A page in your DokuWiki was added or changed. Here are the details:
Date : 2017/11/20 12:23
Browser : Mozilla/5.0 (X11; Linux x86_64; rv:52.9) Gecko/20100101
Goanna/3.4 Firefox/52.9 PaleMoon/27.6.0
IP-Address : 134.3.37.90
Hostname : HSI-KBW-134-3-37-90.hsi14.kabel-badenwuerttemberg.de
Old Revision: https://wiki.x2go.org/doku.php/doc:howto:tce?rev=1511177029
New Revision: https://wiki.x2go.org/doku.php/doc:howto:tce
Edit Summary: added volume name requirement and description for portablemode
for copysecring
User : stefanbaur
@@ -748,9 +748,9 @@
=== These are entirely optional ===
* ''bg=https|http|ftp://your-http-server-ip-or-dns-here/x2go-tce/x2go-tce-bg.svg'' -
use this to specify an SVG file to "brand" your X2Go-TCE with. It will replace
theblue background theme of the login screen. See below for how to add this file to your
HTTP, HTTPS, or FTP server. **Attention: Whoever manages to spoof the server name can
inject rogue images into your
ThinClients.** To mitigate this risk, use HTTPS, where the attacker would have
to spoof both server name and matching certificate.
* ''blank=n|n:n:n'' - Will disable (''blank=0'') or set screensaver timeout.
Use ''blank=n:n:n'' to set DPMS Standby/Suspend/Off values. Standby value
equals screensaver timeout value. All values are given in seconds.
*
''branding=https|http|ftp://your-http-server-ip-or-dns-here/x2go-tce/x2go-tce-branding.svg''
- use this to specify an SVG file to "brand" your X2Go-TCE with. It will
replace the seal icon in the lower left of the login screen. See below for how to add
this file to your HTTP, HTTPS, or FTP server. **Attention: Whoever manages to spoof the
server name can inject rogue images into your ThinClients.** To mitigate this risk, use
HTTPS, where the attacker would have to spoof both server name and matching certificate.
- * ''copysecring'' - this will scan for USB media and fixed disk media (with
USB media taking precedence) at boot for
one or more of the following directories: ''config/ssh'', 'ssh', ''.ssh''. Any
SSH Secret Keys found there will be copied into /home/user/.ssh (in the
ramdisk), with proper permissions and ownerships for the default user account.
This may come in handy when you are using SSH Secret Keys on USB media, but
need to log in and out of sessions often, and don't want to leave the USB media
plugged in all the time/don't want to have to re-insert it before each session
startup. **Attention: This poses a security risk when other people are using
your ThinClient afterwards (as they will have access to your keys).** To
mitigate this risk,be sure to power-cycle the ThinClient once you are done.
+ * ''copysecring'' - this will scan for USB media and fixed disk media (with
USB media taking precedence) at boot for one or more of the following
directories: ''config/ssh'', 'ssh', ''.ssh''. The volume must be labeled
''X2GO-TCE-LIVE'' or ''PORTABLEAPP'' and may use any supported file system. Any
SSH
Secret Keys found there will be copied into /home/user/.ssh (in the ramdisk),
with proper permissions and ownerships for the default user account. This may
come in handy when you are using SSH Secret Keys on USB media, but need to log
in and out of sessions often, and don't want to leave the USB media plugged in
all the time/don't want to have to re-insert it before each session startup.
**Attention: This poses a security risk when other people are using your
ThinClient afterwards (as they will have access to your keys).** To mitigate
this risk,be sure to power-cycle the ThinClient once you are done. You
//should// specify this parameter when booting X2Go-TCE-Live from portable
media when you want to use SSH Secret Keys, to make sure your secret key on the
VAT/NTFS partition is available. But as stated above, be sure to power-cycle
the machine once you're done.
* ''ldap=ldap.example.com:389:cn=cngoeshere,dc=example,dc=com'' - this
allows you to specify an LDAP server to connect
to - note that this is not needed for LDAP-based authentication, only when you
intend to store entire session profiles in LDAP. You should really consider
using the X2Go Session Broker instead.
* ''ldap1=ldap-backupserver-1.example.com:389'' - this allows you to specify
the first of up to two LDAP backup servers when using LDAP authentication
* ''ldap2=ldap-backupserver-2.example.com:389'' - this allows you to specify the second of up to two LDAP backup servers when using LDAP authentication
* ''nodpms'' - Will not touch DPMS settings at all (by default, ''blank=0'' does both ''xset s off'' and ''xset -dpms''). Use this along with ''blank=n'' if you do want to blank the screen, but your screen is confused by DPMS settings.
--
This mail was generated by DokuWiki at
https://wiki.x2go.org/
_______________________________________________
x2go-commits mailing list
[email protected]
https://lists.x2go.org/listinfo/x2go-commits
