Any users of rustdesk? Watch out for unsafe defaults

After spending time trying out rustdesk, my first impression is that I’m really impressed. It’s an Open Source clone of teamviewer. It has many fun toys like file transfer, and text chat between a local desktop, and a remote desktop. It can also punch firewalls with the help of a relay server.

But I think it has some overly-permissive default settings, which are a security risk. I opened a bug on this at github.

Basically, after downloading the rustdesk installer, I suggest disconnecting your laptop/workstation from the internet whatsoever, then installing rustdesk and launching it. This will block the connection to the community relays, until you can tighten up a few overly-permissive settings. I suggest disabling the following, seen in the submenu that pops out of the 3 dots beside “ID”, in the upper left (to begin with):

  • “Enable File Transfer”
  • “Enable TCP Tunneling”
  • (if you aren’t being connected to) “Enable Keyboard/Mouse”
  • (if you aren’t being connected to) “Enable Clipboard”

If you are a more advanced user, next consider running your own rustdesk server and relay - where you can optionally and wisely encrypt the traffic - and not using the rustdesk community-supplied ones (which will lack encrypted connections).

PS: I’m aware that Rustdesk has a Discord server where I could raise this issue more, but I’m a non-fan of Discord, plus the conversation wouldn’t be searchable to the internet at large.

1 Like

Thanks for the heads up. I’ve been using No Machine for a little while though I’m really interested in trying out rustdesk right away.

1 Like

Oooh, I have been looking for a replacement for Teamviewer, this will have to get a look by me… soon!

1 Like

I wanted my own rustdesk relay not to be publically-usable.

After setting up an innernet server on a VPS, I can run the rustdesk “ID server” and relay server inside the wireguard tunnel (bound to the wireguard ip address of the innernet service/network interface), such that rustdesk clients connect to these only (which is to say, all rustdesk connections are encrypted with wireguard).

On the VPS:

sudo ./hbbs -r [innernet-server-ip]
sudo ./hbbr

Note: The rustdesk binaries for running your own “ID server” and relay server are called called “hbbs”, and “hbbr”, respectively)