[K12OSN] need help running sshd on client for fl_teachertool
Robert Arkiletian
robark at gmail.com
Tue Sep 29 19:33:26 UTC 2009
On Tue, Sep 29, 2009 at 11:24 AM, Jeff Siddall <news at siddall.name> wrote:
> Gideon Romm wrote:
>> Jeff, if you are only using ssh to *launch* x11vnc, then you do know
>> that the vnc traffic is still *unencrypted*, right? There are methods
>> to encrypt the vnc connection, as wel, so maybe you guys are doing that,
>> too? If not, don't be lulled into a false sense of security. In fact,
>> it's more secure to not have sshd running at all then it is to have it
>> running for the purpose of launching something.
>
> No, the idea is to tunnel _all_ vnc traffic through ssh. Disallowing
> password authentication and allowing only keys ensures security even if
> the client image is available publicly (eg: via NFS)
>
> Here's a link to the configuration I use:
>
> http://wiki.ltsp.org/twiki/bin/view/Ltsp/X11vncLocalApp
Jeff,
the line you launch x11vnc is
system("x11vnc -display :$1 -localhost -auth $2");
you are not using a password file. This is bad because anyone can now
snoop the screens of users. x11vnc gives big warnings not to do this.
Even if you did use a password file, where would you put it (that is
not nfs exported)?
>
>> When its all said and done, though, I think if x11vnc introduces enough
>> overhead to the running system to make it not work well, whether you
>> introduce that overhead at the start or only while someone is working, I
>> think the user's not gonna be happy with you. :) Also, sshd+x11vnc
>> necessarily has more overhead than x11vnc by itself, even if not running
>> all the time. In my limited experience, I never saw much overhead to
>> x11vnc at all on the user's session - only on the vnc connection made.
>
> The overhead of having sshd listening is _much_ less than having x11vnc
> running. I agree that when running sshd+x11vnc _will_ slow the client
> down, in my case this is only going to be used for remote support and
> the user will not care about the slowdown during the time that remote
> support is being provided.
>
> Jeff
>
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
>
--
Robert Arkiletian
Eric Hamber Secondary, Vancouver, Canada
More information about the K12OSN
mailing list