You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@vcl.apache.org by Mike Haudenschild <mi...@longsight.com> on 2012/03/19 19:18:08 UTC
Full desktop Linux images?
Good afternoon, VCL users --
I was curious if anyone else is running full Linux desktops (e.g. with
GNOME) with VCL. Specifically, is there an implemented method for
connecting to the GUI (i.e. as RDP is used with Windows), or are Linux
images restricted only to the shell? Any tips/tricks?
Many thanks,
Mike
--
*Mike Haudenschild*
Education Systems Manager
Longsight Group
(740) 599-5005 x809
mike@longsight.com
www.longsight.com
Re: Full desktop Linux images?
Posted by Dmitri Chebotarov <dc...@gmu.edu>.
Looks like email client may interfere with diff output, so here are .txt files:
Re: Full desktop Linux images?
Posted by Dmitri Chebotarov <dc...@gmu.edu>.
Mike,
xrdp works well on Linux - http://www.xrdp.org/.
We are using it for Linux reservations with no issues (please use latest version of xrdp as there are some issues with RDP 6.1 for older xrdp).
You will need to modify following files/code to make RDP links available for a Linux reservation. Here is diff:
$ diff requests.php ~/apache-VCL-2.2.1-incubating/web/.ht-inc/requests.php
2272,2276c2272,2275
< print "<strong><big>NOTE:</big> You may now use the Windows Remote ";
< print "Desktop Connection to connect to this computer. You may also use an ";
< # print "<a href=\"http://vcl.ncsu.edu/help/connecting-vcl/how-connect-vcl#sshx\">";
< print "ssh client</a>.</strong>\n";
< /*if(eregi("windows", $_SERVER["HTTP_USER_AGENT"])) {
---
> print "<strong><big>NOTE:</big> You cannot use the Windows Remote ";
> print "Desktop Connection to connect to this computer. You must use an ";
> print "ssh client.</strong>\n";
> /*if(preg_match("/windows/i", $_SERVER["HTTP_USER_AGENT"])) {
2284d2282
<
2286,2307d2283
< # Add automatic RDP file to Linux Selection
<
< print "For automatic connection, you can download an RDP file that can ";
< print "be opened by the Remote Desktop Connection program.<br><br>\n";
< print "<table summary=\"\">\n";
< print " <TR>\n";
< print " <TD>\n";
< print " <FORM action=\"" . BASEURL . SCRIPT . "\" method=post>\n";
< $cdata = array('requestid' => $requestid,
< 'resid' => $requestData['reservations'][0]['reservationid']);
< $expire = datetimeToUnix($requestData['end']) -
< datetimeToUnix($requestData['start']) + 1800; # reservation time plus 30 min
< $cont = addContinuationsEntry('sendRDPfile', $cdata, $expire);
< print " <INPUT type=hidden name=continuation value=\"$cont\">\n";
< print " <INPUT type=submit value=\"Get RDP File\">\n";
< print " </FORM>\n";
< print " </TD>\n";
< print " <TD><a href=\"http://vcl.ncsu.edu/help/connecting-vcl/";
< print "remote-desktop/what-rdp-file\">What is an RDP file?</a></TD>\n";
< print " </TR>\n";
< print "</table>\n";
<
2309d2284
<
2395,2396d2369
<
<
Also, modify utils.pm on management node to add a check for RDP connection for Linux images.
By default VCLd only checks for SSH connected users for Linux reservation and you will get warning emails.
$ diff utils.pm ~/apache-VCL-2.2.1-incubating/managementnode/lib/VCL/utils.pm
1690,1693c1690
< #if ($line =~ /tcp\s+([0-9]*)\s+([0-9]*)\s($ipaddress:22)\s+([.0-9]*):([0-9]*)(.*)(ESTABLISHED)/) {
< # the line replaced with two checks - for port 22 or port 3389,
< if ( ($line =~ /tcp\s+([0-9]*)\s+([0-9]*)\s($ipaddress:22)\s+([.0-9]*):([0-9]*)(.*)(ESTABLISHED)/) ||
< ($line =~ /tcp\s+([0-9]*)\s+([0-9]*)\s($ipaddress:3389)\s+([.0-9]*):([0-9]*)(.*)(ESTABLISHED)/) ) {
---
> if ($line =~ /tcp\s+([0-9]*)\s+([0-9]*)\s($ipaddress:22)\s+([.0-9]*):([0-9]*)(.*)(ESTABLISHED)/) {
Thanks.
On Mar 19, 2012, at 14:18 , Mike Haudenschild wrote:
> Good afternoon, VCL users --
>
> I was curious if anyone else is running full Linux desktops (e.g. with GNOME) with VCL. Specifically, is there an implemented method for connecting to the GUI (i.e. as RDP is used with Windows), or are Linux images restricted only to the shell? Any tips/tricks?
>
> Many thanks,
> Mike
>
> --
> Mike Haudenschild
> Education Systems Manager
> Longsight Group
> (740) 599-5005 x809
> mike@longsight.com
> www.longsight.com
>
--
Dmitri Chebotarov
Virtual Computing Lab Systems Engineer, TSD - Ent Servers & Messaging
223 Aquia Building, Ffx, MSN: 1B5
Phone: (703) 993-6175
Fax: (703) 993-3404
Re: Full desktop Linux images?
Posted by Aaron Peeler <fa...@ncsu.edu>.
Just as a heads up, in the 2.3 release we're adding support to define
connection methods on a per image/OS basis.
We have a lot of the code work done and it's fairly stable in the
repository.
See VCL-30 and VCL-526
https://issues.apache.org/jira/browse/VCL-30
https://issues.apache.org/jira/browse/VCL-526
The basic flow would be to start the service and open the defined port in
the OS level firewall.
Aaron
On Mon, Mar 19, 2012 at 2:41 PM, James O'Dell <jo...@fullerton.edu> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I looked at VNC. I didn't like the security.
>
> > http://en.wikipedia.org/wiki/Virtual_Network_Computing
> > Security
> >
> > By default, RFB is not a secure protocol. While passwords are not sent
> in plain-text (as in telnet), cracking could prove successful if both the
> encryption key and encoded password are sniffed from a network. For this
> reason it is recommended that a password of at least 8 characters be used.
> On the other hand, there is also an 8-character limit on some versions of
> VNC; if a password is sent exceeding 8 characters, the excess characters
> are removed and the truncated string is compared to the password.
> >
> > However, VNC may be tunnelled over an SSH or VPN connection which would
> add an extra security layer with stronger encryption. SSH clients are
> available for all major platforms (and many smaller platforms as well); SSH
> tunnels can be created from UNIX clients, Microsoft Windows clients,
> Macintosh clients (including Mac OS X and System 7 and up) ? and many
> others. There are freeware applications that create instant VPN tunnels
> between computers.
> >
> > UltraVNC supports the use of an open-source encryption plugin which
> encrypts the entire VNC session including password authentication and data
> transfer. It also allows authentication to be performed based on NTLM and
> Active Directory user accounts. However, use of such encryption plugins
> make it incompatible with other VNC programs. RealVNC offers high-strength
> AES encryption as part of its commercial package, along with integration
> with Active Directory. Workspot released AES encryption patches for VNC.
>
> Also, the 4 or 5 vnc clients I tested kept crashing on me. grr!
>
> For me, it was just easier for everyone involved to standardize on rdp
>
> __Jim
>
>
> On 3/19/2012 11:31 AM, Waldron, Michael H wrote:
> > Yes, there is a very simple method of using VNC, which is available with
> > most Linux distros. Make sure you have both vnc and vnc-server packages
> > installed in the image. You don't have to have the VNC client installed
> > on the end-user's desktop, you can use the client in the Linux image.
> >
> > To start a full desktop:
> > - Make sure you are running an X-window manager on the user desktop.
> > - ssh into the Linux machine (set ssh client to forward X11 packets)
> > - vncserver -localhost
> > - vncviewer localhost:1
> >
> > The vncserver command will start a desktop session, prompting to set a
> > password that will be used to connect to it. The vncviewer command will
> > connect to the desktop session, the user is prompted for the password
> > they just set. The desktop is then displayed on the user's desktop as an
> > X11 display.
> >
> > Mike
> >
> > Mike Waldron
> > Systems Specialist
> > ITS Research Computing
> > University of North Carolina at Chapel Hill
> > CB #3420, ITS Manning, Rm 2509
> > 919-962-9778
> > ------------------------------------------------------------------------
> > *From:* Mike Haudenschild [mike@longsight.com]
> > *Sent:* Monday, March 19, 2012 2:18 PM
> > *To:* vcl-user@incubator.apache.org
> > *Subject:* Full desktop Linux images?
> >
> > Good afternoon, VCL users --
> >
> > I was curious if anyone else is running full Linux desktops (e.g. with
> > GNOME) with VCL. Specifically, is there an implemented method for
> > connecting to the GUI (i.e. as RDP is used with Windows), or are Linux
> > images restricted only to the shell? Any tips/tricks?
> >
> > Many thanks,
> > Mike
> >
> > --
> > *Mike Haudenschild*
> > Education Systems Manager
> > Longsight Group
> > (740) 599-5005 x809
> > mike@longsight.com <ma...@longsight.com>
> > www.longsight.com <http://www.longsight.com>
> >
>
>
> - --
> Jim O'Dell
> Network Analyst
> California State University Fullerton
> Email: jodell@fullerton.edu
> Phone: (657) 278-2256
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAk9nfe8ACgkQREVHAOnXPYSphwCgjtrISdoOXPZzbNvrlXa5Rx8T
> qSsAn1ekj+79XWhtS/Hy34vASxeUNGfz
> =UysL
> -----END PGP SIGNATURE-----
>
--
Aaron Peeler
Program Manager
Virtual Computing Lab
NC State University
All electronic mail messages in connection with State business which are
sent to or received by this account are subject to the NC Public Records
Law and may be disclosed to third parties.
Re: Full desktop Linux images?
Posted by James O'Dell <jo...@fullerton.edu>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I looked at VNC. I didn't like the security.
> http://en.wikipedia.org/wiki/Virtual_Network_Computing
> Security
>
> By default, RFB is not a secure protocol. While passwords are not sent in plain-text (as in telnet), cracking could prove successful if both the encryption key and encoded password are sniffed from a network. For this reason it is recommended that a password of at least 8 characters be used. On the other hand, there is also an 8-character limit on some versions of VNC; if a password is sent exceeding 8 characters, the excess characters are removed and the truncated string is compared to the password.
>
> However, VNC may be tunnelled over an SSH or VPN connection which would add an extra security layer with stronger encryption. SSH clients are available for all major platforms (and many smaller platforms as well); SSH tunnels can be created from UNIX clients, Microsoft Windows clients, Macintosh clients (including Mac OS X and System 7 and up) ? and many others. There are freeware applications that create instant VPN tunnels between computers.
>
> UltraVNC supports the use of an open-source encryption plugin which encrypts the entire VNC session including password authentication and data transfer. It also allows authentication to be performed based on NTLM and Active Directory user accounts. However, use of such encryption plugins make it incompatible with other VNC programs. RealVNC offers high-strength AES encryption as part of its commercial package, along with integration with Active Directory. Workspot released AES encryption patches for VNC.
Also, the 4 or 5 vnc clients I tested kept crashing on me. grr!
For me, it was just easier for everyone involved to standardize on rdp
__Jim
On 3/19/2012 11:31 AM, Waldron, Michael H wrote:
> Yes, there is a very simple method of using VNC, which is available with
> most Linux distros. Make sure you have both vnc and vnc-server packages
> installed in the image. You don't have to have the VNC client installed
> on the end-user's desktop, you can use the client in the Linux image.
>
> To start a full desktop:
> - Make sure you are running an X-window manager on the user desktop.
> - ssh into the Linux machine (set ssh client to forward X11 packets)
> - vncserver -localhost
> - vncviewer localhost:1
>
> The vncserver command will start a desktop session, prompting to set a
> password that will be used to connect to it. The vncviewer command will
> connect to the desktop session, the user is prompted for the password
> they just set. The desktop is then displayed on the user's desktop as an
> X11 display.
>
> Mike
>
> Mike Waldron
> Systems Specialist
> ITS Research Computing
> University of North Carolina at Chapel Hill
> CB #3420, ITS Manning, Rm 2509
> 919-962-9778
> ------------------------------------------------------------------------
> *From:* Mike Haudenschild [mike@longsight.com]
> *Sent:* Monday, March 19, 2012 2:18 PM
> *To:* vcl-user@incubator.apache.org
> *Subject:* Full desktop Linux images?
>
> Good afternoon, VCL users --
>
> I was curious if anyone else is running full Linux desktops (e.g. with
> GNOME) with VCL. Specifically, is there an implemented method for
> connecting to the GUI (i.e. as RDP is used with Windows), or are Linux
> images restricted only to the shell? Any tips/tricks?
>
> Many thanks,
> Mike
>
> --
> *Mike Haudenschild*
> Education Systems Manager
> Longsight Group
> (740) 599-5005 x809
> mike@longsight.com <ma...@longsight.com>
> www.longsight.com <http://www.longsight.com>
>
- --
Jim O'Dell
Network Analyst
California State University Fullerton
Email: jodell@fullerton.edu
Phone: (657) 278-2256
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk9nfe8ACgkQREVHAOnXPYSphwCgjtrISdoOXPZzbNvrlXa5Rx8T
qSsAn1ekj+79XWhtS/Hy34vASxeUNGfz
=UysL
-----END PGP SIGNATURE-----
RE: Full desktop Linux images?
Posted by "Waldron, Michael H" <mw...@email.unc.edu>.
Yes, there is a very simple method of using VNC, which is available with most Linux distros. Make sure you have both vnc and vnc-server packages installed in the image. You don't have to have the VNC client installed on the end-user's desktop, you can use the client in the Linux image.
To start a full desktop:
- Make sure you are running an X-window manager on the user desktop.
- ssh into the Linux machine (set ssh client to forward X11 packets)
- vncserver -localhost
- vncviewer localhost:1
The vncserver command will start a desktop session, prompting to set a password that will be used to connect to it. The vncviewer command will connect to the desktop session, the user is prompted for the password they just set. The desktop is then displayed on the user's desktop as an X11 display.
Mike
Mike Waldron
Systems Specialist
ITS Research Computing
University of North Carolina at Chapel Hill
CB #3420, ITS Manning, Rm 2509
919-962-9778
________________________________
From: Mike Haudenschild [mike@longsight.com]
Sent: Monday, March 19, 2012 2:18 PM
To: vcl-user@incubator.apache.org
Subject: Full desktop Linux images?
Good afternoon, VCL users --
I was curious if anyone else is running full Linux desktops (e.g. with GNOME) with VCL. Specifically, is there an implemented method for connecting to the GUI (i.e. as RDP is used with Windows), or are Linux images restricted only to the shell? Any tips/tricks?
Many thanks,
Mike
--
Mike Haudenschild
Education Systems Manager
Longsight Group
(740) 599-5005 x809
mike@longsight.com<ma...@longsight.com>
www.longsight.com<http://www.longsight.com>
Re: Full desktop Linux images?
Posted by James O'Dell <jo...@fullerton.edu>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I didn't need to make any changes. I just installed RDP as part of the
image creation.
This may not be the best method as the firewall isn't configured
to limit rdp access. But it seemed to work.
__Jim
On 3/19/2012 11:27 AM, Mike Haudenschild wrote:
> Hi Jim,
>
> Did you make changes to VCL, or just pre-install an RDP server on the
> Linux box prior to pulling the image?
>
> Regards,
> Mike
>
> On Mon, Mar 19, 2012 at 14:22, James O'Dell <jodell@fullerton.edu
> <ma...@fullerton.edu>> wrote:
>
> On 3/19/2012 11:18 AM, Mike Haudenschild wrote:
>> Good afternoon, VCL users --
>
>> I was curious if anyone else is running full Linux desktops (e.g. with
>> GNOME) with VCL. Specifically, is there an implemented method for
>> connecting to the GUI (i.e. as RDP is used with Windows), or are Linux
>> images restricted only to the shell? Any tips/tricks?
>
>> Many thanks,
>> Mike
>
>> --
>> *Mike Haudenschild*
>> Education Systems Manager
>> Longsight Group
>> (740) 599-5005 x809 <tel:%28740%29%20599-5005%20x809>
>> mike@longsight.com <ma...@longsight.com>
> <mailto:mike@longsight.com <ma...@longsight.com>>
>> www.longsight.com <http://www.longsight.com>
> <http://www.longsight.com>
>
>
> I had it working with xrdp. I never went so far as to build an rdp
> download file though.
>
> __Jim
>
>
>
- --
Jim O'Dell
Network Analyst
California State University Fullerton
Email: jodell@fullerton.edu
Phone: (657) 278-2256
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk9ne7kACgkQREVHAOnXPYTmcACfVAKfLhMNqSq+3nqt9pltdq0Z
IzsAn3YX8RzOottdqAMV6NK2COnlzbq9
=YnpY
-----END PGP SIGNATURE-----
Re: Full desktop Linux images?
Posted by Mike Haudenschild <mi...@longsight.com>.
Hi Jim,
Did you make changes to VCL, or just pre-install an RDP server on the Linux
box prior to pulling the image?
Regards,
Mike
On Mon, Mar 19, 2012 at 14:22, James O'Dell <jo...@fullerton.edu> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 3/19/2012 11:18 AM, Mike Haudenschild wrote:
> > Good afternoon, VCL users --
> >
> > I was curious if anyone else is running full Linux desktops (e.g. with
> > GNOME) with VCL. Specifically, is there an implemented method for
> > connecting to the GUI (i.e. as RDP is used with Windows), or are Linux
> > images restricted only to the shell? Any tips/tricks?
> >
> > Many thanks,
> > Mike
> >
> > --
> > *Mike Haudenschild*
> > Education Systems Manager
> > Longsight Group
> > (740) 599-5005 x809
> > mike@longsight.com <ma...@longsight.com>
> > www.longsight.com <http://www.longsight.com>
> >
>
> I had it working with xrdp. I never went so far as to build an rdp
> download file though.
>
> __Jim
>
> - --
> Jim O'Dell
> Network Analyst
> California State University Fullerton
> Email: jodell@fullerton.edu
> Phone: (657) 278-2256
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAk9neWIACgkQREVHAOnXPYRRVgCgpjkKb7VQlzebnxmHpwgg09jF
> qn4An2xfycMvbGyZqROjlvWEsOn2YhSn
> =ax5W
> -----END PGP SIGNATURE-----
>
Re: Full desktop Linux images?
Posted by James O'Dell <jo...@fullerton.edu>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 3/19/2012 11:18 AM, Mike Haudenschild wrote:
> Good afternoon, VCL users --
>
> I was curious if anyone else is running full Linux desktops (e.g. with
> GNOME) with VCL. Specifically, is there an implemented method for
> connecting to the GUI (i.e. as RDP is used with Windows), or are Linux
> images restricted only to the shell? Any tips/tricks?
>
> Many thanks,
> Mike
>
> --
> *Mike Haudenschild*
> Education Systems Manager
> Longsight Group
> (740) 599-5005 x809
> mike@longsight.com <ma...@longsight.com>
> www.longsight.com <http://www.longsight.com>
>
I had it working with xrdp. I never went so far as to build an rdp
download file though.
__Jim
- --
Jim O'Dell
Network Analyst
California State University Fullerton
Email: jodell@fullerton.edu
Phone: (657) 278-2256
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk9neWIACgkQREVHAOnXPYRRVgCgpjkKb7VQlzebnxmHpwgg09jF
qn4An2xfycMvbGyZqROjlvWEsOn2YhSn
=ax5W
-----END PGP SIGNATURE-----