xfreerdp - Man Page

FreeRDP X11 client

Examples (TL;DR)


xfreerdp [file] [options] [/v:server[:port]]


xfreerdp is an X11 Remote Desktop Protocol (RDP) client which is part of the FreeRDP project. An RDP server is built-in to many editions of Windows. Alternative servers included ogon, gnome-remote-desktop, xrdp and VRDP (VirtualBox).


/a:addin[,options], /addin:addin[,options]



Action script (default:~/.config/freerdp/action.sh)

/admin,  /console

Admin (or console) session


desktop composition (default:off)


Remote application program


Remote assistance password


Automatically request remote assistance input control


Asynchronous channels (experimental) (default:off)


Asynchronous update (default:off)


Audio output mode


Authenticate only (default:off)


Authentication package filter (comma-separated list, use '!' to exclude)


Authentication (experimental) (default:on)


Automatic reconnection (default:off)


Automatic reconnection maximum retries, 0 for unlimited [0,1000]


Session bpp (color depth) (default:16)


Print the build configuration


/cert:[deny,ignore,name:name,tofu,fingerprint:hash:hash as hex[,fingerprint:hash:another hash]]

Certificate accept options. Use with care!

* deny ... Automatically abort connection if the certificate does not match, no user interaction.

* ignore ... Ignore the certificate checks altogether (overrules all other options)

* name ... Use the alternate <name> instead of the certificate subject to match locally stored certificates

* tofu ... Accept certificate unconditionally on first connect and deny on subsequent connections if the certificate does not match

* fingerprints ... A list of certificate hashes that are accepted unconditionally for a connection


Client Build Number sent to server (influences smartcard behaviour, see [MS-RDPESC])


Client Hostname to send to server


Redirect clipboard:

* use-selection:<atom> ... (X11) Specify which X selection to access. Default is CLIPBOARD. PRIMARY is the X-style middle-click selection.

* direction-to:[all|local|remote|off] control enabled clipboard direction

* files-to:[all|local|remote|off] control enabled file clipboard directiont (default:on)

-compression,  -z

compression (default:on)


Compression level (0,1,2)


credentials delegation (default:off)




Window decorations (default:on)


Display control


Redirect directory <path> as named share <name>. Hotplug support is enabled with /drive:hotplug,*. This argument provides the same function as "Drives that I plug in later" option in MSTSC.


Redirect all mount points as shares (default:off)


record or replay dump


Dynamic virtual channel


Send resolution updates when the window is resized

/echo, /echo

Echo channel


Encryption (experimental) (default:on)


RDP standard security encryption methods


Fullscreen mode (<Ctrl>+<Alt>+<Enter> toggles fullscreen)


FIPS mode (default:off)


floatbar is disabled by default (when enabled defaults to sticky in fullscreen mode)


smooth fonts (ClearType) (default:on)


Use default callbacks (console) for certificate/credential/... (default:off)


Number of frame acknowledgement


Read command line from a file, stdin or file descriptor. This argument can not be combined with any other. Provide one argument per line.


Read credentials from stdin. With <force> the prompt is done before connection, otherwise on server request.

/gateway:g:gateway[:port],u:user,d:domain,p:password,usage-method:[direct|detect],access-token:token,type:[rpc|http[,no-websockets][,extauth-sspi-ntlm]|auto[,no-websockets][,extauth-sspi-ntlm]]|arm,url:wss://url,bearer:oauth2-bearer-token, /gw:g:gateway[:port],u:user,d:domain,p:password,usage-method:[direct|detect],access-token:token,type:[rpc|http[,no-websockets][,extauth-sspi-ntlm]|auto[,no-websockets][,extauth-sspi-ntlm]]|arm,url:wss://url,bearer:oauth2-bearer-token

Gateway Hostname


GDI rendering


Geometry tracking channel


Consume multitouch input locally (default:off)


RDP8 graphics pipeline


Grab keyboard (default:on)


Grab mouse (default:on)


Height (default:768)


Support heartbeat PDUs (default:on)

/help,  /?

Print help


Redirect user home as share (default:off)

/ipv6,  /6

Prefer IPv6 AAA record over IPv4 A record


JPEG codec support


JPEG quality


Keyboard related options:

* layout: set the keybouard layout announced to the server

* lang: set the keyboard language identifier sent to the server

* fn-key: Function key value

* pipe: Name of a named pipe that can be used to type text into the RDP session


Kerberos options


Load balance info


List available options for subcommand (default:List available options for subcommand)


Set logger filters, see wLog(7) for details


Set the default log level, see wLog(7) for details


Specify maximum fast-path update size


Specify maximum time in milliseconds spend treating packets


menu animations (default:off)

/microphone[:[sys:sys,][dev:dev,][format:format,][rate:rate,][channel:channel]], /mic[:[sys:sys,][dev:dev,][format:format,][rate:rate,][channel:channel]]

Audio input (microphone)


Select monitors to use


Send mouse motion (default:on)


Send mouse motion with relative addressing (default:off)


Mouse related options:

* relative: send relative mouse movements if supported by server

* grab: grab the mouse if within the window


Use multiple monitors


Redirect multitouch input (default:off)


Support multitransport protocol (default:on)


protocol security negotiation (default:on)


Network connection type

/nsc,  /nscodec

NSCodec support


Orientation of display in degrees


Use the old license workflow (no CAL and hwId set to 0) (default:off)




Redirect parallel device


Parent window id


Preconnection Blob


Preconnection Id


Physical height of display (in millimeters)


Replay rfx pcap file


Server port


suppress output when minimized (default:on)


Print base64 reconnect cookie after connecting (default:off)


Redirect printer device


Proxy settings: override env. var (see also environment variable below). Protocol "socks5" should be given explicitly where "http" is default.

/pth:password-hash, /pass-the-hash:password-hash

Pass the hash (restricted admin mode)


Physical width of display (in millimeters)

/rdp2tcp:executable path[:arg...]

TCP redirection


Pass base64 reconnect cookie to the connection


Override the preferred redirection order

/relax-order-checks, /relax-order-checks

Do not check if a RDP order was announced during capability exchange, only use when connecting to a buggy server

/restricted-admin,  /restrictedAdmin

Restricted admin mode




RemoteFX mode


Scaling factor of the display (default:100)


Scaling factor for desktop applications (value between 100 and 500) (default:100)


Scaling factor for app store applications (default:100)


Force specific protocol security. e.g. /sec:nla enables NLA and disables all others, while /sec:nla:[on|off] just toggles NLA

/serial[:name[,path[,driver[,permissive]]]], /tty[:name[,path[,driver[,permissive]]]]

Redirect serial device


User-specified server name to use for validation (TLS, Kerberos)


Alternate shell


Shell working directory

/size:widthxheight or percent%[wh]

Screen size (default:1024x768)


Scale remote desktop to window size


Redirect the smartcard devices containing any of the <str> in their names.

/smartcard-logon[:[cert:path,key:key,pin:pin,csp:csp name,reader:reader,card:card]]

Activates Smartcard (optional certificate) Logon authentication.

/sound[:[sys:sys,][dev:dev,][format:format,][rate:rate,][channel:channel,][latency:latency,][quality:quality]], /audio[:[sys:sys,][dev:dev,][format:format,][rate:rate,][channel:channel,][latency:latency,][quality:quality]]

Audio output (sound)


Span screen over multiple monitors


SPN authentication service class

/ssh-agent, /ssh-agent

SSH Agent forwarding channel

/sspi-module:SSPI module path

SSPI shared library module file path

/winscard-module:WinSCard module path

WinSCard shared library module file path


Deactivate all graphics decoding in the client session. Useful for load tests with many simultaneous connections

/t:title, /title:title

Window title


themes (default:on)

/timeout:time in ms, /timeout:time in ms

Advanced setting for high latency links: Adjust connection timeout, use if you encounter timeout failures with your connection (default:9000)


TLS configuration options: * ciphers:[netmon|ma|<cipher names>]

* seclevel:<level>, default: 1, range: [0-5] Override the default TLS security level, might be required for older target servers

* secrets-file:<filename>

* enforce[:[ssl3|1.0|1.1|1.2|1.3]] Force use of SSL/TLS version for a connection. Some servers have a buggy TLS version negotiation and might fail without this. Defaults to TLS 1.2 if no argument is supplied. Use 1.0 for windows 7


Alt+Ctrl+Enter to toggle fullscreen (default:on)


[experimental] directly manipulate freerdp settings, use with extreme caution! (default:)




Let server see real physical pointer button (default:off)


Redirect USB device


Server hostname


Static virtual channel


Print version


Video optimized remoting channel

/prevent-session-lock[:time in sec]

Prevent session locking by injecting fake mouse motion events to the server when the connection is idle (default interval: 180 seconds)


Hyper-V console (use port 2179, disable negotiation)


Width (default:1024)


wallpaper (default:on)


full window drag (default:off)


window position


Set the WM_CLASS hint for the window instance


Use available work area

Environment Variables

wlog environment variable

xfreerdp uses wLog as its log facility, you can refer to the corresponding man page (wlog(7)) for more informations. Arguments passed via the /log-level or /log-filters have precedence over the environment variables.


xfreerdp connection.rdp /p:Pwd123! /f

Connect in fullscreen mode using a stored configuration connection.rdp and the password Pwd123!

xfreerdp /u:USER /size:50%h /v:rdp.contoso.com

Connect to host rdp.contoso.com with user USER and a size of 50 percent of the height. If width (w) is set instead of height (h) like /size:50%w. 50 percent of the width is used.

xfreerdp /u:CONTOSO\\JohnDoe /p:Pwd123! /v:rdp.contoso.com

Connect to host rdp.contoso.com with user CONTOSO\\JohnDoe and password Pwd123!

xfreerdp /u:JohnDoe /p:Pwd123! /w:1366 /h:768 /v:

Connect to host on port 4489 with user JohnDoe, password Pwd123!. The screen width is set to 1366 and the height to 768

xfreerdp /u:JohnDoe /p:Pwd123! /vmconnect:C824F53E-95D2-46C6-9A18-23A5BB403532 /v:

Establish a connection to host with user JohnDoe, password Pwd123! and connect to Hyper-V console (use port 2179, disable negotiation) with VMID C824F53E-95D2-46C6-9A18-23A5BB403532


Activate clipboard redirection


Activate drive redirection of /home/user as home drive


Activate smartcard redirection for device device


Activate printer redirection for printer device using driver driver


Activate serial port redirection for port device


Activate parallel port redirection for port device


Activate audio output redirection using device sys:alsa


Activate audio input redirection using device sys:alsa


Activate multimedia redirection using device sys:alsa


Activate USB device redirection for the device identified by 054c:0268


The FreeRDP Team

Referenced By


2024-02-22 freerdp