --system rdp clear-credentials
> sudo grdctl --system rdp set-credentials
> sudo systemctl restart gnome-remote-desktop.service

If you cannot reach the remote desktop server with your RDP viewer, check if the gnome-remote-desktop service is running:
```
> sudo systemctl status gnome-remote-desktop
```
- If the service is not running, start it:
```
> sudo systemctl start gnome-remote-desktop.service
```
- If systemd warns you that the configuration of gnome-remote-desktop.service was changed, make systemd reload its configuration and restart the service:
```
> sudo systemctl daemon-reload
> sudo systemctl restart gnome-remote-desktop.service
```

Check if the GNOME Display Manager is running:

> sudo systemctl status display-manager.service

If you see any warnings, restart the display manager:

> sudo systemctl restart display-manager.service

Check that gnome-remote-desktop is listening on the default RDP port 3389:
```
> sudo ss -tulnp | grep :3389
```
Check that the firewall ports are open:
```
> sudo firewall-cmd --query-service=rdp
```
Check that the client can reach the remote desktop server.
1. If you are connecting to the server by host name, check if it is resolved correctly from the client:
```
> host SERVER_HOST_NAME
```
  If the name of the server is not resolved, try connecting to the IP address instead.
2. If the RDP viewer cannot reach the remote desktop server by IP, try pinging the server:
```
> ping -c 5 SERVER_IP
```
  If you can ping the IP address, try connecting to the remote desktop server by IP. If you cannot ping the IP address, check your network setup.

3 For more information #

More configuration examples are described in the GNOME Remote Desktop README. When the gnome-remote-desktop package is installed, this file is located in /usr/share/doc/packages/gnome-remote-desktop/README.md. It is also available online at https://github.com/GNOME/gnome-remote-desktop/blob/master/README.md.
A complete list of options for grdctl can be found in man 1 grdctl.

4 Legal Notice #

Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or (at your option) version 1.3; with the Invariant Section being this copyright notice and license. A copy of the license version 1.2 is included in the section entitled “GNU Free Documentation License”.

For SUSE trademarks, see https://www.suse.com/company/legal/. All other third-party trademarks are the property of their respective owners. Trademark symbols (®, ™ etc.) denote trademarks of SUSE and its affiliates. Asterisks (*) denote third-party trademarks.

All information found in this book has been compiled with utmost attention to detail. However, this does not guarantee complete accuracy. Neither SUSE LLC, its affiliates, the authors, nor the translators shall be held liable for possible errors or the consequences thereof.