RDP (remote desktop) with public/private keys and without password


aag

Member
Local time
7:52 AM
Posts
3
OS
windows 11
With SSH (including Powershell SSH), you can install public and private keys, and that allows you to start remote sessions without passwords. Is it possible to do something similar to log into another windows computer using RDP? I know that Microsoft Account can offer passwordless authentication, but that requires an authenticator app on the phone. What I am striving to accomplish here, is certificate/key-based authentication without two-factor auth.
 

My Computer

System One

  • OS
    windows 11
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo
    Memory
    64GB
With RDP, you can save the login credentials of remote PC, so when you start a remote session, you are auto logged in.

RDP will not work without a password on remote PC. However remote pc can be set to autologin without entering password using netplwiz, if you are physically at remote pc.

I just connect to my remote pcs and sessions just start - I never need to key login details.
 

My Computer

System One

  • OS
    Windows 11 Pro + Win11 Canary VM.
    Computer type
    Laptop
    Manufacturer/Model
    ASUS Zenbook 14
    CPU
    I9 13th gen i9-13900H 2.60 GHZ
    Motherboard
    Yep, Laptop has one.
    Memory
    16 GB soldered
    Graphics Card(s)
    Integrated Intel Iris XE
    Sound Card
    Realtek built in
    Monitor(s) Displays
    laptop OLED screen
    Screen Resolution
    2880x1800 touchscreen
    Hard Drives
    1 TB NVME SSD (only weakness is only one slot)
    PSU
    Internal + 65W thunderbolt USB4 charger
    Case
    Yep, got one
    Cooling
    Stella Artois (UK pint cans - 568 ml) - extra cost.
    Keyboard
    Built in UK keybd
    Mouse
    Bluetooth , wireless dongled, wired
    Internet Speed
    900 mbs (ethernet), wifi 6 typical 350-450 mb/s both up and down
    Browser
    Edge
    Antivirus
    Defender
    Other Info
    TPM 2.0, 2xUSB4 thunderbolt, 1xUsb3 (usb a), 1xUsb-c, hdmi out, 3.5 mm audio out/in combo, ASUS backlit trackpad (inc. switchable number pad)

    Macrium Reflect Home V8
    Office 365 Family (6 users each 1TB onedrive space)
    Hyper-V (a vm runs almost as fast as my older laptop)
One drawback of RDP over the Internet (shouldn't really be an issue on HOME LAN's) is that RDP isn't a secure connection. You might want to look at VNC on windows.

You can secure RDP by Tunnelling it with SSH as per : (Old link but its still correct)


Puty is another way



For accessing NAS (Linux type systems) as well as SSH you can enable "X" with SSH so that you can logon to the full GUI via SSH.

For Accessing remote Windows systems via SSH you need to enable the SSH-SERVER in windows on the remote system if you want the REMOTE system to transmit files to you --it's installable via the "Add optional features". The SSH-Client is installed by default on Windows (all editions).

Good if you just want command line facilities.

If you want / mainly interested in secure file transfers then simply install filezilla on the various systems. Again if you want the REMOTE Windows system to be able to xmit files whether by SSH or Filezilla you need to enable the SSH-SERVER on the REMOTE sending system (i.e you are RECEIVING files from the remote system).

(If you connect via Network connections and file explorer then cut and paste works normally).

I believe VNC has various options of being more secure than RDP for remote Windows session communications - I might play around with a couple of VM's to try this later.

Cheers
jimbo
 
Last edited:

My Computer

System One

  • OS
    Windows XP,7,10,11 Linux Arch Linux
    Computer type
    PC/Desktop
    CPU
    2 X Intel i7
One drawback of RDP over the Internet (shouldn't really be an issue on HOME LAN's) is that RDP isn't a secure connection.
RDP is a secure connection.

Encryption

RDP uses RSA Security's RC4 cipher, a stream cipher designed to efficiently encrypt small amounts of data. RC4 is designed for secure communications over networks. Administrators can choose to encrypt data by using a 56- or 128-bit key.



Remote Desktop sessions operate over an encrypted channel, preventing anyone from viewing your session by listening on the network. However, there is a vulnerability in the method used to encrypt sessions in earlier versions of RDP. This vulnerability can allow unauthorized access to your session using a man-in-the-middle attack(link is external).

While Remote Desktop is more secure than remote administration tools such as VNC that do not encrypt the entire session, any time Administrator access to a system is granted remotely there are risks.
 

My Computers

System One System Two

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    Homebuilt
    CPU
    AMD Ryzen 7 3800XT
    Motherboard
    ASUS ROG Crosshair VII Hero (WiFi)
    Memory
    32GB
    Graphics Card(s)
    EVGA GeForce GTX 1080 Ti
  • Operating System
    Windows 11 Education
    Computer type
    Laptop
    Manufacturer/Model
    Dell Inspiron 7773
    CPU
    Intel i7-8550U
    Memory
    32GB
    Graphics card(s)
    Nvidia Geforce MX150
    Sound Card
    Realtek
    Monitor(s) Displays
    17"
    Screen Resolution
    1920 x 1080
    Hard Drives
    Toshiba 512GB NVMe SSD
    SK Hynix 512GB SATA SSD
    Internet Speed
    Fast!
RDP is a secure connection.

Encryption

RDP uses RSA Security's RC4 cipher, a stream cipher designed to efficiently encrypt small amounts of data. RC4 is designed for secure communications over networks. Administrators can choose to encrypt data by using a 56- or 128-bit key.



Remote Desktop sessions operate over an encrypted channel, preventing anyone from viewing your session by listening on the network. However, there is a vulnerability in the method used to encrypt sessions in earlier versions of RDP. This vulnerability can allow unauthorized access to your session using a man-in-the-middle attack(link is external).

While Remote Desktop is more secure than remote administration tools such as VNC that do not encrypt the entire session, any time Administrator access to a system is granted remotely there are risks.
Thanks

I stand corrected -- although I'm sure that RDP wasn't always a secure method. Your reference to earlier versions of RDP exposing possible vulnerability might have misled me. (Not your post ! but info on the earlier versions of RDP) which is where I'm coming from. One has to be so careful on Internet as it's so easy to post stuff which might have a totally different meaning to readers as to what one intended -- especially if posting in not your primary language.

Good to see W10 and W11 are taking robust security sensibly without going bonkers about it these days.

Cheers
jimbo
 

My Computer

System One

  • OS
    Windows XP,7,10,11 Linux Arch Linux
    Computer type
    PC/Desktop
    CPU
    2 X Intel i7
Back
Top Bottom