Hi,
My Linux knowledge is not great and I am configuring computers that should be used to connect to a remote server via Remmina only.
The goal is to enable the users to connect to the remote server and to restrict their interaction with the local OS.
I installed Ubuntu server and did the following configurations :
LVM partition, encrypted
sudo apt-get install remmina
sudo adduser *username*
Autologin of *username*
sudo nano /etc/systemd/logind.conf
NAutoVTs=6
ReserveVT=7
sudo mkdir /etc/systemd/system/getty@tty1.service.d/
sudo nano /etc/systemd/system/getty@tty1.service.d/override.conf
[Service]
ExecStart=
ExecStart=-/sbin/agetty --noissue --autologin *username* %I $TERM
Type=idle
Install xinit
sudo apt install xinit
sudo nano /etc/X11/xinit/xinitrc
setxkbmap -layout en
exec remmina
Comment ". /etc/X11/Xsession"
Auto startx
nano .profile
Add
#StartX Autostart
if [[ -z "$DISPLAY" ]] && [[ $(tty) = /dev/tty1 ]]; then
. startx
logout
fi
Hide cmdlines
sudo nano /etc/default/grub
Edit line
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"
sudo update-grub
sudo nano /etc/default/grub.d/50-curtin-settings.cfg
Add line
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"
sudo update-grub
It is working almost as it needs to but as I’m not experienced I’m wondering if my configuration is a good way of achieving my goal. Could I improve something ?
Ideally I want to restrict the users ability to change the configurations of Remmina but I didn’t find a good solution yet.
It is a bit slow to boot. Maybe some useless services are being started and I could disable them ? How could I know what services are not needed by Remmina and could be disabled ? Or would it be easier for me to use a minimal distribution like Arch ? Could I still apply my configuration steps or am I going to need to change everything ?
Thanks in advance for any insight.
Employees who need to connect to a windows remote desktop.
You could set their users up with non-power user access on the Windows host and that should be enough to keep them from accessing OS features or things they shouldn’t.