sdl-freerdp - Man Page

FreeRDP SDL client

Synopsis

sdl-freerdp [file] [options] [/v:server[:port]]

sdl-freerdp is an SDL Remote Desktop Protocol (RDP) client which is part of the FreeRDP project. An RDP server is built-in to many editions of Windows. Alternative servers included ogon, gnome-remote-desktop, xrdp and VRDP (VirtualBox).

Options

/a:addin[,options], /addin:addin[,options]: Addin
/action-script:file-name: Action script (default:~/.config/freerdp/action.sh)
/admin, /console: Admin (or console) session
+aero: desktop composition (default:off)
/app:program:[path|||alias],cmd:command,file:filename,guid:guid,icon:filename,name:name,workdir:directory,hidef:[on|off]: Remote application program
/assistance:password: Remote assistance password
/auto-request-control:: Automatically request remote assistance input control
+async-channels: Asynchronous channels (experimental) (default:off)
+async-update: Asynchronous update (default:off)
/audio-mode:mode: Audio output mode
+auth-only: Authenticate only (default:off)
/auth-pkg-list:!ntlm,kerberos: Authentication package filter (comma-separated list, use '!' to exclude)
-authentication: Authentication (experimental) (default:on)
+auto-reconnect: Automatic reconnection (default:off)
/auto-reconnect-max-retries:retries: Automatic reconnection maximum retries, 0 for unlimited [0,1000]
/bpp:depth: Session bpp (color depth) (default:16)
/buildconfig: Print the build configuration

/cache:[bitmap[:on|off],codec[:rfx|nsc],glyph[:on|off],offscreen[:on|off],persist,persist-file:filename]

/cert:[deny,ignore,name:name,tofu,fingerprint:hash:hash as hex[,fingerprint:hash:another hash]]: Certificate accept options. Use with care!
* deny ... Automatically abort connection if the certificate does not match, no user interaction.
* ignore ... Ignore the certificate checks altogether (overrules all other options)
* name ... Use the alternate <name> instead of the certificate subject to match locally stored certificates
* tofu ... Accept certificate unconditionally on first connect and deny on subsequent connections if the certificate does not match
* fingerprints ... A list of certificate hashes that are accepted unconditionally for a connection
/client-build-number:number: Client Build Number sent to server (influences smartcard behaviour, see [MS-RDPESC])
/client-hostname:name: Client Hostname to send to server
/clipboard:[[use-selection:atom],[direction-to:[all|local|remote|off]],[files-to[:all|local|remote|off]]]: Redirect clipboard:
* use-selection:<atom> ... (X11) Specify which X selection to access. Default is CLIPBOARD. PRIMARY is the X-style middle-click selection.
* direction-to:[all|local|remote|off] control enabled clipboard direction
* files-to:[all|local|remote|off] control enabled file clipboard direction (default:on)
-compression, -z: compression (default:on)
/compression-level:level: Compression level (0,1,2)
+credentials-delegation: credentials delegation (default:off)
/d:domain: Domain
-decorations: Window decorations (default:on)
/disp: Display control
/drive:name,path: Redirect directory <path> as named share <name>. Hotplug support is enabled with /drive:hotplug,*. This argument provides the same function as "Drives that I plug in later" option in MSTSC.
+drives: Redirect all mount points as shares (default:off)
/dump:record|replay,file:file[,nodelay]: record or replay dump
/dvc:channel[,options]: Dynamic virtual channel
+dynamic-resolution: Send resolution updates when the window is resized (default:off)
/echo, /echo: Echo channel
-encryption: Encryption (experimental) (default:on)
/encryption-methods:[40,][56,][128,][FIPS]: RDP standard security encryption methods
/f: Fullscreen mode (<Ctrl>+<Alt>+<Enter> toggles fullscreen)
+fipsmode: FIPS mode (default:off)
/floatbar[:sticky:[on|off],default:[visible|hidden],show:[always|fullscreen|window]]: floatbar is disabled by default (when enabled defaults to sticky in fullscreen mode)
-fonts: smooth fonts (ClearType) (default:on)
+force-console-callbacks: Use default callbacks (console) for certificate/credential/... (default:off)
/frame-ack:number: Number of frame acknowledgement
/args-from:file|stdin|fd:number|env:name: Read command line from a file, stdin or file descriptor. This argument can not be combined with any other. Provide one argument per line.
/from-stdin[:force]: Read credentials from stdin. With <force> the prompt is done before connection, otherwise on server request.
/gateway:g:gateway[:port],u:user,d:domain,p:password,usage-method:[direct|detect],access-token:token,type:[rpc|http[,no-websockets][,extauth-sspi-ntlm]|auto[,no-websockets][,extauth-sspi-ntlm]]|arm,url:wss://url,bearer:oauth2-bearer-token, /gw:g:gateway[:port],u:user,d:domain,p:password,usage-method:[direct|detect],access-token:token,type:[rpc|http[,no-websockets][,extauth-sspi-ntlm]|auto[,no-websockets][,extauth-sspi-ntlm]]|arm,url:wss://url,bearer:oauth2-bearer-token: Gateway Hostname
/gdi:sw|hw: GDI rendering
/geometry: Geometry tracking channel
+gestures: Consume multitouch input locally (default:off)
/gfx[:[[progressive[:on|off]|RFX[:on|off]|AVC420[:on|off]AVC444[:on|off]],mask:value,small-cache[:on|off],thin-client[:on|off],progressive[:on|off],frame-ack[:on|off]]]: RDP8 graphics pipeline
-grab-keyboard: Grab keyboard focus, forward all keys to remote (default:on)
-grab-mouse: Grab mouse focus, forward all events to remote (default:on)
/h:height: Height (default:768)
-heartbeat: Support heartbeat PDUs (default:on)
/help, /?: Print help
+home-drive: Redirect user home as share (default:off)
/ipv4[:[:force]], /4[:[:force]]: Prefer IPv4 A record over IPv6 AAAA record
/ipv6[:[:force]], /6[:[:force]]: Prefer IPv6 AAAA record over IPv4 A record
/jpeg: JPEG codec support
/jpeg-quality:percentage: JPEG quality
/kbd:[layout:[0xid|name],lang:0xid,fn-key:value,type:value,subtype:value,unicode[:on|off],remap:key1=value1,remap:key2=value2,pipe:filename]: Keyboard related options:
* layout: set the keybouard layout announced to the server
* lang: set the keyboard language identifier sent to the server
* fn-key: Function key value
* pipe: Name of a named pipe that can be used to type text into the RDP session
/kerberos:[kdc-url:url,lifetime:time,start-time:time,renewable-lifetime:time,cache:path,armor:path,pkinit-anchors:path,pkcs11-module:name]: Kerberos options
/load-balance-info:info-string: Load balance info
/list:[kbd|kbd-scancode|kbd-lang[:value]|smartcard[:[pkinit-anchors:path][,pkcs11-module:name]]|monitor|tune|timezones]: List available options for subcommand (default:List available options for subcommand)
/log-filters:tag:level[,tag:level[,...]]: Set logger filters, see wLog(7) for details
/log-level:[OFF|FATAL|ERROR|WARN|INFO|DEBUG|TRACE]: Set the default log level, see wLog(7) for details
/max-fast-path-size:size: Specify maximum fast-path update size
/max-loop-time:time: Specify maximum time in milliseconds spend treating packets
+menu-anims: menu animations (default:off)
/microphone[:[sys:sys,][dev:dev,][format:format,][rate:rate,][channel:channel]], /mic[:[sys:sys,][dev:dev,][format:format,][rate:rate,][channel:channel]]: Audio input (microphone)
/monitors:id[,id[,...]]: Select monitors to use
-mouse-motion: Send mouse motion (default:on)
+mouse-relative: Send mouse motion with relative addressing (default:off)
/mouse:[relative:[on|off],grab:[on|off]]: Mouse related options:
* relative: send relative mouse movements if supported by server
* grab: grab the mouse if within the window
/multimon[:force]: Use multiple monitors
+multitouch: Redirect multitouch input (default:off)
-multitransport: Support multitransport protocol (default:on)
-nego: protocol security negotiation (default:on)
/network:[invalid|modem|broadband|broadband-low|broadband-high|wan|lan|auto]: Network connection type
/nsc, /nscodec: NSCodec support
/orientation:[0|90|180|270]: Orientation of display in degrees
+old-license: Use the old license workflow (no CAL and hwId set to 0) (default:off)
/p:password: Password
/parallel[:name[,path]]: Redirect parallel device
/parent-window:window-id: Parent window id
/pcb:blob: Preconnection Blob
/pcid:id: Preconnection Id
/pheight:height: Physical height of display (in millimeters)
/play-rfx:pcap-file: Replay rfx pcap file
/port:number: Server port
-suppress-output: suppress output when minimized (default:on)
+print-reconnect-cookie: Print base64 reconnect cookie after connecting (default:off)
/printer[:name[,driver]]: Redirect printer device
/proxy:[proto://][user:password@]host[:port]: Proxy settings: override env. var (see also environment variable below). Protocol "socks5" should be given explicitly where "http" is default.
/pth:password-hash, /pass-the-hash:password-hash: Pass the hash (restricted admin mode)
/pwidth:width: Physical width of display (in millimeters)
/rdp2tcp:executable path[:arg...]: TCP redirection
/reconnect-cookie:base64-cookie: Pass base64 reconnect cookie to the connection
/redirect-prefer:FQDN|IP|NETBIOS,[...]: Override the preferred redirection order
/relax-order-checks, /relax-order-checks: Do not check if a RDP order was announced during capability exchange, only use when connecting to a buggy server
/restricted-admin, /restrictedAdmin: Restricted admin mode
/remoteGuard, /remoteGuard: Remote guard credentials
/rfx: RemoteFX
/rfx-mode:[image|video]: RemoteFX mode
/scale:[100|140|180]: Scaling factor of the display (default:100)
/scale-desktop:percentage: Scaling factor for desktop applications (value between 100 and 500) (default:100)
/scale-device:100|140|180: Scaling factor for app store applications (default:100)
/sec:[rdp[:[on|off]]|tls[:[on|off]]|nla[:[on|off]]|ext[:[on|off]]|aad[:[on|off]]]: Force specific protocol security. e.g. /sec:nla enables NLA and disables all others, while /sec:nla:[on|off] just toggles NLA
/serial[:name[,path[,driver[,permissive]]]], /tty[:name[,path[,driver[,permissive]]]]: Redirect serial device
/server-name:name: User-specified server name to use for validation (TLS, Kerberos)
/shell:shell: Alternate shell
/shell-dir:dir: Shell working directory
/size:widthxheight or percent%[wh]: Screen size (default:1024x768)
/smart-sizing[:widthxheight]: Scale remote desktop to window size
/smartcard[:str[,str...]]: Redirect the smartcard devices containing any of the <str> in their names.
/smartcard-logon[:[cert:path,key:key,pin:pin,csp:csp name,reader:reader,card:card]]: Activates Smartcard (optional certificate) Logon authentication.
/sound[:[sys:sys,][dev:dev,][format:format,][rate:rate,][channel:channel,][latency:latency,][quality:quality]], /audio[:[sys:sys,][dev:dev,][format:format,][rate:rate,][channel:channel,][latency:latency,][quality:quality]]: Audio output (sound)
/span: Span screen over multiple monitors
/spn-class:service-class: SPN authentication service class
/ssh-agent, /ssh-agent: SSH Agent forwarding channel
/sspi-module:SSPI module path: SSPI shared library module file path
/winscard-module:WinSCard module path: WinSCard shared library module file path
/disable-output: Deactivate all graphics decoding in the client session. Useful for load tests with many simultaneous connections
/t:title, /title:title: Window title
-themes: themes (default:on)
/timeout:time in ms, /timeout:time in ms: Advanced setting for high latency links: Adjust connection timeout, use if you encounter timeout failures with your connection (default:9000)
/timezone:windows timezone: Use supplied windows timezone for connection (requires server support), see /list:timezones for allowed values
/tls:[ciphers|seclevel|secrets-file|enforce]: TLS configuration options: * ciphers:[netmon|ma|<cipher names>]
* seclevel:<level>, default: 1, range: [0-5] Override the default TLS security level, might be required for older target servers
* secrets-file:<filename>
* enforce[:[ssl3|1.0|1.1|1.2|1.3]] Force use of SSL/TLS version for a connection. Some servers have a buggy TLS version negotiation and might fail without this. Defaults to TLS 1.2 if no argument is supplied. Use 1.0 for windows 7
-toggle-fullscreen: Alt+Ctrl+Enter to toggle fullscreen (default:on)

/tune:setting:value,setting:value

[experimental] directly manipulate freerdp settings, use with extreme caution! (default:)

/u:[[domain]user|user[@domain]]: Username
+unmap-buttons: Let server see real physical pointer button (default:off)
/usb:[dbg,][id:vid:pid#...,][addr:bus:addr#...,][auto]: Redirect USB device
/v:server[:port]: Server hostname
/vc:channel[,options]: Static virtual channel
/version: Print version
/video: Video optimized remoting channel
/prevent-session-lock[:time in sec]: Prevent session locking by injecting fake mouse motion events to the server when the connection is idle (default interval: 180 seconds)
/vmconnect[:vmid]: Hyper-V console (use port 2179, disable negotiation)
/w:width: Width (default:1024)
-wallpaper: wallpaper (default:on)
+window-drag: full window drag (default:off)
/window-position:xposxypos: window position
/wm-class:class-name: Set the WM_CLASS hint for the window instance
/workarea: Use available work area

Configuration File

Format and Location:

The configuration file is stored per user.

The XDG_CONFIG_HOME environment variable can be used to override the base directory.

This defaults to ~/.config The location relative to XDG_CONFIG_HOME is $XDG_CONFIG_HOME/freerdp/sdl-freerdp.json

The configuration is stored in JSON format

Supported options:

SDL_KeyModMask

Defines the key combination required for SDL client shortcuts.

Default KMOD_RSHIFT

An array of SDL_Keymod strings as defined at /SDL_Keymod

SDL_Fullscreen

Toggles client fullscreen state.

Default SDL_SCANCODE_RETURN.