Headless KDE RDP / Wayland / KWallet / Plasma 6.

Hi,
I’ve been trying to setup a headless system using KDE Plasma and RDP
This is on Arch / Rpi4 using plasma 6.2.5
I’ve managed to get pretty close, but there were two problems I ran into, so far I’ve fixed one of them but not the other

Problem 1 - KWallet / RDP

The first issue I’ve run into is that if you set sddm to auto login, the the kde wallet is not opened by default. If you login manually via sddm then the wallet is automatically opened on login.

If the wallet is not open, then any RDP Connections will fail as the rdp server can’t check the credentials.

I’ve tried setting the password to blank, which I know is insecure but that didn’t work, but I was wondering if a better way might be a patch to allow RDP as an exception access to the wallet without it being open

Currently I’m trying to see if there’s a cli command I can run at startup to trigger an open of the wallet

Problem 2 - RDP Popup - Fixed

This one I’ve found a fix for, but it would be nice if there was an easier to use option under System Settings
This is to turn off the RDP notification window to allow or not when someone tries to connect in
What you need to do is run the following from a shell as the current user remotely via ssh

flatpak permission-set kde-authorized remote-desktop org.kde.krdpserver yes

Or to set this to run every time at autologin

cd ~
mkdir scripts
echo "flatpak permission-set kde-authorized remote-desktop org.kde.krdpserver yes">scripts/allow-rdp-kde.sh
chmod +x scripts/allow-rdp-kde.sh

Then go into System Settings → AutoStart
Add scripts/allow-rdp-kde.sh as a startup script

Hmm after a bit more experimentation that script only works some of the time I think
Also I’ve discovered that you can’t run fully headless with plasma 6 / wayland at the moment.

There is a virtual option but I suspect you wouldn’t then be able to see the desktop on the monitor if it was switched on

kwin_wayland --virtual

As a follow up
I think that the permission-set kde-authorized remote-desktop setting might be reset if the monitor is turned off then on again possibly causing a restart of the rdp server

For the rpi the following workaround I think fixes that and allows rdp to work even with the monitor off

Add something like the following to the kernel command line options
(for the rpi this is located under /boot/config.txt)
Setting whatever resolution is appropriate

video=HDMI-A-1:1920x1080M-32@60D

This will trick the system into thinking there’s always a monitor there even if it’s unplugged. The letter D at the end is important to force it on and in digital mode.
Make sure to match up HDMI-A-1 with whichever monitor socket your using on the pi (this is the first left hand side one)

Outstanding issues

First ideally there should be some way to set permission-set kde-authorized remote-desktop permanently or some sort of IP whitelist perhaps.
Although if you trick the system into always having a monitor attached you should only have to click the button or run the command the one time

Second is the kwallet issue, without a fix for that the only way around this so far is to just manually log on via sddm on first bootup without autologin.
If there was some way to switch on kwallet from the command line remotely so that rdp would then work, that would be at least something, but I’m not sure how to do that just yet.

It’s already permanent.

Have you tried activating kwallet as part of the autostart routine? Something like busctl --user call org.kde.kwalletd6 / org.freedesktop.DBus.Peer Ping should make sure kwallet is actually started. You’ll also definitely need a wallet without password because autologin is incompatible with how wallets are usually unlocked.

Generally speaking, checking journalctl for what’s happening may be of help. Usually there’s a trace left behind why e.g. kwallet doesn’t work.

How are you logging into your user session? If you autologin kwallet doesn’t start and waits for a password, which also effects krdpserver which uses the wallet to store passwords. To get kwallet to work properly you have to login normally, but SDDM doesn’t support remote login. My workaround was to switch SDDM’s compositor from kwin to sway, and install wayvnc. Now I can user vnc via ssh loopback to access sddm and login, and then switch to rdp once my session is started.