Linux Terminal Server

A common scenario is to have a secure Linux box in your office and allow employees to use it for accessing suspicious sites and internet resources when needed. Such a scenario is usually followed by the belief that only a Linux box can be still functional (browser accepts cookies and flash) and kept secure. Though there might be other reasons such as preserving resources on local pcs and / or using applications available only for Linux.

So our aim is to have a Linux server to which remote clients connect and use graphical applications. Of course, the last condition makes it interesting because otherwise it will be a straight ssh usage case. While there are numerous solutions for this (many of which paid and requiring installation of additional software) we will go through the simplest and most stable one. Here are the steps:

1. No software installed on the server. Just make sure that in /etc/ssh/sshd_config X11Forwarding is allowed:

X11Forwarding yes

If it was set to no or was missing you will have to restart sshd. The fact that no software is installed on the server would make comfortable all Linux admins who hate installing third party software, especially paid and proprietary.

2. On the client windows machines we will install 

A. Xming:

From the above choose the plain xming package and nothing else. Once installed just start the plain xming and nothing else (xming-launch, etc). To acknowledge it is running please find a small X like icon in your tray.

B. Putty - needed for connecting to the server. The best thing is that it will ensure secure(encrypted) and fast(compressed) communication between the client and the server. 

Once we download and install Putty we have to modify only one setting in it - Enable X11 Forwarding as shown on the picture below.

Finally open a new connection to the server using its ip, user and pass. Once logged in run any command for graphical application such as google-chrome or skype and it will appear on your Windows desktop as a regular window. 

If we assume that employees have no idea of Linux and its terminal we can add all the needed applications to ~/.profile or even /etc/profile so that they are automatically started upon login.

That's how with very little efforts and additional software installation you can create a very safe and stable but still user-friendly environment for accessing untrusted (even suspicious) public resources using xming and Linux.

blog comments powered by Disqus