RDP (remote desktop) with public/private keys and without password


aag

New member
Local time
5:28 AM
Posts
1
OS
windows 11
With SSH (including Powershell SSH), you can install public and private keys, and that allows you to start remote sessions without passwords. Is it possible to do something similar to log into another windows computer using RDP? I know that Microsoft Account can offer passwordless authentication, but that requires an authenticator app on the phone. What I am striving to accomplish here, is certificate/key-based authentication without two-factor auth.
 

My Computer

System One

  • OS
    windows 11

cereberus

Well-known member
Pro User
VIP
Local time
4:28 AM
Posts
2,278
OS
Windows 10 Pro + others in VHDs
With RDP, you can save the login credentials of remote PC, so when you start a remote session, you are auto logged in.

RDP will not work without a password on remote PC. However remote pc can be set to autologin without entering password using netplwiz, if you are physically at remote pc.

I just connect to my remote pcs and sessions just start - I never need to key login details.
 

My Computer

System One

  • OS
    Windows 10 Pro + others in VHDs
    Computer type
    Laptop
    Manufacturer/Model
    ASUS Vivobook 14
    CPU
    I7
    Motherboard
    Yep, Laptop has one.
    Memory
    16 GB
    Graphics Card(s)
    Integrated Intel Iris XE
    Sound Card
    Realtek built in
    Monitor(s) Displays
    N/A
    Screen Resolution
    1920x1080
    Hard Drives
    1 TB Optane NVME SSD, 1 TB NVME SSD
    PSU
    Yep, got one
    Case
    Yep, got one
    Cooling
    Stella Artois
    Keyboard
    Built in
    Mouse
    Bluetooth , wired
    Internet Speed
    72 Mb/s :-(
    Browser
    Edge mostly
    Antivirus
    Defender
    Other Info
    TPM 2.0

jimbo45

Well-known member
Power User
VIP
Local time
3:28 AM
Posts
1,893
Location
Hafnarfjörður IS
OS
Windows XP,7,10,11 Linux Arch Linux
One drawback of RDP over the Internet (shouldn't really be an issue on HOME LAN's) is that RDP isn't a secure connection. You might want to look at VNC on windows.

You can secure RDP by Tunnelling it with SSH as per : (Old link but its still correct)


Puty is another way



For accessing NAS (Linux type systems) as well as SSH you can enable "X" with SSH so that you can logon to the full GUI via SSH.

For Accessing remote Windows systems via SSH you need to enable the SSH-SERVER in windows on the remote system if you want the REMOTE system to transmit files to you --it's installable via the "Add optional features". The SSH-Client is installed by default on Windows (all editions).

Good if you just want command line facilities.

If you want / mainly interested in secure file transfers then simply install filezilla on the various systems. Again if you want the REMOTE Windows system to be able to xmit files whether by SSH or Filezilla you need to enable the SSH-SERVER on the REMOTE sending system (i.e you are RECEIVING files from the remote system).

(If you connect via Network connections and file explorer then cut and paste works normally).

I believe VNC has various options of being more secure than RDP for remote Windows session communications - I might play around with a couple of VM's to try this later.

Cheers
jimbo
 
Last edited:

My Computer

System One

  • OS
    Windows XP,7,10,11 Linux Arch Linux
    Computer type
    PC/Desktop
    CPU
    2 X Intel i7

NavyLCDR

Well-known member
Power User
VIP
Local time
8:28 PM
Posts
959
OS
Windows 11
One drawback of RDP over the Internet (shouldn't really be an issue on HOME LAN's) is that RDP isn't a secure connection.
RDP is a secure connection.

Encryption

RDP uses RSA Security's RC4 cipher, a stream cipher designed to efficiently encrypt small amounts of data. RC4 is designed for secure communications over networks. Administrators can choose to encrypt data by using a 56- or 128-bit key.



Remote Desktop sessions operate over an encrypted channel, preventing anyone from viewing your session by listening on the network. However, there is a vulnerability in the method used to encrypt sessions in earlier versions of RDP. This vulnerability can allow unauthorized access to your session using a man-in-the-middle attack(link is external).

While Remote Desktop is more secure than remote administration tools such as VNC that do not encrypt the entire session, any time Administrator access to a system is granted remotely there are risks.
 

My Computers

System One System Two

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    Homebuilt
    CPU
    AMD Ryzen 7 3800XT
    Motherboard
    ASUS ROG Crosshair VII Hero (WiFi)
    Memory
    32GB
    Graphics Card(s)
    EVGA GeForce GTX 1080 Ti
  • Operating System
    Windows 11 Education
    Computer type
    Laptop
    Manufacturer/Model
    Dell Inspiron 7773
    CPU
    Intel i7-8550U
    Memory
    32GB
    Graphics card(s)
    Nvidia Geforce MX150
    Sound Card
    Realtek
    Monitor(s) Displays
    17"
    Screen Resolution
    1920 x 1080
    Hard Drives
    Toshiba 512GB NVMe SSD
    SK Hynix 512GB SATA SSD
    Internet Speed
    Fast!

jimbo45

Well-known member
Power User
VIP
Local time
3:28 AM
Posts
1,893
Location
Hafnarfjörður IS
OS
Windows XP,7,10,11 Linux Arch Linux
RDP is a secure connection.

Encryption

RDP uses RSA Security's RC4 cipher, a stream cipher designed to efficiently encrypt small amounts of data. RC4 is designed for secure communications over networks. Administrators can choose to encrypt data by using a 56- or 128-bit key.



Remote Desktop sessions operate over an encrypted channel, preventing anyone from viewing your session by listening on the network. However, there is a vulnerability in the method used to encrypt sessions in earlier versions of RDP. This vulnerability can allow unauthorized access to your session using a man-in-the-middle attack(link is external).

While Remote Desktop is more secure than remote administration tools such as VNC that do not encrypt the entire session, any time Administrator access to a system is granted remotely there are risks.
Thanks

I stand corrected -- although I'm sure that RDP wasn't always a secure method. Your reference to earlier versions of RDP exposing possible vulnerability might have misled me. (Not your post ! but info on the earlier versions of RDP) which is where I'm coming from. One has to be so careful on Internet as it's so easy to post stuff which might have a totally different meaning to readers as to what one intended -- especially if posting in not your primary language.

Good to see W10 and W11 are taking robust security sensibly without going bonkers about it these days.

Cheers
jimbo
 

My Computer

System One

  • OS
    Windows XP,7,10,11 Linux Arch Linux
    Computer type
    PC/Desktop
    CPU
    2 X Intel i7
Top Bottom