I've established a connection to a server based on port-forwarded local Xrdp, through an SSH tunnel. If my understanding is correct, then I could illustrate such network as follows:
╷────<──port xxxx──<────╷ )
│ │ ) ( )
╷───────────╷ ╷───────────╷ ) ( )
│ LOCALHOST │ │ LOCALHOST │===============port ssh=================== CLIENT )
╵───────────╵ ╵───────────╵ ) ( )
│ │ ) ( )
╵────>──port xrdp──>────╵ )
)
SERVER )
The connection between the server and client happens only in the SSH tunnel 'port ssh', which is encrypted. So I am thinking that xrdp
server doesn't need any encryption configured by default in /etc/xrdp/xrdp.ini
which will effectively do nothing but reducing performance.
Am I thinking correctly? If so, what xrdp config can optimize the performance?
That's correct. If your xrdp in running on the ssh server, encryption is not mandatory in you xrdp config. Although the encryption layer on modern hardware is generally speaking not so much resource consuming (neither CPU or bandwidth).
You could use compression (
ssh -C -L localhost:port
) when establishing the tunnel. If rdp data is compressible, you could save a few bits.I don't know about xrdp optimizations , and can't help on the xrdp.ini part.