[K12OSN] need help running sshd on client for fl_teachertool

Jeff Siddall news at siddall.name
Tue Sep 29 18:24:18 UTC 2009


Gideon Romm wrote:
> Jeff, if you are only using ssh to *launch* x11vnc, then you do know
> that the vnc traffic is still *unencrypted*, right?  There are methods
> to encrypt the vnc connection, as wel, so maybe you guys are doing that,
> too?  If not, don't be lulled into a false sense of security.  In fact,
> it's more secure to not have sshd running at all then it is to have it
> running for the purpose of launching something.

No, the idea is to tunnel _all_ vnc traffic through ssh.  Disallowing
password authentication and allowing only keys ensures security even if
the client image is available publicly (eg: via NFS)

Here's a link to the configuration I use:

http://wiki.ltsp.org/twiki/bin/view/Ltsp/X11vncLocalApp

> When its all said and done, though, I think if x11vnc introduces enough
> overhead to the running system to make it not work well, whether you
> introduce that overhead at the start or only while someone is working, I
> think the user's not gonna be happy with you.  :)  Also, sshd+x11vnc
> necessarily has more overhead than x11vnc by itself, even if not running
> all the time.  In my limited experience, I never saw much overhead to
> x11vnc at all on the user's session - only on the vnc connection made.

The overhead of having sshd listening is _much_ less than having x11vnc
running.  I agree that when running sshd+x11vnc _will_ slow the client
down, in my case this is only going to be used for remote support and
the user will not care about the slowdown during the time that remote
support is being provided.

Jeff




More information about the K12OSN mailing list