-
Notifications
You must be signed in to change notification settings - Fork 0
/
notes
97 lines (86 loc) · 4.89 KB
/
notes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
Setup and optimization for remote graphical access
Q1. why does enabling "remote admin" turn on DISPLAYMANAGER_ROOT_LOGIN_REMOTE
Remote Desktop Methods
start with query of the audiance - what remote methods do you use, how well do they work.
last year someone mentioned starting a full session via "ssh -X". look into that and see if it works
state that we will explain first and then demo everything.
explain that XDMCP is something of the past, not a good idea to use it these days (security and bandwith reason)
need to go over a vpn for security,
VNC - Xvnc. configured from YasT2 (xinetd) //with SP2 we now have a "session management" option ?
non persistent session, if the viewer machine crashes the session is lost,
secure without a password as long as gdm requires auth
can be configured to be persistent session via the wait=no param
managed with vncconfig (clipboard support), vncpasswd
how does that interact with loginctl
bnc#920969
with SP2 if attempt to login as a user that is already logged in you will get an error message
VNC - vino. configured from control-center. underlying gconf keys demoed later (disable logout)
must be logged in to the session, if the X server goes into background viewer freezes
persistent, multiple simaltaneous connections
VNC - /etc/X11/xorg.conf.d/10-libvnc.conf - don't use the suggested DefaultDepth 16. bsc#942982
not supported by lots of driver/hardware combos - leave user with an Xserver that won't start
no real benefit.
RDP (provided by xrdp / freerdp) – bnc939109, bnc928030
Vinagre - discuss keybinding passthrough, show full screen toolbar now that it works
integration with gnome-keyring, gconf keys, run with --gtk-vnc-debug
vncviewer
tigervnc also provides a java version of the viewer - we use this from the browser
this java applet can also be run standalone
shell script started from xinetd and prints out simple http response
Security - TLS support for VNC in vino/vinagre. Supposed to be in SP1 for tigervnc also but as of RC3 does not work
Demo
demo connecting to SLES 12 through : VNC, RDP (with a Windows client),
VNC remote connection from java in a browser (or even HTML5 in a browser !!)
* users/pass on linux VM:
tux / tux
root / susecon15
on Windows VM: susecon/susecon
3 VMs:
SLES12SP1: 192.168.122.72
vino is enabled on main VNC port (:0)
vnc non persistent on :1 (TLS enabled)
vnc persistent on :2 (TLS enabled)
http/https enabled for vnc:1 and vnc:2
rdp available (allow to connect to both vnc:1 and vnc:2)
xdmcp enabled
SLED12SP1: 192.168.122.200
vino is enabled on this VM (shouldn't be needed)
firefox shortcut on the desktop to demo java vnc
vinagre preconfigured with bookmarks for SLES VNC:1, SLES vnc:2, RDP on Windows
Windows: 192.168.122.194
RDP enabled
IE shortcuts to demo VNC connection over java
RDP viewer shortcut to connect on SLES
Other Methods
remote X11 applications through ssh is still supported and secure :
ssh -X vs ssh -Y
why does ssh -X and then evince not resize.
problems with menu bar - ie ssh -> gnote. Can't click on the menu bar in the header
starting graphical applications in containers (see with Cedric)
should we demo what alexl demoed during xdg-app talk on how to do anything across X11 socket ?
Accessing SLE from windows
windows access - attachmate java solution (Bankim Shaw), (is this reflectionX ?) Xming, Exceed (bad), cygwin, vncviewer,
Session monitoring / management
session management (kill a session, see man systemd-logind) with systemd-loginctl
debugging
Firewall.
/etc/gdm/custom.conf -> section [debug] -> Enable=true
when you will need to use xdm/iceWM (see the readme)
/etc/sysconfig/displaymanager how it works
Performance considerations and limitations with multiple simultaneous graphical user sessions and multiple user switching.
multiuser bnc#909360, switching users bsc929122 and bsc940159,
gnome only allow same user logged in once
Additional settings
demo of kiosk:
- explain gsettings / dconf defaults + lockdown:
* disabling Alt-F2( explain we can also customize / changes keybinding )
* disabling save-to-disk
* disabling log-out
* disabling printing icon
- explanation of polkit permissions and demo on one specific permission:
* disabling reboot without root password on SLED (ie SLES behaviour)
other possibilities (not demoed): disabling USB stick mount without root password
Add more logging to gdm/gnome-shell on failure - possible backtrace from who called the oh-no method
On black screen we still have gnome-shell running, we just don't have mutter anymore – display a warning screen.
the viewer displays a black screen when X.Org is run with libvnc.so and gets vt-switched away. Either close the remote connection or displaying a notification screen would be better
SLED Kiosk - libreoffice, samba, gdm with AD Login, snapper, empathy with local users