xfreerdp - Man Page

• Connect to a FreeRDP server: xfreerdp /u:username /p:password /v:ip_address
• Connect to a FreeRDP server and activate audio output redirection using sys:alsa device: xfreerdp /u:username /p:password /v:ip_address /sound:sys:alsa
• Connect to a FreeRDP server with dynamic resolution: xfreerdp /v:ip_address /u:username /p:password /dynamic-resolution
• Connect to a FreeRDP server with clipboard redirection: xfreerdp /v:ip_address /u:username /p:password +clipboard
• Connect to a FreeRDP server ignoring any certificate checks: xfreerdp /v:ip_address /u:username /p:password /cert:ignore
• Connect to a FreeRDP server with a shared directory: xfreerdp /v:ip_address /u:username /p:password /drive:path/to/directory,share_name

tldr.sh

xfreerdp [file] [options] [/v:server[:port]]

xfreerdp is an X11 Remote Desktop Protocol (RDP) client which is part of the FreeRDP project. An RDP server is built-in to many editions of Windows. Alternative servers included ogon, gnome-remote-desktop, xrdp and VRDP (VirtualBox).

/a:addin[,options], /addin:addin[,options]

Addin

/action-script:file-name

Action script (default:~/.config/freerdp/action.sh)

/admin,  /console

Admin (or console) session

+aero

desktop composition (default:off)

/app:program:[path|||alias],cmd:command,file:filename,guid:guid,icon:filename,name:name,workdir:directory,hidef:[on|off]

Remote application program

/assistance:password

Remote assistance password

/auto-request-control:

Automatically request remote assistance input control

+async-channels

Asynchronous channels (experimental) (default:off)

+async-update

Asynchronous update (default:off)

/audio-mode:mode

Audio output mode

+auth-only

Authenticate only (default:off)

/auth-pkg-list:!ntlm,kerberos

Authentication package filter (comma-separated list, use '!' to exclude)

-authentication

Authentication (experimental) (default:on)

+auto-reconnect

Automatic reconnection (default:off)

/auto-reconnect-max-retries:retries

Automatic reconnection maximum retries, 0 for unlimited [0,1000]

/bpp:depth

Session bpp (color depth) (default:16)

/buildconfig

Print the build configuration

/cache:[bitmap[:on|off],codec[:rfx|nsc],glyph[:on|off],offscreen[:on|off],persist,persist-file:filename]

/cert:[deny,ignore,name:name,tofu,fingerprint:hash:hash as hex[,fingerprint:hash:another hash]]

Certificate accept options. Use with care!
* deny         ... Automatically abort connection if the certificate does not match, no user interaction.
* ignore       ... Ignore the certificate checks altogether (overrules all other options)
* name         ... Use the alternate <name> instead of the certificate subject to match locally stored certificates
* tofu         ... Accept certificate unconditionally on first connect and deny on subsequent connections if the certificate does not match
* fingerprints ... A list of certificate hashes that are accepted unconditionally for a connection

/client-build-number:number

Client Build Number sent to server (influences smartcard behaviour, see [MS-RDPESC])

/client-hostname:name

Client Hostname to send to server

/clipboard:[[use-selection:atom],[direction-to:[all|local|remote|off]],[files-to[:all|local|remote|off]]]

Redirect clipboard:
* use-selection:<atom>  ... (X11) Specify which X selection to access. Default is CLIPBOARD. PRIMARY is the X-style middle-click selection.
* direction-to:[all|local|remote|off] control enabled clipboard direction
* files-to:[all|local|remote|off] control enabled file clipboard direction (default:on)

-compression,  -z

compression (default:on)

/compression-level:level

Compression level (0,1,2)

+credentials-delegation

credentials delegation (default:off)

/d:domain

Domain

-decorations

Window decorations (default:on)

/disp

Display control

/drive:name,path

Redirect directory <path> as named share <name>. Hotplug support is enabled with /drive:hotplug,*. This argument provides the same function as "Drives that I plug in later" option in MSTSC.

+drives

Redirect all mount points as shares (default:off)

/dump:record|replay,file:file[,nodelay]

record or replay dump

/dvc:channel[,options]

Dynamic virtual channel

+dynamic-resolution

Send resolution updates when the window is resized (default:off)

/echo, /echo

Echo channel

-encryption

Encryption (experimental) (default:on)

/encryption-methods:[40,][56,][128,][FIPS]

RDP standard security encryption methods

/f

Fullscreen mode (<Ctrl>+<Alt>+<Enter> toggles fullscreen)

+fipsmode

FIPS mode (default:off)

/floatbar[:sticky:[on|off],default:[visible|hidden],show:[always|fullscreen|window]]

floatbar is disabled by default (when enabled defaults to sticky in fullscreen mode)

-fonts

smooth fonts (ClearType) (default:on)

+force-console-callbacks

Use default callbacks (console) for certificate/credential/... (default:off)

/frame-ack:number

Number of frame acknowledgement

/args-from:file|stdin|fd:number|env:name

Read command line from a file, stdin or file descriptor. This argument can not be combined with any other. Provide one argument per line.

/from-stdin[:force]

Read credentials from stdin. With <force> the prompt is done before connection, otherwise on server request.

/gateway:g:gateway[:port],u:user,d:domain,p:password,usage-method:[direct|detect],access-token:token,type:[rpc|http[,no-websockets][,extauth-sspi-ntlm]|auto[,no-websockets][,extauth-sspi-ntlm]]|arm,url:wss://url,bearer:oauth2-bearer-token, /gw:g:gateway[:port],u:user,d:domain,p:password,usage-method:[direct|detect],access-token:token,type:[rpc|http[,no-websockets][,extauth-sspi-ntlm]|auto[,no-websockets][,extauth-sspi-ntlm]]|arm,url:wss://url,bearer:oauth2-bearer-token

Gateway Hostname

/gdi:sw|hw

GDI rendering

/geometry

Geometry tracking channel

+gestures

Consume multitouch input locally (default:off)

/gfx[:[[progressive[:on|off]|RFX[:on|off]|AVC420[:on|off]AVC444[:on|off]],mask:value,small-cache[:on|off],thin-client[:on|off],progressive[:on|off],frame-ack[:on|off]]]

RDP8 graphics pipeline

-grab-keyboard

Grab keyboard focus, forward all keys to remote (default:on)

-grab-mouse

Grab mouse focus, forward all events to remote (default:on)

/h:height

Height (default:768)

-heartbeat

Support heartbeat PDUs (default:on)

/help,  /?

Print help

+home-drive

Redirect user home as share (default:off)

/ipv4[:[:force]], /4[:[:force]]

Prefer IPv4 A record over IPv6 AAAA record

/ipv6[:[:force]], /6[:[:force]]

Prefer IPv6 AAAA record over IPv4 A record

/jpeg

JPEG codec support

/jpeg-quality:percentage

JPEG quality

/kbd:[layout:[0xid|name],lang:0xid,fn-key:value,type:value,subtype:value,unicode[:on|off],remap:key1=value1,remap:key2=value2,pipe:filename]

Keyboard related options:
* layout: set the keybouard layout announced to the server
* lang: set the keyboard language identifier sent to the server
* fn-key: Function key value
* pipe: Name of a named pipe that can be used to type text into the RDP session

/kerberos:[kdc-url:url,lifetime:time,start-time:time,renewable-lifetime:time,cache:path,armor:path,pkinit-anchors:path,pkcs11-module:name]

Kerberos options

/load-balance-info:info-string

Load balance info

/list:[kbd|kbd-scancode|kbd-lang[:value]|smartcard[:[pkinit-anchors:path][,pkcs11-module:name]]|monitor|tune|timezones]

List available options for subcommand (default:List available options for subcommand)

/log-filters:tag:level[,tag:level[,...]]

Set logger filters, see wLog(7) for details

/log-level:[OFF|FATAL|ERROR|WARN|INFO|DEBUG|TRACE]

Set the default log level, see wLog(7) for details

/max-fast-path-size:size

Specify maximum fast-path update size

/max-loop-time:time

Specify maximum time in milliseconds spend treating packets

+menu-anims

menu animations (default:off)

/microphone[:[sys:sys,][dev:dev,][format:format,][rate:rate,][channel:channel]], /mic[:[sys:sys,][dev:dev,][format:format,][rate:rate,][channel:channel]]

Audio input (microphone)

/monitors:id[,id[,...]]

Select monitors to use

-mouse-motion

Send mouse motion (default:on)

+mouse-relative

Send mouse motion with relative addressing (default:off)

/mouse:[relative:[on|off],grab:[on|off]]

Mouse related options:
* relative:   send relative mouse movements if supported by server
* grab:       grab the mouse if within the window

/multimon[:force]

Use multiple monitors

+multitouch

Redirect multitouch input (default:off)

-multitransport

Support multitransport protocol (default:on)

-nego

protocol security negotiation (default:on)

/network:[invalid|modem|broadband|broadband-low|broadband-high|wan|lan|auto]

Network connection type

/nsc,  /nscodec

NSCodec support

/orientation:[0|90|180|270]

Orientation of display in degrees

+old-license

Use the old license workflow (no CAL and hwId set to 0) (default:off)

/p:password

Password

/parallel[:name[,path]]

Redirect parallel device

/parent-window:window-id

Parent window id

/pcb:blob

Preconnection Blob

/pcid:id

Preconnection Id

/pheight:height

Physical height of display (in millimeters)

/play-rfx:pcap-file

Replay rfx pcap file

/port:number

Server port

-suppress-output

suppress output when minimized (default:on)

+print-reconnect-cookie

Print base64 reconnect cookie after connecting (default:off)

/printer[:name[,driver]]

Redirect printer device

/proxy:[proto://][user:password@]host[:port]

Proxy settings: override env. var (see also environment variable below). Protocol "socks5" should be given explicitly where "http" is default.

/pth:password-hash, /pass-the-hash:password-hash

Pass the hash (restricted admin mode)

/pwidth:width

Physical width of display (in millimeters)

/rdp2tcp:executable path[:arg...]

TCP redirection

/reconnect-cookie:base64-cookie

Pass base64 reconnect cookie to the connection

/redirect-prefer:FQDN|IP|NETBIOS,[...]

Override the preferred redirection order

/relax-order-checks, /relax-order-checks

Do not check if a RDP order was announced during capability exchange, only use when connecting to a buggy server

/restricted-admin,  /restrictedAdmin

Restricted admin mode

/remoteGuard, /remoteGuard

Remote guard credentials

/rfx

RemoteFX

/rfx-mode:[image|video]

RemoteFX mode

/scale:[100|140|180]

Scaling factor of the display (default:100)

/scale-desktop:percentage

Scaling factor for desktop applications (value between 100 and 500) (default:100)

/scale-device:100|140|180

Scaling factor for app store applications (default:100)

/sec:[rdp[:[on|off]]|tls[:[on|off]]|nla[:[on|off]]|ext[:[on|off]]|aad[:[on|off]]]

Force specific protocol security. e.g. /sec:nla enables NLA and disables all others, while /sec:nla:[on|off] just toggles NLA

/serial[:name[,path[,driver[,permissive]]]], /tty[:name[,path[,driver[,permissive]]]]

Redirect serial device

/server-name:name

User-specified server name to use for validation (TLS, Kerberos)

/shell:shell

Alternate shell

/shell-dir:dir

Shell working directory

/size:widthxheight or percent%[wh]

Screen size (default:1024x768)

/smart-sizing[:widthxheight]

Scale remote desktop to window size

/smartcard[:str[,str...]]

Redirect the smartcard devices containing any of the <str> in their names.

/smartcard-logon[:[cert:path,key:key,pin:pin,csp:csp name,reader:reader,card:card]]

Activates Smartcard (optional certificate) Logon authentication.

/sound[:[sys:sys,][dev:dev,][format:format,][rate:rate,][channel:channel,][latency:latency,][quality:quality]], /audio[:[sys:sys,][dev:dev,][format:format,][rate:rate,][channel:channel,][latency:latency,][quality:quality]]

Audio output (sound)

/span

Span screen over multiple monitors

/spn-class:service-class

SPN authentication service class

/ssh-agent, /ssh-agent

SSH Agent forwarding channel

/sspi-module:SSPI module path

SSPI shared library module file path

/winscard-module:WinSCard module path

WinSCard shared library module file path

/disable-output

Deactivate all graphics decoding in the client session. Useful for load tests with many simultaneous connections

/t:title, /title:title

Window title

-themes

themes (default:on)

/timeout:time in ms, /timeout:time in ms

Advanced setting for high latency links: Adjust connection timeout, use if you encounter timeout failures with your connection (default:9000)

/timezone:windows timezone

Use supplied windows timezone for connection (requires server support), see /list:timezones for allowed values

/tls:[ciphers|seclevel|secrets-file|enforce]

TLS configuration options: * ciphers:[netmon|ma|<cipher names>]
* seclevel:<level>, default: 1, range: [0-5] Override the default TLS security level, might be required for older target servers
* secrets-file:<filename>
* enforce[:[ssl3|1.0|1.1|1.2|1.3]] Force use of SSL/TLS version for a connection. Some servers have a buggy TLS version negotiation and might fail without this. Defaults to TLS 1.2 if no argument is supplied. Use 1.0 for windows 7

-toggle-fullscreen

Alt+Ctrl+Enter to toggle fullscreen (default:on)

/tune:setting:value,setting:value

/u:[[domain]user|user[@domain]]

Username

+unmap-buttons

Let server see real physical pointer button (default:off)

/usb:[dbg,][id:vid:pid#...,][addr:bus:addr#...,][auto]

Redirect USB device

/v:server[:port]

Server hostname

/vc:channel[,options]

Static virtual channel

/version

Print version

/video

Video optimized remoting channel

/prevent-session-lock[:time in sec]

Prevent session locking by injecting fake mouse motion events to the server when the connection is idle (default interval: 180 seconds)

/vmconnect[:vmid]

Hyper-V console (use port 2179, disable negotiation)

/w:width

Width (default:1024)

-wallpaper

wallpaper (default:on)

+window-drag

full window drag (default:off)

/window-position:xposxypos

window position

/wm-class:class-name

Set the WM_CLASS hint for the window instance

/workarea

Use available work area

<Right CTRL>

releases keyboard and mouse grab

<CTRL>+<ALT>+<Return>

toggles fullscreen state of the application

<CTRL>+<ALT>+<m>

Minimizes the application

<CTRL>+<ALT>+c

toggles remote control in a remote assistance session

Action Script

executes a predefined script on key press. Should the script not exist it is ignored. Scripts can be provided at the default location $XDG_CONFIG_HOME/freerdp/action.sh or as command line argument /action:script:<path>. The script will receive the current key combination as argument. The output of the script is parsed for key-local which tells that the script used the key combination, otherwise the combination is forwarded to the remote.

wlog environment variable

Format and Location:

Supported options:

#!/bin/bash

# we got a key combination
if [ "$1" = "key" ];
then
	# we only got one argument 'key'
	# list all supported combinations with echo
	if [ $# -eq 1 ];
	then
		echo "ctrl+alt+f1"
		echo "ctrl+alt+f2"
	else
		# We want the action for a single combination
		# use 'key-local' to not forward to RDP session
		if [ "$2" = "ctrl+alt+f1" ];
		then
			echo "key-local"
		fi
		if [ "$2" = "ctrl+alt+f2" ];
		then
				echo "/usr/local/bin/somescript.sh"
		fi
	fi
fi
if [ "$1" = "xevent" ];
	then
		if [ $# -eq 1 ];
		then
			echo "FocusIn"
			echo "SelectionClear"
		else
			if [ "$2" = "SelectionNotify" ];
			then
				echo "/usr/local/bin/someprogram"
			fi
		fi
	fi

xfreerdp connection.rdp /p:Pwd123! /f

Connect in fullscreen mode using a stored configuration connection.rdp and the password Pwd123!

xfreerdp /u:USER /size:50%h /v:rdp.contoso.com

Connect to host rdp.contoso.com with user USER and a size of 50 percent of the height. If width (w) is set instead of height (h) like /size:50%w. 50 percent of the width is used.

xfreerdp /u:CONTOSO\\JohnDoe /p:Pwd123! /v:rdp.contoso.com

Connect to host rdp.contoso.com with user CONTOSO\\JohnDoe and password Pwd123!

xfreerdp /u:JohnDoe /p:Pwd123! /w:1366 /h:768 /v:192.168.1.100:4489

Connect to host 192.168.1.100 on port 4489 with user JohnDoe, password Pwd123!. The screen width is set to 1366 and the height to 768

xfreerdp /u:JohnDoe /p:Pwd123! /vmconnect:C824F53E-95D2-46C6-9A18-23A5BB403532 /v:192.168.1.100

Establish a connection to host 192.168.1.100 with user JohnDoe, password Pwd123! and connect to Hyper-V console (use port 2179, disable negotiation) with VMID C824F53E-95D2-46C6-9A18-23A5BB403532

+clipboard

Activate clipboard redirection

/drive:home,/home/user

Activate drive redirection of /home/user as home drive

/smartcard:<device>

Activate smartcard redirection for device device

/printer:<device>,<driver>

Activate printer redirection for printer device using driver driver

/serial:<device>

Activate serial port redirection for port device

/parallel:<device>

Activate parallel port redirection for port device

/sound:sys:alsa

Activate audio output redirection using device sys:alsa

/microphone:sys:alsa

Activate audio input redirection using device sys:alsa

/multimedia:sys:alsa

Activate multimedia redirection using device sys:alsa

/usb:id,dev:054c:0268

Activate USB device redirection for the device identified by 054c:0268

http://www.freerdp.com/

The FreeRDP Team

wlfreerdp(1).