Page 1 of 1

Multi user desktop server

Posted: Sun Dec 06, 2020 2:03 pm
by user1111

Have a desktop system just gathering dust, why not put it to work as a gui desktop server.

This is a a basic, get-you-going Fatdog setup, note that this is insecure against local LAN activities, but that may be acceptable to you provided you're behind a firewall such as in your ISP's router/hub.

/etc/ssh/sshd_config ....

Code: Select all

PermitRootLogin yes
PubkeyAuthentication yes
PasswordAuthentication yes
Subsystem sftp /usr/libexec/sftp-server

Control Panel, Manage Services ... to set sshd to be enabled and start sshd running.

Control Panel, gslapt to install 'perl' (tigervnc and hence vncserver are already installed by default in Fatdog).

Control Panel, Users, and add however many users you might want, user1, user2 .... etc.

For each of those users, login and run 'vncserver' and when prompted set the vncpassword for each of the users ... for instance for user1 run su user1 and then run vncserver.

Save that setup and reboot. The server is now good to go.

========================================

From another box, say your laptop, ssh into the server. Best if the server is set in your router to have a fixed IP allocated to it. For instance if the servers IP is 192.168.1.4 then on your laptop open a terminal window and run ssh user1@192.168.1.4. Enter the password for that userid, by default woofwoof unless you also ran 'passwd' when logged into user1 earlier to change it, and you should drop into a command line as user1 on the server. If not then you might have eztables running (Control Panel, Services) acting as a firewall block. Once at the user1 on the server command line, simply run 'vncserver' and it should provide a indication of which port that is serving to, likely 1 for the first case.

Now on your laptop open tigervnc viewer (within Menu, Network) and vnc to the server, for instance enter 192.168.1.4:5901 ... and when prompted enter the vnc password you set for that user earlier (above), and that should result in a X window with a terminal being displayed.

In that terminal run jwm & ... to add a jwm menu/panel. You might also like to run rox --pinboard=pinboard (you can change the dull background using Control Panel, Desktop, Natham Wallpaper set tool).

Note that you can set full screen using F8. Also note that if you close the initial terminal window that was opened then that may result in jwm panel and rox pinboard also being closed, so ensure you run 'disown' in that terminal before closing it.

You can repeat that process but using user2 to ssh in, run vncserver, and then use tigervnc to connect to another gui desktop on the server, that will likely use 2 i.e. in tigervnc open 192.168.1.4:5902.

s.jpg
s.jpg (138.92 KiB) Viewed 644 times

A nice feature of such a terminal/server setup is that any browsing around the web will have sites that perhaps run javascript to fingerprint what device you are using will see the servers fingerprint, not your laptops fingerprint. It provides a element of obscurity.

You may later go on to harden the setup, such as setting up ssh keys etc.

As a alternative, that uses X and vnc ... see viewtopic.php?p=11883#p11883

If you're looking for Multi-Seat instead of Multi-User, then James wrote a nice article some time back http://lightofdawn.org/wiki/wiki.cgi/LinuxMultiSeat


x0vncserver ... multiple instances

Posted: Mon Dec 14, 2020 2:54 pm
by user1111

On server run
vncpasswd ... to create a password (by default stored in ~/.vnc/passwd)

To set up two connections ...

DISPLAY=:0 x0vncserver -rfbport 5900 -rfbauth ~/.vnc/passwd &
DISPLAY=:0 x0vncserver -rfbport 5901 -rfbauth ~/.vnc/passwd &
disown

x0vncserver (note that is a zero) connections can now be made using tigervnc to the servers IP:5900 and IP:5901. For instance if the servers IP is 192.168.1.4 then in tigervnc enter 192.168.1.4:5900 (or 192.168.1.4:5901). That's a 'collaboration' mode i.e. all see/use the exact same desktop (not independent desktops).

For me, the lag is very minimal. For instance with supertuxkart loaded/running on the server then on my laptop (client that is running tigervnc viewer) controlling racing around the track is perfectly comfortably playable over a 10Mb wifi net connection, as is watching youtubes in a regular view.


Re: Multi user desktop server

Posted: Mon Dec 14, 2020 3:58 pm
by user1111

Tails, suggested for its security/anonymity, still permits remote sites to see potential/likely unique fingerprints ...

Screenshot from 2020-12-14 00-26-27.png
Screenshot from 2020-12-14 00-26-27.png (179.1 KiB) Viewed 612 times

More secure than Fatdog in the sense that they seem to trawl through setting appropriate permissions

Screenshot from 2020-12-14 00-34-14.png
Screenshot from 2020-12-14 00-34-14.png (169.41 KiB) Viewed 612 times

... but if other methods such as fingerprinting negate security/anonymity then those seeking to identify/track would no doubt incorporate such methods.

With vnc however, the device used for control/display is fundamentally just conveying the display/screen buffer and mouse/key actions. It's the vnc server that leaves its fingerprints - not the client. And you could have vnc'd into the server from anywhere, your geolocation and actual device remains obscured.

Generally when on the same LAN it looks like x0vncserver is the better choice. If out and about then vncserver is likely better (lower bandwidth). Client/server setups also significantly reduce the load on the client system, such that older lower powered devices might be used.

Step has been doing some great things with respect to remote sound (using pulse audio)

viewtopic.php?f=60&t=1484

And vnc/remote desktop providers are starting to include such functionality ...

https://www.realvnc.com/en/connect/audio/

https://www.nomachine.com/

Openbsd's sound server (remote sound) seems to utilise relatively little bandwidth ...

https://www.openbsd.org/faq/faq13.html#audionet

Or nowadays you can rent virtual private servers for low cost, install what you like and thereby potentially use that as (vnc into) a desktop server that leaves its fingerprints everywhere, not your actual device.


Re: Multi user desktop server

Posted: Tue Dec 15, 2020 12:40 am
by user1111

Using a Fatdog desktop PC system server with user1 and user2 userid's created, from my laptop ssh into user1 and run vncserver, and then from the laptop ssh into user2 and run vncserver .... and then from the laptop starting up two instances of tigervnc viewer to vnc into each of those - and you have independent desktops. Starting seamonkey in both and playing different youtubes ....

s.jpg
s.jpg (185.19 KiB) Viewed 588 times

on a 4 core 2GB fatdog server system the videos were responsive/clean (the htop summary in the bottom right corner is for the server).

Silence/pause one of the two and cpu usage halved down from around 66% to around 33%. So I guess on that type of hardware around 3 separate desktops would be near enough the reasonable peak before swapping started to occur (that likely would cause periodic lags).

Note that when I vnc'd into each, you're presented with a terminal window, within which I simply ran
jwm &
... for a menu bar from which I could then select/run seamonkey. Being run from userid's rather than from root the browsers run as those userid's ... not userid 'spot'

So ... three concurrent family members using that setup has their actual devices used to vnc into the server being obscured - visited sites see the same fingerprint i.e. the servers. Similarly their geolocation is potentially obscured, such as if you ssh into the server from a public wifi hotspot and run vnc through a ssh tunnel. ssh'ing into the server using ssh keys is also a means to mitigate potential man in middle attacks, whilst ssh encryption provides yet another security layer.

Rather than a home server, nowadays you can rent a VPS relatively inexpensively, where you can often install your own setup, such as a Fatdog server system as above, for a few bucks/month type cost.