Hi List,
I am thinking about setting up a public x2goplugin test site. This
test site needs some features.
o accessible from everywhere on the internet o no access to the internet (local iptables, blocking outgoing connections) o ssh key auto-login (username x2gotest) o disposable homes - on login generate homedir-name (/home/x2gotest.<some-id>) - create /home/x2gotest.<some-id> from pre-configured skel (pam_mkhomedir) - on logout remove /home/x2gotest.<some-id> o x2go session timeouts (5min) o allow simultaneous sessions (limit number of simultaneous sessions) o ... (anything forgotten)
If any of you can contribute to any of these aspects or add security
thoughts to the above list, please do so.
My questions:
o when is the best moment to rename the home dir to a session
individual name?
o where can I hook into the logout x2go process to remove the
deprecated home
dir?
o does x2go support session timeouts natively?
o can x2go limit the number of allowed simultaneous sessions?
Greets, Mike
--
DAS-NETZWERKTEAM mike gabriel, dorfstr. 27, 24245 barmissen fon: +49 (4302) 281418, fax: +49 (4302) 281419
eMail-LeseSchreibStunde: wochentags 8h-10h mail: m.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de
freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xf...
Hi there,
On Mi 30 Jun 2010 22:47:02 CEST Mike Gabriel wrote:
[...]
what I actually wanted to put under this subject...
I played with timeoutd and autolog (both debian squeeze and ubuntu
lucid). Both packages are (as I understand) unmaintained in Debian,
and what I read of unmaintained in upstream. There is no such
replacement for either of the tools, is it?
Do you have any concepts in your setups for handling of
o idle session/process management o session timeout management o cleaning up of lost processes o are any of these features included in x2go already?
Greets, Mike
--
DAS-NETZWERKTEAM mike gabriel, dorfstr. 27, 24245 barmissen fon: +49 (4302) 281418, fax: +49 (4302) 281419
eMail-LeseSchreibStunde: wochentags 8h-10h mail: m.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de
freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xf...
-
Mike Gabriel