Enabling vnc within ltsp as a LabMonitor/HelpDesk Tool Overview Enable NIS - It is not necessary to enable nis to use x11vnc with the authentication altered to allow the root access necessary to use x11vnc. But this is attempt to document the process where it is unclear in existing documentation. --------------------------------------------------------------------------------- Edit /etc/sysconfig/network to add nis domain.Here is a sample NETWORKING=yes HOSTNAME=Eagle1 NISDOMAIN=ltsp --------------------------------------------------------------------------- Edit the /etc/yp.conf file for your setup..Mine looks like this domain ltsp Eagle1 ypserver 10.10.10.254 ------------------------------------------------------------------------ You probably have several user accounts on your linux machine..you can enable nis for these accounts by running the make command within /var/yp folder. You can tweak what information is included by editting the makefile there I changed nothing.You can also tweak which networks are allowed acces in /var/yp/securenets. Check to be sure that /var/yp/ypservers contains your server name Mine contains this Eagle1 Start the daemon. In redhat it is as simple as from a command line running service ypserv start.You can use ntsysv form the command line to enable ypserv at atartup Enable SSH-As copied from ltsp.org To make ssh very secure, you'd have to store the workstations private key on some sort of local storage device, such as a floppy, flash disk or harddisk. We haven't gone that far with it yet. The private key is stored on the server and accessed via NFS. WE KNOW that this is a security problem. Our first goal with ssh was to make it possible to launch the applications on the work- station. We're working on making it as secure as possible. A public/private key pair is shared among all workstations, and it needs to be created with ssh-keygen and stored in /opt/ltsp/i386/etc/ssh. Also, the public key needs to be stored in the /etc/ssh/ssh_known_hosts file. Actually, the same key needs to exist in that file several times. Once for each workstation, with the name of the workstation preceeding each record. Once that is setup, if you want to avoid having the user needing to enter their password each time they try to launch a local app, you'll need to put the users public key in their own authorized_keys file. To generate the private/public key pair for the workstations, run the following commands: ssh-keygen -q -t rsa1 -f /opt/ltsp/i386/etc/ssh/ssh_host_key -C '' -N '' ssh-keygen -q -t rsa -f /opt/ltsp/i386/etc/ssh/ssh_host_rsa_key -C '' -N '' ssh-keygen -q -t dsa -f /opt/ltsp/i386/etc/ssh/ssh_host_dsa_key -C '' -N '' You will then take the contents of the /opt/ltsp/i386/etc/ssh/ssh_host_rsa_key.pub and add a line in /etc/ssh/ssh_known_hosts for each workstation. Make sure you put the workstation name in front of each record. Below is an example of how the /etc/ssh/ssh_known_hosts file should look: ws001 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAxFCM2eZU7P3HvEOMYhAFUiwE... ws002 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAxFCM2eZU7P3HvEOMYhAFUiwE... Once ssh is setup, and NIS is configured on the server, the following settings need to be added to the lts.conf file: LOCAL_APPS = Y NIS_DOMAIN = ltsp Once those settings are added, and the workstation is restarted, the user can launch programs on the workstation. Of course the application and all its libraries must be accessible to the workstation via NFS. Here is a simple example of running a program on the thin client: ssh ws001 uptime ---------------------------------------------------------------------- Making the host screen available-To share out the desktop xhost + localhost must be run Compile x11vnc within lbe Add x11vnc to /lbe/ltsp-src/package_list Add a folder /lbe/ltsp-src/x11vnc and place the package.def in it..I may be necessary to add a simlink within the lbe in order for it to compile..this simlink was left over from successful compile of vnc within the lbe and my notes may not be perfect. ################################################### Package.def for x11vnc VERSION = 0.6 RELEASE = 0 PKG1COMPONENT = x11vnc PKG1NAME = x11vnc CFLAGS = "-02 -Wall \$(DIR_CFLAGS) -I$(LTSP_ROOT)/usr/X11R6/include PKG1 = LibVNCServer-0.6.tar.gz MD5SUM1 = b6ef0d29a1247a4dbb1b5bbc6bab6458 SOURCE1 = http://unc.dl.sourceforge.net/sourceforge/libvncserver/LibVNCServer-0.6.tar.gz UNPACK1 = gunzip < ${TARBALL} | tar xf - BUILDDIR = LibVNCServer-0.6 SOURCEDIR = LibVNCServer-0.6 CONFIGURE = export CPPFLAGS="-I${LTSP_ROOT}/usr/X11R6/include" && \ export LDFLAGS="-L${LTSP_ROOT}/usr/X11R6/lib" && \ export LD_LIBRARY_PATH="{LTSP_ROOT}/usr/X11R6/lib" && \ ../${SOURCEDIR}/configure --with-x-libs=${LTSP_ROOT}/usr/X11R6/lib \ --with-x-includes=${LTSP_ROOT}/usr/X11R6/include --prefix=/usr BUILD = make -j ${CPUS} INSTALL = make DESTDIR=${LTSP_ROOT}/usr/local/bin/ ${LTSP_ROOT}/usr/share/man CLEAN = rm -rf ${BUILDDIR} ${SOURCEDIR} --------------------------------------------------------------------------------------- Within ltsp-src run ./build –only x11vnc this should compile x11vnc-BUT will place the executable in /lbe/ltsp-src/x11vnc/LibVNCServer-0.6/contrib. Take the x11vnc executable in /opt/ltsp/i386/usr/bin..anywhere within the path where it can be run easily. Allow root Access-Probably there is a better way but...I simply editted /opt/ltsp/i386/etc/passwd and changed /bin/false to /bin/sh.The ni created a /opt/ltsp/i386/etc/shadow file and pasted a non priviledged users line from my server's /etc/shadow. Then i changed the name at the beginning to root. Now the root account is available on the client using that non-priviledged password. To enable x11vnc you must be able to ssh into the client and run x11vnc -display :0.. The executable will begin polling the xserver and make it available via vnc.