1

Are there any secure alternatives to XDMCP (A Linux remote desktop protocol)?

I'd like to set up some thin clients -- UI heads (old computer + mouse + keyboard) connected to VMs on a fast server. ssh -Y doesn't quite cut it, since this would be for non-savvy computer users. I'd like it integrated with kdm/gdm if possible (this seems to rule out Nomachine NX, and I don't like closed source).

I am on a private network, so I guess I'll probably end up going with XDMCP, but it would seem kinda sorry if there aren't any secure open-source alternatives.

ThinkingStiff
  • 64,767
  • 30
  • 146
  • 239
gatoatigrado
  • 16,580
  • 18
  • 81
  • 143

3 Answers3

2

This seems like a question for serverfault, but couldn't you just setup a VPN between the client computer and the server? That way, all traffic will be encrypted between the two machines.

Dan
  • 955
  • 6
  • 11
  • sounds good, I'm wondering why I didn't think of that... will take a look at strongswan (unless you know something better)? – gatoatigrado Dec 05 '09 at 14:12
  • I've always used OpenVPN, but it falls in the "it's what I know" category more than the "it's better than xyz" category – Dan Dec 09 '09 at 03:09
1

Why not use ssh -X ? You could auto-logon locally with a general user and then autorun a script displaying a form for entering user/passwd which connects to a session using ssh -X...

Atmocreations
  • 9,923
  • 15
  • 67
  • 102
  • That's a very ad-hoc solution. It's easy to manipulate (simply editing the startup script for the guest user, and make it log passwords), and undoubtedly confusing when things don't work right. Also, I think you really want to use ssh -Y; iirc ssh -X only forwards X11, not tunnels it. – gatoatigrado Oct 28 '09 at 18:44
  • Well I guess it's not easy to manipulate the startup script as the user has read-only access on it. But yes you're right, ssh -X only forwards X11. Didn't know it needs to be tunneled. – Atmocreations Oct 30 '09 at 20:27
  • Sorry for the confusion -- at least on the latest version of ssh, it seems -X may be the correct flag. It's hard to make sense of the man page though. – gatoatigrado Dec 21 '10 at 04:44
1

Check out Nomachine NX, which is a secure version of X. They reduced the chattyness of the X protocol in a neat way and tunnel it through ssh. It works really well (but disclaimer - my company does resell the software). Available in free-as-in-beer single user version, or paid for enterprise version. There's also freenx, which is a GPL implementation of the server (the protocol, at least in version 3.x, is GPL).

Seb James
  • 11
  • 1