Secure remote desktop login?

Craig White craigwhite at azapple.com
Thu Oct 30 16:37:17 MST 2008


On Thu, 2008-10-30 at 16:09 -0700, Alan Dayley wrote:
> I'm specifying the configuration for secure, remote desktop login on a
> Linux box.  Here are the basic requirements:
> 
> 1 - User's computers are running Windows XP (or maybe 2000 but not
> Vista) so the remote desktop client needs to run on Windows XP.
> 2 - The Linux desktop will be KDE (not that this should matter too much).
> 3 - At first the remote connection will be over the LAN, not over the
> Internet (not that this should matter much either).
> 4 - The connection between the client and the desktop server must be encrypted.
> 5 - The user must not be allowed to copy files or other data from the
> desktop server to their computer.  The user can only login and use the
> server desktop.
> 6 - The user will login using credentials on the desktop server
> independent of any other authentication mechanism.
> 
> I think FreeNX (http://freenx.berlios.de/) fits this bill.  But I
> wanted to ask the group about any other options I may not know about.
> I'm shooting for a FS/OSS solution but am not against paying for it if
> that is the best thing to do.  (Meaning FS/OSS solutions that have pay
> support are fine.)
> 
> Any thoughts?
----
freenx - don't look any further.

I don't know what your 'server' is running but RHEL/CentOS has freenx
server available in CentOS Plus repository, Fedora has it available in
standard repositories and I would venture that any Debian installation
would have it packaged and ready to install.

FreeNX does a number of things...
- encrypted SSL
- compression for excellent transmissions, even through congested
network space (i.e., Internet)
- can possibly use local printers/hard drive (I presume you can disable
this feature too)
- supports copy/paste from to/from host

The client is downloaded free from 'nomachine.org'

Nomachine.com also sells their NX Server which is probably better than
the FreeNX version but to be honest, FreeNX has always given me what I
need.

I am concerned though that you are thinking that you can give a user a
shell on a system and prevent them from copying files to/from anywhere.
I don't think that is a reasonable expectation. I think if your
expectation is to really put limitations on a user, you should be using
something like LTSP (http://www.ltsp.org)

Craig



More information about the PLUG-discuss mailing list