Now the company requires that the server does not allow the upload of downloaded files, and does not allow replication and the like. The leader said VNC, then checked, VNC can be copied (can add the relevant options to disable replication), and VNC account to use LDAP authentication is not too convenient.
Later looked for a bit, found xrdp this software. This is actually a remote desktop, under win can be directly connected with MSTSC.
It supports LDAP authentication. Then the core is still using VNC.
Because you want to disable copy-and-paste, then this is possible by default. Directly put
Sesman/chansrv/clipboard.h
The functions defined in the
Sesman/chansrv/chansrv.c
All comments can be in the. And then compile ...
LDAP Authentication:
CENTOS5, CENTOS6 directly copy just OK
Cp/etc/pam.d/system-auth-ac/etc/pam.d/xrdp-sesman
Ubuntu:
Vi/etc/pam.d/xrdp-sesman#%pam-1.0@include common-auth@include common-account@include Common-session@include Common-password
It is also recommended to remove other configurations in/etc/xrdp/xrdp.ini, using only Sesman-xvnc
[globals]bitmap_cache=yesbitmap_compression=yesport=3389crypt_level=lowchannel_code=1max_bpp=24#black=000000# Grey=d6d3ce#dark_grey=808080#blue=08246b#dark_blue=08246b#white=ffffff#red=ff0000#green=00ff00#background= 626c72[xrdp1]name=sesman-xvnclib=libvnc.sousername=askpassword=askip=127.0.0.1port=-1
There are also iptables related settings.
#!/bin/bash# init chainiptables -fiptables -xiptables -ziptables -f -t natiptables -X -t natiptables -Z -t natiptables -P INPUT Dropiptables -p output dropiptables -p forward accept#input chainiptables -a input -i lo -j acceptiptables -a input -m state -- state established -j accept# docker centos 6 error "FATAL: Could not load /lib/modules/4.4.0-45-generic/modules.dep: No such file or Directory "iptables -a input -p tcp -m multiport --dport 22,3389 - M state --state new -j acceptiptables -a input -p udp -s 192.168.10.4 --sport 53 -j accept # dnsiptables -a input -p udp -s 192.168.10.5 --sport 123 -j accept # ntpdateiptables -a input -p icmp --icmp-type echo-request -j acceptiptables -a input -p icmp --icmp-type echo-reply -j accept#output chainiptables -a output -m state --state established -j acceptiptables -a output -p udp -d 192.168.10.4 --dport 53 -j ACCEPT # DNSiptables -A output -p udp -d 192.168.10.5 --dport 123 -j accept # ntpdateiptables -a output -s 127.0.0.1 -d 127.0.0.1 -j accept # Xrdpiptables -A OUTPUT -p icmp --icmp-type echo-request -j Acceptiptables -a output -p icmp --icmp-type echo-reply -j accept
The above-M multiport error in Docker Centos 6 and then split to
Iptables-a input-p TCP--dport 3389-m State--state new-j acceptiptables-a input-p TCP--dport 22-m State--state N Ew-j ACCEPT
SSH allows only specified users or groups to log on:
Vi/etc/ssh/sshd_config # addallowusers root test1 test2allowgroups root test1 test2
Currently this test OK.
Centos XRDP Remote Desktop