[K12OSN] Shutting clients down: was tight vnc connection to ltsp client refused (111 error)

Eric Harrison eharrison at mail.mesd.k12.or.us
Tue May 30 05:30:26 UTC 2006

On Mon, 29 May 2006, Robert Arkiletian wrote:

> On 5/29/06, Eric Harrison <eharrison at mail.mesd.k12.or.us> wrote:
>> On Mon, 29 May 2006, Robert Arkiletian wrote:
>> > On 5/29/06, Dan Visentin <visentind at hdsb.ca> wrote:
>> >>
>> >>  btw... another great feature to add, if you are so inclined, is another
>> >> button to shutdown all the workstations remotely using /usr/sbin/ltspinfo
>> >> --host=wsXXX --shutdown (or --reboot).  I'm considering modifying the
>> >> sourcecode for fun (I know that's dangerous... but what the heck!).
>> >>  At any rate, I appreciate your looking into these problems created by my
>> >> follies!
>> >>
>> >
>> > Thank you Dan !!!!!!!!
>> > I always wanted this feature to be in fl_tt. I had actually asked this
>> > question on the list last year Dec 19th. I got no replies and figured
>> > it wasn't possible. Rest assured the next version will have this
>> > feature (now that I know it can be done). No more walking around
>> > shutting systems off by hand. :)
>> > Now if only there was a way to boot them remotely. sigh.
>> You have to enable an undocumented setting in lts.conf for this to work
>> (hint: grep SHUTDOWN /opt/ltsp/i386/etc/*).
> yes, I know. I already did it.
>> The reason this feature is undocumented and disabled by default is that
>> there is NO AUTHENTICATION yet. That means your kids can shutdown/reboot
>> any terminal they please if they figure this out :-(
> What if you change the permission of ltspinfo to 754?

It would break a bunch of stuff yet will not fix this specific problem...

No matter how you slice it or dice it, the "shutdown" feature is currently
at best secured by obscurity. Security by obscurity is no security at all,
especially when it is all in plain text.

Just to make the point perfectly clear, there is currently no way to
secure or restrict this specific feature. I highly recommend that this is
NOT ADDED to fl_tt or in any way encourage people to use it.

It is not an accident that this is disabled and undocumented.


More information about the K12OSN mailing list