Turn off encryption from client to server?

Wed Aug 15 08:17:10 BST 2007

Todd O'Bryan schrieb:
> Thanks to Scott Balneaves and Jim Kronebusch. Jim responded directly 
> to me, probably bitten by the fact that the Reply button doesn't reply 
> to the list. (Can I tell you how many times I've sent things to 
> individuals, rather than a list, because of lists that make this 
> choice...) I've included his answer below:
>
> On Fri, 03 Aug 2007 15:56:48 -0400, Todd O'Bryan wrote
>> Hey all!
>>
>> School starts next week for me and I'm wondering if there's an easy way
>> to turn off the SSH encryption between the thin clients and the server.
>> The whole lab is on a self-contained network behind the server and I
>> just don't need the security. I'm hoping that not making the clients do
>> the extra bit of work to decrypt the video from the server will speed
>> things up a little. The lab works wonderfully, but, especially with
>> video or animation (I teach programming.), a little extra speed would be
>> a nice thing indeed.
>>
>> TAO
>
> Download the new ldm from:
>
> http://codebrowse.launchpad.net/~gideon/ltsp/gadi-ldm-mods-ltsp/download/gadi%40ltsp.org-20070521205254-ek710bofdpdtlwlz/x_Matt_Zimmerman_%3Cmatt.zimmerman%40canonical.com%3E_Tue_Jun__7_19%3A59%3A49_2005_32192.0/ldm 
>
>
> Then replace the current /opt/ltsp/i386/usr/sbin/ldm with the new one 
> (make a backup
> copy just in case).  Then modify your /opt/ltsp/i386/etc/lts.conf and 
> add the following:
>
> LDM_DIRECTX=True
>
> Reboot your clients and you're ready to rock.
>
I tried that (LDM_DIRECTX=True), but I am not sure if is really working 
under Feisty:

On a thin client I noticed that ssh is still running with encryption!

# ps aux | grep ssh
ssh -v -c blowfish-cbc,aes128-cbc,3des-cbc -M -S /tmp/.ltspfs-socket user11 at 192.168.0.254 /bin/bash --login -c ' env  LTSP_CLIENT="demo" PULSE_SERVER=tcp:192.168.0.244:4713 ESPEAKER=192.168.0.244:16001 DISPLAY=192.168.0.244:6 /etc/X11/Xsession && ltspfsmounter all cleanup ' ; kill -1 $PPID

Independently, to bypass the encryption, I tried to active XDMCP like this:

1.) active xdmcp in /etc/gdm/gdm-cdd.conf, with Enable=True (section 
[xdmcp])
2.) add this line to /opt/ltsp/i386/etc/lts.conf SCREEN_01 = startx

With this I got  login screens from the gdm display manager on all 10 
thin clients. Unfortunately I noticed that with this steps the keyboards 
and mouses on all thin clients not reacting!

SchoolNet has about 300 customers with a thin client solutions provided 
from us. All this costumers have between 5 to 20 clients (400 MHz, 96- 
128 MB) connected on a server (Pentium 4, 3GHz, 2 - 4 Gbyte). The 
testing which we have done up to know with Edubuntu Feisty, shows that 
with our actual hardware (Pentium 4,3GHz, 2 - 4 Gbyte) , Edubuntu Feisty 
can't support not more than 10 thin clients.
I assume we can reach again 20 thin clients, if the encryption is 
switched off! Like our server is protected by a firewall (Shorewall) we 
don't need the encryption!

In our actual solution (getopenlab) we using a KDE desktop, so I think 
Gnome should have a slightly better performance! I hope I am note forced 
to implement a other light weight desktop, like XFCE for example.

Philipp

-- 
SchoolNet NA - Youth Empowerment through Information and Communication Technology

SchoolNet Namibia provides sustainable, low cost technology solutions and internet access, as well as technical support, training services and rich educational content to schools, community-based educational organisations, and educational practitioners throughout Namibia.

www.schoolnet.na

toll free number: 0800 005793

Philipp Hanselmann
philipp at schoolnet.na
tel  +264 (0)66 267134
fax +264 (0)66 267135
cell  +264 (0)85 5611314