FreeBSD Manual Pages
sdl2-freerdp3(1) sdl2-freerdp3 sdl2-freerdp3(1) NAME sdl2-freerdp3 - FreeRDP SDL client SYNOPSIS sdl2-freerdp3 [file] [options] [/v:server[:port]] DESCRIPTION sdl2-freerdp3 is an SDL Remote Desktop Protocol (RDP) client which is part of the FreeRDP project. An RDP server is built-in to many editions of Windows. Alternative servers included ogon, gnome-remote-desktop, xrdp and VRDP (VirtualBox). OPTIONS /a:addin[,options], /addin:addin[,options] Addin /azure:[tenantid:id],[use-tenantid[:[on|off]],[ad:url] AzureAD options /action-script:file-name Action script (default:~/.config/freerdp/action.sh) /admin, /console Admin (or console) session +aero desktop composition (default:off) /app:program:[path|||alias],cmd:command,file:filename,guid:guid,icon:filename,name:name,workdir:directory,hidef:[on|off] Remote application program /app-cmd:parameters [DEPRECATED, use /app:cmd:<command>] Remote application command-line parameters /app-file:file-name [DEPRECATED, use /app:file:<filename>] File to open with remote application /app-guid:app-guid [DEPRECATED, use /app:guid:<guid>] Remote application GUID /app-icon:icon-path [DEPRECATED, use /app:icon:<filename>] Remote application icon for user interface /app-name:app-name [DEPRECATED, use /app:name:<name>] Remote application name for user interface /app-workdir:workspace path [DEPRECATED, use /app:workdir:<directory>] Remote application workspace path /assistance:password Remote assistance password /auto-request-control: Automatically request remote assistance input control +async-channels Asynchronous channels (experimental) (default:off) +async-update Asynchronous update (default:off) /audio-mode:mode Audio output mode +auth-only Authenticate only (default:off) /auth-pkg-list:!ntlm,kerberos Authentication package filter (comma-separated list, use '!' to exclude) -authentication Authentication (experimental) (default:on) +auto-reconnect Automatic reconnection (default:off) /auto-reconnect-max-retries:retries Automatic reconnection maximum retries, 0 for unlimited [0,1000] +bitmap-cache [DEPRECATED, use /cache:bitmap[:on|off]] bitmap cache (default:off) +persist-cache [DEPRECATED, use /cache:persist[:on|off]] persistent bitmap cache (default:off) /persist-cache-file:filename [DEPRECATED, use /cache:persist-file:<filename>] persistent bitmap cache file /bpp:depth Session bpp (color depth) (default:16) /buildconfig Print the build configuration /cache:[bitmap[:on|off],codec[:rfx|nsc],glyph[:on|off],offscreen[:on|off],persist,persist-file:filename] /cert:[deny,ignore,name:name,tofu,fingerprint:hash:hash as hex[,fingerprint:hash:another hash]] Certificate accept options. Use with care! * deny ... Automatically abort connection if the certificate does not match, no user interaction. * ignore ... Ignore the certificate checks altogether (overrules all other options) * name ... Use the alternate <name> instead of the certificate subject to match locally stored certificates * tofu ... Accept certificate unconditionally on first connect and deny on subsequent connections if the certificate does not match * fingerprints ... A list of certificate hashes that are accepted unconditionally for a connection /cert-deny [DEPRECATED, use /cert:deny] Automatically abort connection for any certificate that can not be validated. /cert-ignore [DEPRECATED, use /cert:ignore] Ignore certificate /cert-name:name [DEPRECATED, use /cert:name:<name>] Certificate name /cert-tofu [DEPRECATED, use /cert:tofu] Automatically accept certificate on first connect /client-build-number:number Client Build Number sent to server (influences smartcard behaviour, see [MS-RDPESC]) /client-hostname:name Client Hostname to send to server /clipboard:[[use-selection:atom],[direction-to:[all|local|remote|off]],[files-to[:all|local|remote|off]]] Redirect clipboard: * use-selection:<atom> ... (X11) Specify which X selection to access. Default is CLIPBOARD. PRIMARY is the X-style middle-click selection. * direction-to:[all|local|remote|off] control enabled clipboard direction * files-to:[all|local|remote|off] control enabled file clipboard direction (default:on) /codec-cache:[rfx|nsc|jpeg] [DEPRECATED, use /cache:codec:[rfx|nsc|jpeg]] Bitmap codec cache -compression, -z compression (default:on) /compression-level:level Compression level (0,1,2) +credentials-delegation credentials delegation (default:off) /d:domain Domain -decorations Window decorations (default:on) /disp Display control /drive:name,path Redirect directory <path> as named share <name>. Hotplug support is enabled with /drive:hotplug,*. This argument provides the same function as "Drives that I plug in later" option in MSTSC. +drives Redirect all mount points as shares (default:off) /dump:record|replay,file:file[,nodelay] record or replay dump /dvc:channel[,options] Dynamic virtual channel +dynamic-resolution Send resolution updates when the window is resized (default:off) /echo, /echo Echo channel -encryption Encryption (experimental) (default:on) /encryption-methods:[40,][56,][128,][FIPS] RDP standard security encryption methods /f Fullscreen mode (<Ctrl>+<Alt>+<Enter> toggles fullscreen) +fipsmode FIPS mode (default:off) /floatbar[:sticky:[on|off],default:[visible|hidden],show:[always|fullscreen|window]] floatbar is disabled by default (when enabled defaults to sticky in fullscreen mode) -fonts smooth fonts (ClearType) (default:on) +force-console-callbacks Use default callbacks (console) for certificate/credential/... (default:off) /frame-ack:number Number of frame acknowledgement /args-from:file|stdin|fd:number|env:name Read command line from a file, stdin or file descriptor. This argument can not be combined with any other. Provide one argument per line. /from-stdin[:force] Read credentials from stdin. With <force> the prompt is done before connection, otherwise on server request. /gateway:g:gateway[:port],u:user,d:domain,p:password,usage-method:[direct|detect],access-token:token,type:[rpc|http[,no-websockets][,extauth-sspi-ntlm]|auto[,no-websockets][,extauth-sspi-ntlm]]|arm,url:wss://url,bearer:oauth2-bearer-token, /gw:g:gateway[:port],u:user,d:domain,p:password,usage-method:[direct|detect],access-token:token,type:[rpc|http[,no-websockets][,extauth-sspi-ntlm]|auto[,no-websockets][,extauth-sspi-ntlm]]|arm,url:wss://url,bearer:oauth2-bearer-token Gateway Hostname /g:gateway[:port] [DEPRECATED, use /gateway:g:<url>] Gateway Hostname /gateway-usage-method:[direct|detect], /gum:[direct|detect] [DEPRECATED, use /gateway:usage-method:<method>] Gateway usage method /gd:domain [DEPRECATED, use /gateway:d:<domain>] Gateway domain /gdi:sw|hw GDI rendering /geometry Geometry tracking channel +gestures Consume multitouch input locally (default:off) /gfx[:[[progressive[:on|off]|RFX[:on|off]|AVC420[:on|off]AVC444[:on|off]],mask:value,small-cache[:on|off],thin-client[:on|off],progressive[:on|off],frame-ack[:on|off]]] RDP8 graphics pipeline /gfx-h264[:[[AVC420|AVC444],mask:value]] [DEPRECATED, use /gfx:avc420] RDP8.1 graphics pipeline using H264 codec +gfx-progressive [DEPRECATED, use /gfx:progressive] RDP8 graphics pipeline using progressive codec (default:off) -gfx-small-cache [DEPRECATED, use /gfx:small-cache] RDP8 graphics pipeline using small cache mode (default:on) +gfx-thin-client [DEPRECATED, use /gfx:thin-client] RDP8 graphics pipeline using thin client mode (default:off) +glyph-cache [DEPRECATED, use /cache:glyph[:on|off]] Glyph cache (experimental) (default:off) /gp:password [DEPRECATED, use /gateway:p:<password>] Gateway password -grab-keyboard Grab keyboard focus, forward all keys to remote (default:on) -grab-mouse Grab mouse focus, forward all events to remote (default:on) /gt:[rpc|http[,no-websockets][,extauth-sspi-ntlm]|auto[,no-websockets][,extauth-sspi-ntlm]] [DEPRECATED, use /gateway:type:<type>] Gateway transport type /gu:[[domain]user|user[@domain]] [DEPRECATED, use /gateway:u:<user>] Gateway username /gat:access token [DEPRECATED, use /gateway:access-token:<token>] Gateway Access Token /h:height Height (default:768) -heartbeat Support heartbeat PDUs (default:on) /help, /? Print help +home-drive Redirect user home as share (default:off) /ipv4[:[:force]], /4[:[:force]] Prefer IPv4 A record over IPv6 AAAA record /ipv6[:[:force]], /6[:[:force]] Prefer IPv6 AAAA record over IPv4 A record /kbd:[layout:[0xid|name],lang:0xid,fn-key:value,type:value,subtype:value,unicode[:on|off],remap:key1=value1,remap:key2=value2,pipe:filename] Keyboard related options: * layout: set the keybouard layout announced to the server * lang: set the keyboard language identifier sent to the server * fn-key: Function key value * remap: RDP scancode to another one. Use /list:kbd-scancode to get the mapping. Example: To switch 'a' and 's' on a US keyboard: /kbd:remap:0x1e=0x1f,remap:0x1f=0x1e * pipe: Name of a named pipe that can be used to type text into the RDP session /kbd-lang:0xid [DEPRECATED, use / kbd:lang:<value>] Keyboard active language identifier /kbd-fn-key:value [DEPRECATED, use /kbd:fn-key:<value>] Function key value /kbd-list [DEPRECATED, use /list:kbd] List keyboard layouts /kbd-scancode-list [DEPRECATED, use list:kbd-scancode] List keyboard RDP scancodes /kbd-lang-list [DEPRECATED, use /list:kbd-lang] List keyboard languages /kbd-remap:[DEPRECATED, use /kbd:remap] List of key=value,... pairs to remap scancodes Keyboard scancode remapping /kbd-subtype:id [DEPRECATED, use /kbd:subtype]Keyboard subtype /kbd-type:id [DEPRECATED, use /kbd:type] Keyboard type /kbd-unicode: [DEPRECATED, use /kbd:unicode[:on|off]] Send unicode symbols, e.g. use the local keyboard map. ATTENTION: Does not work with every RDP server! /kerberos:[kdc-url:url,lifetime:time,start-time:time,renewable-lifetime:time,cache:path,armor:path,pkinit-anchors:path,pkcs11-module:name] Kerberos options /load-balance-info:info-string Load balance info /list:[kbd|kbd-scancode|kbd-lang[:value]|smartcard[:[pkinit-anchors:path][,pkcs11-module:name]]|monitor|tune|timezones] List available options for subcommand (default:List available options for subcommand) /log-filters:tag:level[,tag:level[,...]] Set logger filters, see wLog(7) for details /log-level:[OFF|FATAL|ERROR|WARN|INFO|DEBUG|TRACE] Set the default log level, see wLog(7) for details /max-fast-path-size:size Specify maximum fast-path update size /max-loop-time:time Specify maximum time in milliseconds spend treating packets +menu-anims menu animations (default:off) /microphone[:[sys:sys,][dev:dev,][format:format,][rate:rate,][channel:channel]], /mic[:[sys:sys,][dev:dev,][format:format,][rate:rate,][channel:channel]] Audio input (microphone) /smartcard-list [DEPRECATED, use /list:smartcard] List smartcard information /monitor-list [DEPRECATED, use /list:monitor] List detected monitors /monitors:id[,id[,...]] Select monitors to use (only effective in fullscreen or multimonitor mode) -mouse-motion Send mouse motion (default:on) +mouse-relative Send mouse motion with relative addressing (default:off) /mouse:[relative:[on|off],grab:[on|off]] Mouse related options: * relative: send relative mouse movements if supported by server * grab: grab the mouse if within the window /multimon[:force] Use multiple monitors +multitouch Redirect multitouch input (default:off) -multitransport Support multitransport protocol (default:on) -nego protocol security negotiation (default:on) /network:[invalid|modem|broadband|broadband-low|broadband-high|wan|lan|auto] Network connection type /nsc, /nscodec NSCodec support +offscreen-cache [DEPRECATED, use /cache:offscreen[:on|off]] offscreen bitmap cache (default:off) /orientation:[0|90|180|270] Orientation of display in degrees +old-license Use the old license workflow (no CAL and hwId set to 0) (default:off) /p:password Password /parallel[:name[,path]] Redirect parallel device /parent-window:window-id Parent window id /pcb:blob Preconnection Blob /pcid:id Preconnection Id /pheight:height Physical height of display (in millimeters) /play-rfx:pcap-file Replay rfx pcap file /port:number Server port -suppress-output suppress output when minimized (default:on) +print-reconnect-cookie Print base64 reconnect cookie after connecting (default:off) /printer[:name[,driver[,default]]] Redirect printer device /proxy:[proto://][user:password@]host[:port] Proxy settings: override env. var (see also environment variable below). Protocol "socks5" should be given explicitly where "http" is default. /pth:password-hash, /pass-the-hash:password-hash Pass the hash (restricted admin mode) /pwidth:width Physical width of display (in millimeters) /rdp2tcp:executable path[:arg...] TCP redirection /reconnect-cookie:base64-cookie Pass base64 reconnect cookie to the connection /redirect-prefer:FQDN|IP|NETBIOS,[...] Override the preferred redirection order /relax-order-checks, /relax-order-checks Do not check if a RDP order was announced during capability exchange, only use when connecting to a buggy server /restricted-admin, /restrictedAdmin Restricted admin mode /remoteGuard, /remoteGuard Remote guard credentials /rfx RemoteFX /rfx-mode:[image|video] RemoteFX mode /scale:[100|140|180] Scaling factor of the display (default:100) /scale-desktop:percentage Scaling factor for desktop applications (value between 100 and 500) (default:100) /scale-device:100|140|180 Scaling factor for app store applications (default:100) /sec:[rdp[:[on|off]]|tls[:[on|off]]|nla[:[on|off]]|ext[:[on|off]]|aad[:[on|off]]] Force specific protocol security. e.g. /sec:nla enables NLA and disables all others, while /sec:nla:[on|off] just toggles NLA +sec-ext [DEPRECATED, use /sec:ext] NLA extended protocol security (default:off) -sec-nla [DEPRECATED, use /sec:nla] NLA protocol security (default:on) -sec-rdp [DEPRECATED, use /sec:rdp] RDP protocol security (default:on) -sec-tls [DEPRECATED, use /sec:tls] TLS protocol security (default:on) /serial[:name[,path[,driver[,permissive]]]], /tty[:name[,path[,driver[,permissive]]]] Redirect serial device /server-name:name User-specified server name to use for validation (TLS, Kerberos) /shell:shell Alternate shell /shell-dir:dir Shell working directory /size:widthxheight or percent%[wh] Screen size (default:1024x768) /smart-sizing[:widthxheight] Scale remote desktop to window size /smartcard[:str[,str...]] Redirect the smartcard devices containing any of the <str> in their names. /smartcard-logon[:[cert:path,key:key,pin:pin,csp:csp name,reader:reader,card:card]] Activates Smartcard (optional certificate) Logon authentication. /sound[:[sys:sys,][dev:dev,][format:format,][rate:rate,][channel:channel,][latency:latency,][quality:quality]], /audio[:[sys:sys,][dev:dev,][format:format,][rate:rate,][channel:channel,][latency:latency,][quality:quality]] Audio output (sound) /span Span screen over multiple monitors /spn-class:service-class SPN authentication service class /ssh-agent, /ssh-agent SSH Agent forwarding channel /sspi-module:SSPI module path SSPI shared library module file path /winscard-module:WinSCard module path WinSCard shared library module file path /disable-output Deactivate all graphics decoding in the client session. Useful for load tests with many simultaneous connections /t:title, /title:title Window title -themes themes (default:on) /timeout:time in ms, /timeout:time in ms Advanced setting for high latency links: Adjust connection timeout, use if you encounter timeout failures with your connection (default:9000) /timezone:windows timezone Use supplied windows timezone for connection (requires server support), see /list:timezones for allowed values /tls:[ciphers|seclevel|secrets-file|enforce] TLS configuration options: * ciphers:[netmon|ma|<cipher names>] * seclevel:<level>, default: 1, range: [0-5] Override the default TLS security level, might be required for older target servers * secrets-file:<filename> * enforce[:[ssl3|1.0|1.1|1.2|1.3]] Force use of SSL/TLS version for a connection. Some servers have a buggy TLS version negotiation and might fail without this. Defaults to TLS 1.2 if no argument is supplied. Use 1.0 for windows 7 /tls-ciphers:[netmon|ma|ciphers] [DEPRECATED, use /tls:ciphers] Allowed TLS ciphers /tls-seclevel:level [DEPRECATED, use /tls:seclevel] TLS security level - defaults to 1 (default:1) /tls-secrets-file:filename [DEPRECATED, use /tls:secrets:file] File were TLS secrets will be stored in the SSLKEYLOGFILE format +enforce-tlsv1_2 [DEPRECATED, use /tls:enforce:1.2] Force use of TLS1.2 for connection. Some servers have a buggy TLS version negotiation and might fail without this (default:off) -toggle-fullscreen Alt+Ctrl+Enter to toggle fullscreen (default:on) /tune:setting:value,setting:value [experimental] directly manipulate freerdp settings, use with extreme caution! (default:) /tune-list [DEPRECATED, use /list:tune] Print options allowed for /tune /u:[[domain]user|user[@domain]] Username +unmap-buttons Let server see real physical pointer button (default:off) /usb:[dbg,][id:vid:pid#...,][addr:bus:addr#...,][auto] Redirect USB device /v:server[:port] Server hostname /vc:channel[,options] Static virtual channel /version Print version /video Video optimized remoting channel /prevent-session-lock[:time in sec] Prevent session locking by injecting fake mouse motion events to the server when the connection is idle (default interval: 180 seconds) /vmconnect[:vmid] Hyper-V console (use port 2179, disable negotiation) /w:width Width (default:1024) -wallpaper wallpaper (default:on) +window-drag full window drag (default:off) /window-position:xposxypos window position /wm-class:class-name Set the WM_CLASS hint for the window instance /workarea Use available work area CONFIGURATION FILE Format and Location: The configuration file is stored per user. The XDG_CONFIG_HOME environment variable can be used to override the base directory. This defaults to ~/.config The location relative to XDG_CONFIG_HOME is $XDG_CONFIG_HOME/freerdp/sdl-freerdp.json The configuration is stored in JSON format Supported options: SDL_KeyModMask Defines the key combination required for SDL client shortcuts. Default KMOD_RSHIFT An array of SDL_Keymod strings as defined at /SDL_Keymod SDL_Fullscreen Toggles client fullscreen state. Default SDL_SCANCODE_RETURN. A string as defined at /SDLScancodeLookup SDL_Minimize Minimizes the client window Default SDL_SCANCODE_M. A string as defined at /SDLScancodeLookup SDL_Resizeable Toggles local window resizeable state. Default SDL_SCANCODE_R. A string as defined at /SDLScancodeLookup SDL_Grab Toggles keyboard and mouse grab state. Default SDL_SCANCODE_G. A string as defined at /SDLScancodeLookup SDL_Disconnect Disconnects from the RDP session. Default SDL_SCANCODE_D. A string as defined at /SDLScancodeLookup ENVIRONMENT VARIABLES wlog environment variable sdl2-freerdp3 uses wLog as its log facility, you can refer to the corresponding man page (wlog(7)) for more information. Arguments passed via the /log-level or /log-filters have precedence over the environment variables. GLOBAL CONFIGURATION Format and Location: The configuration file is stored in global system configuration. The location is /usr/local/etc/FreeRDP/FreeRDP/certificates.json File format is JSON Supported options: deny JSON boolean Deny the certificate if the check against system SSL store was not successful ignore JSON boolean Ignore certificate failures, just ignore the certificate deny-userconfig JSON boolean If the checks in the global configuration do not accept the certificate do not ask the user certificate-db JSON array An array of JSON objects with: type JSON string a string identifying the hash algorithm used, e.g. sha256 hash JSON string a string of hex integer values representing the certificate hash, e.g. 0123456789abcdef EXAMPLES sdl2-freerdp3 connection.rdp /p:Pwd123! /f Connect in fullscreen mode using a stored configuration connection.rdp and the password Pwd123! sdl2-freerdp3 /u:USER /size:50%h /v:rdp.contoso.com Connect to host rdp.contoso.com with user USER and a size of 50 percent of the height. If width (w) is set instead of height (h) like /size:50%w. 50 percent of the width is used. sdl2-freerdp3 /u:CONTOSO\\JohnDoe /p:Pwd123! /v:rdp.contoso.com Connect to host rdp.contoso.com with user CONTOSO\\JohnDoe and password Pwd123! sdl2-freerdp3 /u:JohnDoe /p:Pwd123! /w:1366 /h:768 /v:192.168.1.100:4489 Connect to host 192.168.1.100 on port 4489 with user JohnDoe, password Pwd123!. The screen width is set to 1366 and the height to 768 sdl2-freerdp3 /u:JohnDoe /p:Pwd123! /vmconnect:C824F53E-95D2-46C6-9A18-23A5BB403532 /v:192.168.1.100 Establish a connection to host 192.168.1.100 with user JohnDoe, password Pwd123! and connect to Hyper-V console (use port 2179, disable negotiation) with VMID C824F53E-95D2-46C6-9A18-23A5BB403532 +clipboard Activate clipboard redirection /drive:home,/home/user Activate drive redirection of /home/user as home drive /smartcard:<device> Activate smartcard redirection for device device /printer:<device>,<driver> Activate printer redirection for printer device using driver driver /serial:<device> Activate serial port redirection for port device /parallel:<device> Activate parallel port redirection for port device /sound:sys:alsa Activate audio output redirection using device sys:alsa /microphone:sys:alsa Activate audio input redirection using device sys:alsa /multimedia:sys:alsa Activate multimedia redirection using device sys:alsa /usb:id,dev:054c:0268 Activate USB device redirection for the device identified by 054c:0268 LINKS http://www.freerdp.com/ AUTHOR The FreeRDP Team freerdp 2025-05-17 sdl2-freerdp3(1)
NAME | SYNOPSIS | DESCRIPTION | OPTIONS | CONFIGURATION FILE | ENVIRONMENT VARIABLES | GLOBAL CONFIGURATION | EXAMPLES | LINKS | AUTHOR
Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=sdl2-freerdp3&sektion=1&manpath=FreeBSD+Ports+14.3.quarterly>