Hi,
My Linux knowledge is not great and I am configuring computers that should be used to connect to a remote server via Remmina only.
The goal is to enable the users to connect to the remote server and to restrict their interaction with the local OS.
I installed Ubuntu server and did the following configurations :
LVM partition, encrypted
sudo apt-get install remmina
sudo adduser *username*
Autologin of *username*
sudo nano /etc/systemd/logind.conf
NAutoVTs=6
ReserveVT=7
sudo mkdir /etc/systemd/system/getty@tty1.service.d/
sudo nano /etc/systemd/system/getty@tty1.service.d/override.conf
[Service]
ExecStart=
ExecStart=-/sbin/agetty --noissue --autologin *username* %I $TERM
Type=idle
Install xinit
sudo apt install xinit
sudo nano /etc/X11/xinit/xinitrc
setxkbmap -layout en
exec remmina
Comment ". /etc/X11/Xsession"
Auto startx
nano .profile
Add
#StartX Autostart
if [[ -z "$DISPLAY" ]] && [[ $(tty) = /dev/tty1 ]]; then
. startx
logout
fi
Hide cmdlines
sudo nano /etc/default/grub
Edit line
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"
sudo update-grub
sudo nano /etc/default/grub.d/50-curtin-settings.cfg
Add line
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"
sudo update-grub
It is working almost as it needs to but as I’m not experienced I’m wondering if my configuration is a good way of achieving my goal. Could I improve something ?
Ideally I want to restrict the users ability to change the configurations of Remmina but I didn’t find a good solution yet.
It is a bit slow to boot. Maybe some useless services are being started and I could disable them ? How could I know what services are not needed by Remmina and could be disabled ? Or would it be easier for me to use a minimal distribution like Arch ? Could I still apply my configuration steps or am I going to need to change everything ?
Thanks in advance for any insight.
What’s the use case here?
Employees who need to connect to a windows remote desktop.
You could set their users up with non-power user access on the Windows host and that should be enough to keep them from accessing OS features or things they shouldn’t.
You should look into distros that do this specifically, they are called kiosks. There might be a way to configure your distro of choice to be a kiosk, it is definitely a solved problem.
I would just set it up with normal KDE with autologin and have the home directory deleted and recreated at boot.
Should they mess up anything, just tell them to reboot