[K12OSN] need help running sshd on client for fl_teachertool

Tue Sep 29 14:27:59 UTC 2009

On Tue, 2009-09-29 at 10:16 -0400, Jeff Siddall wrote:
> Gideon Romm wrote:
> > Robert, no need for sshd on the client for this! LTSP5 has a whole
> > system for starting processes after X launches, but before the greeter.
> > 
> > There are in fact two different paths of interest in your chroot:
> > 
> > .../usr/share/ltsp/xinitrc.d/  (This is used for ANY graphical screen
> > script, ldm, rdesktop, etc)
> > 
> > .../usr/share/ldm/rc.d/ (This is used only for LDM)
> > 
> > If you create a script prefixed with the capital letter "I" (as in
> > "init"), this script will be *sourced* after X initializes but before
> > the greeter.
> > 
> > This is the ideal place to put a call to x11vnc.  Just make sure you
> > call x11vnc to die along with X, so it starts up every time and does not
> > daemonize or anything.
> > 
> > You will find other scripts in those directories as examples.  If you
> > are running an image-based distro, such as ubuntu, remember to update
> > the image after making changes.
> 
> Gadi,
> 
> This is good information, and I agree that sshd is not _required_.
> However, it is still recommended for anyone who wants to encrypt traffic
> to the client.  It has the added benefit that x11vnc is only launched
> when needed, thus not consuming resources on the client continuously.
> 
> Jeff
> 

Jeff, if you are only using ssh to *launch* x11vnc, then you do know
that the vnc traffic is still *unencrypted*, right?  There are methods
to encrypt the vnc connection, as wel, so maybe you guys are doing that,
too?  If not, don't be lulled into a false sense of security.  In fact,
it's more secure to not have sshd running at all then it is to have it
running for the purpose of launching something.

Also, keep in mind, x11vnc can also be launched from (x)inetd.  So, if
you are looking to achieve having it launched "on demand", that would be
another way to go without sshd.

When its all said and done, though, I think if x11vnc introduces enough
overhead to the running system to make it not work well, whether you
introduce that overhead at the start or only while someone is working, I
think the user's not gonna be happy with you.  :)  Also, sshd+x11vnc
necessarily has more overhead than x11vnc by itself, even if not running
all the time.  In my limited experience, I never saw much overhead to
x11vnc at all on the user's session - only on the vnc connection made.

Now, if you *still* want sshd installed, once you install it, you
should, in the chroot, make it run on boot just like any other service.
In a redhat/fedora environment, I guess that is with chkconfig while
chrooted, or some such?  I know on ubuntu, it would be with
update-rc.d.  

-Gadi

> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
-- 
--------------------------------------------------------
Gideon Romm | Proud LTSP Developer
ltsp at symbio-technologies.com

Pay It Forward!  
Intel Atom 1.6GHz, 512MB RAM + Symbiont Boot Stick = $275
10% of order goes to school or open source project of your choice!

Buy yourself a lab or office and use your donation to set up a school,
pay for a desperately needed feature added to a software package,
or sponsor part of LTSP's annual developer's conference LTSP-by-the-sea!

Check out:  http://www.symbio-technologies.com/payitforward 