Re: Idea: RDP based demo site for Debian Edu Wheezy
[Petter Reinholdtsen]
> I am unsure if we want to set up such machine to completely block
> access to the outside world or not. It would block browser testing,
> but also avoid a lot of potential security problems. I suspect a
> good first setup is to install Main-Server+Thin-Client-Server and
> block all outside access, and only allow web access to the local web
> server.
As a proof of concept, I set up a Workstation based on Debian Edu
Wheezy on ghost.skolelinux.no integrated with the rest of
*.skolelinux.no, and configured xrdp on the machine to allow all the
people with access to user.skolelinux.no to also have access to
ghost.skolelinux.no. The machine only got 700 MiB RAM and is running
on a quite strained virtual host, so it can't handle many concurrent
users.
But it allow us developers to check out RDP and the current Wheezy
desktop, and test if RDP access is a useful thing to set up for
everyone. As it only give access to users that can already log into
user.skolelinux.no and do almost the same as now can be done on
ghost.skolelinux.no, I did not spend time locking down the machine.
It will probably change in the future.
At the moment the default desktop is KDE. It can be changed to Gnome
and LXDE by running 'update-alternatives --config x-session-manager'
as root.
If you log in via rdp to this machine, you want to remove the file
~/.vnc/sesman_*_passwd when you are done, as it contain the users
encrypted password used to attach the RDP session to the VNC session.
--
Happy hacking
Petter Reinholdtsen
Reply to: