sdl-freerdp - Man Page
FreeRDP SDL client
Synopsis
sdl-freerdp [file] [options] [/v:server[:port]]
Description
sdl-freerdp is an SDL Remote Desktop Protocol (RDP) client which is part of the FreeRDP project. An RDP server is built-in to many editions of Windows. Alternative servers included ogon, gnome-remote-desktop, xrdp and VRDP (VirtualBox).
Options
- /a:addin[,options], /addin:addin[,options]
Addin
- /action-script:file-name
Action script (default:~/.config/freerdp/action.sh)
- /admin, /console
Admin (or console) session
- +aero
desktop composition (default:off)
- /app:program:[path|||alias],cmd:command,file:filename,guid:guid,icon:filename,name:name,workdir:directory,hidef:[on|off]
Remote application program
- /assistance:password
Remote assistance password
- /auto-request-control:
Automatically request remote assistance input control
- +async-channels
Asynchronous channels (experimental) (default:off)
- +async-update
Asynchronous update (default:off)
- /audio-mode:mode
Audio output mode
- +auth-only
Authenticate only (default:off)
- /auth-pkg-list:!ntlm,kerberos
Authentication package filter (comma-separated list, use '!' to exclude)
- -authentication
Authentication (experimental) (default:on)
- +auto-reconnect
Automatic reconnection (default:off)
- /auto-reconnect-max-retries:retries
Automatic reconnection maximum retries, 0 for unlimited [0,1000]
- /bpp:depth
Session bpp (color depth) (default:16)
- /buildconfig
Print the build configuration
/cache:[bitmap[:on|off],codec[:rfx|nsc],glyph[:on|off],offscreen[:on|off],persist,persist-file:filename]
- /cert:[deny,ignore,name:name,tofu,fingerprint:hash:hash as hex[,fingerprint:hash:another hash]]
Certificate accept options. Use with care!
* deny ... Automatically abort connection if the certificate does not match, no user interaction.
* ignore ... Ignore the certificate checks altogether (overrules all other options)
* name ... Use the alternate <name> instead of the certificate subject to match locally stored certificates
* tofu ... Accept certificate unconditionally on first connect and deny on subsequent connections if the certificate does not match
* fingerprints ... A list of certificate hashes that are accepted unconditionally for a connection
- /client-build-number:number
Client Build Number sent to server (influences smartcard behaviour, see [MS-RDPESC])
- /client-hostname:name
Client Hostname to send to server
- /clipboard:[[use-selection:atom],[direction-to:[all|local|remote|off]],[files-to[:all|local|remote|off]]]
Redirect clipboard:
* use-selection:<atom> ... (X11) Specify which X selection to access. Default is CLIPBOARD. PRIMARY is the X-style middle-click selection.
* direction-to:[all|local|remote|off] control enabled clipboard direction
* files-to:[all|local|remote|off] control enabled file clipboard direction (default:on)
- -compression, -z
compression (default:on)
- /compression-level:level
Compression level (0,1,2)
- +credentials-delegation
credentials delegation (default:off)
- /d:domain
Domain
- -decorations
Window decorations (default:on)
- /disp
Display control
- /drive:name,path
Redirect directory <path> as named share <name>. Hotplug support is enabled with /drive:hotplug,*. This argument provides the same function as "Drives that I plug in later" option in MSTSC.
- +drives
Redirect all mount points as shares (default:off)
- /dump:record|replay,file:file[,nodelay]
record or replay dump
- /dvc:channel[,options]
Dynamic virtual channel
- /dynamic-resolution
Send resolution updates when the window is resized
- /echo, /echo
Echo channel
- -encryption
Encryption (experimental) (default:on)
- /encryption-methods:[40,][56,][128,][FIPS]
RDP standard security encryption methods
- /f
Fullscreen mode (<Ctrl>+<Alt>+<Enter> toggles fullscreen)
- +fipsmode
FIPS mode (default:off)
- /floatbar[:sticky:[on|off],default:[visible|hidden],show:[always|fullscreen|window]]
floatbar is disabled by default (when enabled defaults to sticky in fullscreen mode)
- -fonts
smooth fonts (ClearType) (default:on)
- +force-console-callbacks
Use default callbacks (console) for certificate/credential/... (default:off)
- /frame-ack:number
Number of frame acknowledgement
- /args-from:file|stdin|fd:number|env:name
Read command line from a file, stdin or file descriptor. This argument can not be combined with any other. Provide one argument per line.
- /from-stdin[:force]
Read credentials from stdin. With <force> the prompt is done before connection, otherwise on server request.
- /gateway:g:gateway[:port],u:user,d:domain,p:password,usage-method:[direct|detect],access-token:token,type:[rpc|http[,no-websockets][,extauth-sspi-ntlm]|auto[,no-websockets][,extauth-sspi-ntlm]]|arm,url:wss://url,bearer:oauth2-bearer-token, /gw:g:gateway[:port],u:user,d:domain,p:password,usage-method:[direct|detect],access-token:token,type:[rpc|http[,no-websockets][,extauth-sspi-ntlm]|auto[,no-websockets][,extauth-sspi-ntlm]]|arm,url:wss://url,bearer:oauth2-bearer-token
Gateway Hostname
- /gdi:sw|hw
GDI rendering
- /geometry
Geometry tracking channel
- +gestures
Consume multitouch input locally (default:off)
- /gfx[:[[progressive[:on|off]|RFX[:on|off]|AVC420[:on|off]AVC444[:on|off]],mask:value,small-cache[:on|off],thin-client[:on|off],progressive[:on|off],frame-ack[:on|off]]]
RDP8 graphics pipeline
- -grab-keyboard
Grab keyboard (default:on)
- -grab-mouse
Grab mouse (default:on)
- /h:height
Height (default:768)
- -heartbeat
Support heartbeat PDUs (default:on)
- /help, /?
Print help
- +home-drive
Redirect user home as share (default:off)
- /ipv4[:[:force]], /4[:[:force]]
Prefer IPv4 A record over IPv6 AAAA record
- /ipv6[:[:force]], /6[:[:force]]
Prefer IPv6 AAAA record over IPv4 A record
- /jpeg
JPEG codec support
- /jpeg-quality:percentage
JPEG quality
- /kbd:[layout:[0xid|name],lang:0xid,fn-key:value,type:value,subtype:value,unicode[:on|off],remap:key1=value1,remap:key2=value2,pipe:filename]
Keyboard related options:
* layout: set the keybouard layout announced to the server
* lang: set the keyboard language identifier sent to the server
* fn-key: Function key value
* pipe: Name of a named pipe that can be used to type text into the RDP session
- /kerberos:[kdc-url:url,lifetime:time,start-time:time,renewable-lifetime:time,cache:path,armor:path,pkinit-anchors:path,pkcs11-module:name]
Kerberos options
- /load-balance-info:info-string
Load balance info
- /list:[kbd|kbd-scancode|kbd-lang[:value]|smartcard[:[pkinit-anchors:path][,pkcs11-module:name]]|monitor|tune|timezones]
List available options for subcommand (default:List available options for subcommand)
- /log-filters:tag:level[,tag:level[,...]]
Set logger filters, see wLog(7) for details
- /log-level:[OFF|FATAL|ERROR|WARN|INFO|DEBUG|TRACE]
Set the default log level, see wLog(7) for details
- /max-fast-path-size:size
Specify maximum fast-path update size
- /max-loop-time:time
Specify maximum time in milliseconds spend treating packets
- +menu-anims
menu animations (default:off)
- /microphone[:[sys:sys,][dev:dev,][format:format,][rate:rate,][channel:channel]], /mic[:[sys:sys,][dev:dev,][format:format,][rate:rate,][channel:channel]]
Audio input (microphone)
- /monitors:id[,id[,...]]
Select monitors to use
- -mouse-motion
Send mouse motion (default:on)
- +mouse-relative
Send mouse motion with relative addressing (default:off)
- /mouse:[relative:[on|off],grab:[on|off]]
Mouse related options:
* relative: send relative mouse movements if supported by server
* grab: grab the mouse if within the window
- /multimon[:force]
Use multiple monitors
- +multitouch
Redirect multitouch input (default:off)
- -multitransport
Support multitransport protocol (default:on)
- -nego
protocol security negotiation (default:on)
- /network:[invalid|modem|broadband|broadband-low|broadband-high|wan|lan|auto]
Network connection type
- /nsc, /nscodec
NSCodec support
- /orientation:[0|90|180|270]
Orientation of display in degrees
- +old-license
Use the old license workflow (no CAL and hwId set to 0) (default:off)
- /p:password
Password
- /parallel[:name[,path]]
Redirect parallel device
- /parent-window:window-id
Parent window id
- /pcb:blob
Preconnection Blob
- /pcid:id
Preconnection Id
- /pheight:height
Physical height of display (in millimeters)
- /play-rfx:pcap-file
Replay rfx pcap file
- /port:number
Server port
- -suppress-output
suppress output when minimized (default:on)
- +print-reconnect-cookie
Print base64 reconnect cookie after connecting (default:off)
- /printer[:name[,driver]]
Redirect printer device
- /proxy:[proto://][user:password@]host[:port]
Proxy settings: override env. var (see also environment variable below). Protocol "socks5" should be given explicitly where "http" is default.
- /pth:password-hash, /pass-the-hash:password-hash
Pass the hash (restricted admin mode)
- /pwidth:width
Physical width of display (in millimeters)
- /rdp2tcp:executable path[:arg...]
TCP redirection
- /reconnect-cookie:base64-cookie
Pass base64 reconnect cookie to the connection
- /redirect-prefer:FQDN|IP|NETBIOS,[...]
Override the preferred redirection order
- /relax-order-checks, /relax-order-checks
Do not check if a RDP order was announced during capability exchange, only use when connecting to a buggy server
- /restricted-admin, /restrictedAdmin
Restricted admin mode
- /rfx
RemoteFX
- /rfx-mode:[image|video]
RemoteFX mode
- /scale:[100|140|180]
Scaling factor of the display (default:100)
- /scale-desktop:percentage
Scaling factor for desktop applications (value between 100 and 500) (default:100)
- /scale-device:100|140|180
Scaling factor for app store applications (default:100)
- /sec:[rdp[:[on|off]]|tls[:[on|off]]|nla[:[on|off]]|ext[:[on|off]]|aad[:[on|off]]]
Force specific protocol security. e.g. /sec:nla enables NLA and disables all others, while /sec:nla:[on|off] just toggles NLA
- /serial[:name[,path[,driver[,permissive]]]], /tty[:name[,path[,driver[,permissive]]]]
Redirect serial device
- /server-name:name
User-specified server name to use for validation (TLS, Kerberos)
- /shell:shell
Alternate shell
- /shell-dir:dir
Shell working directory
- /size:widthxheight or percent%[wh]
Screen size (default:1024x768)
- /smart-sizing[:widthxheight]
Scale remote desktop to window size
- /smartcard[:str[,str...]]
Redirect the smartcard devices containing any of the <str> in their names.
- /smartcard-logon[:[cert:path,key:key,pin:pin,csp:csp name,reader:reader,card:card]]
Activates Smartcard (optional certificate) Logon authentication.
- /sound[:[sys:sys,][dev:dev,][format:format,][rate:rate,][channel:channel,][latency:latency,][quality:quality]], /audio[:[sys:sys,][dev:dev,][format:format,][rate:rate,][channel:channel,][latency:latency,][quality:quality]]
Audio output (sound)
- /span
Span screen over multiple monitors
- /spn-class:service-class
SPN authentication service class
- /ssh-agent, /ssh-agent
SSH Agent forwarding channel
- /sspi-module:SSPI module path
SSPI shared library module file path
- /winscard-module:WinSCard module path
WinSCard shared library module file path
- /disable-output
Deactivate all graphics decoding in the client session. Useful for load tests with many simultaneous connections
- /t:title, /title:title
Window title
- -themes
themes (default:on)
- /timeout:time in ms, /timeout:time in ms
Advanced setting for high latency links: Adjust connection timeout, use if you encounter timeout failures with your connection (default:9000)
- /timezone:windows timezone
Use supplied windows timezone for connection (requires server support), see /list:timezones for allowed values
- /tls:[ciphers|seclevel|secrets-file|enforce]
TLS configuration options: * ciphers:[netmon|ma|<cipher names>]
* seclevel:<level>, default: 1, range: [0-5] Override the default TLS security level, might be required for older target servers
* secrets-file:<filename>
* enforce[:[ssl3|1.0|1.1|1.2|1.3]] Force use of SSL/TLS version for a connection. Some servers have a buggy TLS version negotiation and might fail without this. Defaults to TLS 1.2 if no argument is supplied. Use 1.0 for windows 7
- -toggle-fullscreen
Alt+Ctrl+Enter to toggle fullscreen (default:on)
/tune:setting:value,setting:value
[experimental] directly manipulate freerdp settings, use with extreme caution! (default:)
- /u:[[domain\]user|user[@domain]]
Username
- +unmap-buttons
Let server see real physical pointer button (default:off)
- /usb:[dbg,][id:vid:pid#...,][addr:bus:addr#...,][auto]
Redirect USB device
- /v:server[:port]
Server hostname
- /vc:channel[,options]
Static virtual channel
- /version
Print version
- /video
Video optimized remoting channel
- /prevent-session-lock[:time in sec]
Prevent session locking by injecting fake mouse motion events to the server when the connection is idle (default interval: 180 seconds)
- /vmconnect[:vmid]
Hyper-V console (use port 2179, disable negotiation)
- /w:width
Width (default:1024)
- -wallpaper
wallpaper (default:on)
- +window-drag
full window drag (default:off)
- /window-position:xposxypos
window position
- /wm-class:class-name
Set the WM_CLASS hint for the window instance
- /workarea
Use available work area
Configuration File
Format and Location:
The configuration file is stored per user.
The XDG_CONFIG_HOME environment variable can be used to override the base directory.
This defaults to ~/.config The location relative to XDG_CONFIG_HOME is $XDG_CONFIG_HOME/freerdp/sdl-freerdp.json
The configuration is stored in JSON format
Supported options:
- SDL_KeyModMask
Defines the key combination required for SDL client shortcuts.
Default KMOD_RSHIFT
An array of SDL_Keymod strings as defined at https://wiki.libsdl.org/SDL2/SDL_Keymod
- SDL_Fullscreen
Toggles client fullscreen state.
Default SDL_SCANCODE_RETURN.
A string as defined at https://wiki.libsdl.org/SDL2/SDLScancodeLookup
- SDL_Resizeable
Toggles local window resizeable state.
Default SDL_SCANCODE_R.
A string as defined at https://wiki.libsdl.org/SDL2/SDLScancodeLookup
- SDL_Grab
Toggles keyboard and mouse grab state.
Default SDL_SCANCODE_G.
A string as defined at https://wiki.libsdl.org/SDL2/SDLScancodeLookup
- SDL_Disconnect
Disconnects from the RDP session.
Default SDL_SCANCODE_D.
A string as defined at https://wiki.libsdl.org/SDL2/SDLScancodeLookup
Environment Variables
wlog environment variable
sdl-freerdp uses wLog as its log facility, you can refer to the corresponding man page (wlog(7)) for more informations. Arguments passed via the /log-level or /log-filters have precedence over the environment variables.
Examples
- sdl-freerdp connection.rdp /p:Pwd123! /f
Connect in fullscreen mode using a stored configuration connection.rdp and the password Pwd123!
- sdl-freerdp /u:USER /size:50%h /v:rdp.contoso.com
Connect to host rdp.contoso.com with user USER and a size of 50 percent of the height. If width (w) is set instead of height (h) like /size:50%w. 50 percent of the width is used.
- sdl-freerdp /u:CONTOSO\\JohnDoe /p:Pwd123! /v:rdp.contoso.com
Connect to host rdp.contoso.com with user CONTOSO\\JohnDoe and password Pwd123!
- sdl-freerdp /u:JohnDoe /p:Pwd123! /w:1366 /h:768 /v:192.168.1.100:4489
Connect to host 192.168.1.100 on port 4489 with user JohnDoe, password Pwd123!. The screen width is set to 1366 and the height to 768
- sdl-freerdp /u:JohnDoe /p:Pwd123! /vmconnect:C824F53E-95D2-46C6-9A18-23A5BB403532 /v:192.168.1.100
Establish a connection to host 192.168.1.100 with user JohnDoe, password Pwd123! and connect to Hyper-V console (use port 2179, disable negotiation) with VMID C824F53E-95D2-46C6-9A18-23A5BB403532
- +clipboard
Activate clipboard redirection
- /drive:home,/home/user
Activate drive redirection of /home/user as home drive
- /smartcard:<device>
Activate smartcard redirection for device device
- /printer:<device>,<driver>
Activate printer redirection for printer device using driver driver
- /serial:<device>
Activate serial port redirection for port device
- /parallel:<device>
Activate parallel port redirection for port device
- /sound:sys:alsa
Activate audio output redirection using device sys:alsa
- /microphone:sys:alsa
Activate audio input redirection using device sys:alsa
- /multimedia:sys:alsa
Activate multimedia redirection using device sys:alsa
- /usb:id,dev:054c:0268
Activate USB device redirection for the device identified by 054c:0268
Links
Author
The FreeRDP Team