Local Applications

Enabling Local Apps

cliebow@downeast.net

To enable local apps you must add this line to lts.conf

 LOCAL_APPS       = Y

This forces the workstation to start the ssh daemon when it boots.

You may also enable nis authentication, when all configuration in lts.conf is prepared for this, what ever say most of the documentation it is not mandatory. If the only thing you want is to log with "ssh root@mystation" without giving any password you can do it (see ssh root@ltsp with no password)

Edit /etc/sysconfig/network to add an nis domain.Here is a sample

NETWORKING=yes
HOSTNAME=Eagle1
NISDOMAIN=ltsp

---

Edit the /etc/yp.conf file for your setup..Mine looks like this

domain ltsp Eagle1
ypserver 10.10.10.254

---

You probably have several user accounts on your linux machine..you can enable nis for these accounts by running the make command within /var/yp folder. You can tweak what information is included by editing the makefile there. I changed nothing.You can also tweak which networks are allowed access in /var/yp/securenets.

Check to be sure that /var/yp/ypservers contains your server name Mine contains this

Eagle1

---

Start the nis daemon on the server. In redhat it is as simple as from a command line running

service ypserv start

In redhat you can use ntsysv from the command line to enable ypserv as a service at startup.

So you have an nis domain running on the ltsp server and ssh running on the terminal.Now you can use ssh to contact the terminal,start a local app and as a user authenticate via nis. Ssh works by passing a key from an ssh client to a server,which compares it to a companion private key. BUT in this case your terminal is acting as the ssh server and your ltsp server is the client.So the public key is passed from ltsp server to the terminal(which holds the private key in its file system).The terminal really as a thin client has as a file system only the contents of /opt/ltsp/i386 on your ltsp server..Weird eh? SO we generate the keys within that /opt/ltsp/i386 filesystem and transfer the public key into the /etc/ssh directory on the ltsp server

As taken directly from ltsp documentation-

To generate the private/public key pair for the workstations, run the 
following commands: 
    ssh-keygen  -q  -t rsa1  -f /opt/ltsp/i386/etc/ssh/ssh_host_key      -C ''  -N '' 
    ssh-keygen  -q  -t rsa   -f /opt/ltsp/i386/etc/ssh/ssh_host_rsa_key  -C ''  -N ''
    ssh-keygen  -q  -t dsa   -f /opt/ltsp/i386/etc/ssh/ssh_host_dsa_key  -C ''  -N ''

You will then take the contents of the /opt/ltsp/i386/etc/ssh/ssh_host_rsa_key.pub and add
 a line in /etc/ssh/ssh_known_hosts for each workstation. Make sure you put the workstation 
name in front of each record.
Below is an example of how the /etc/ssh/ssh_known_hosts file should look: 
    ws001  ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAxFCM2eZU7P3HvEOMYhAFUiwE...
    ws002  ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAxFCM2eZU7P3HvEOMYhAFUiwE...

With the keys in place ARRRGH!

Make sure /home is exported!

In your /etc/exports file, make sure you have an entry that looks like this:

/home    192.168.0.0/255.255.255.0(rw,root_squash,async)

Once you add the above entry, you need to inform the NFS server, by running:

exportfs -ra

SSH root@ltsp without NIS and/or Password

If you try the default Linux approach to log root@ltsp-client from your server, you will fail miserably. This for the simple reason that root user $HOMEDIR on ltsp client is "/root" and that /root is a readonly filesystem. If you start sshd from a terminal shell session with "sshd -ddd" you will see something like "/nfsroot/.ssh" bad ownership.

So in order to make it in less than 5mn:

0) generate sshd key for the server as explained before.

1) make user root to have a writable homedir

    edit /opt/ltsp/i386/etc/passwd and replace /root by "/"
    "root:x:0:0:root:/:/bin/bash"

2) copy your authorization key from the server/user you want to connect to your ltsp root directory filesystem on the host.

    cp ~/.ssh/authorized_keys /opt/ltsp/i386/etc/ssh/

3) make your new root to have a ~/.ssh/authorized_keys edit /opt/ltsp/i386/etc/rc.sysinit search for "sshd" copy the autorisation key from readonly nfsroot at client boot time

    ... your ltsp/i386/etc/rc.sysinit ...
    else
    ##   ypbind -f /tmp/yp.conf  # remove all YP stuff
    fi

    echo "Starting sshd..."
    # copy from readonly /etc/ssh to writable /.ssh directory
    mkdir /.ssh
    cp /etc/ssh/authorized_keys /.ssh/.
    sshd

4) connect from your server with "ssh root@ltsp-client" from your serveur.

  MyPrefredServer$ ssh root@My-LTSP-ClienT
  -bash-2.05b# ps -ef | grep lts
  1221         root       2320   S   /bin/ltspfsd
  1222         root       1588   S   /sbin/ltspinfod --nodaemon
  1395         root       1552   S   grep lts
-bash-2.05b#                                           

If it does not work !!!

 - connect onto ltsp-client terminal shell session
 - killall sshd   ;# kill current sshd daemon
 - sshd -ddd      ;# start ssd in debug mode
 (*) if sshd does not start you probably forgot to generate host key.
 (*) if sshd start but still ask for a password
     - check /etc/passd and root user homedir
     - check that your /etc/ssh/authorized_keys as been copy into /.ssh
     - check that server/user you connect as the adequate pair key
  note: if you see "bad ownership or mode for/nfsroot/.ssh ..."
        then your root directory is not writable for user root.

If you're having trouble setting up your own ID and getting ssh to work in general, here's a really fast light-weight tutorial

Rdesktop

-- JimMcQuillan - 13 Dec 2004

VNCViewer as a local app

Since rdesktop is included by default - I would like to suggest that vncviewer is also included, since it provides a connection to a VNC server.

Currently I have to use the LBE to compile vncviewer.

We use LTSP w/vncviewer to deploy what we have dubbed "VNC terminals". All VNC server sessions run on central host, all VNC terminals allow connection from anywhere in true VNC fashion (no logout required - apps run uninterrupted).

The VncViewer script (placed in screen.d) allows you to specify VNC_SERVER and VNC_OPTIONS in lts.conf.

-- BobBlanchard - 15 Dec 2004

---

Generating SSH keys

JimMcQuillan clearly pointed out how to generate keys for thin-client's sshd. What's left is setting up sshd passwordless authentication. To automate that, I created the script http://wiki.ltsp.org/twiki/pub/Ltsp/LocalApps/runremote. At first invocation, it generates a private/public key pair in the user's home directory (keeping almost as much out of the way of the user's other ssh-uses as possible). The thin-client's hostid is supplied to ssh (no editing of /etc/ssh/known_hosts anymore) and the command supplied at the commandline is run on the thin client (with $DISPLAY set).

Generating keys can take a while, so I prepend runremote -prepare& to .xsession.

There's something that could be improved: the public key must be known to the client's sshd: .ssh/authorized_keys; a line is appended by the script. It might be nicer to modify the client's sshd_config to look at .localapps/ssh_authorized_keys so the user's .ssh directory isn't touched at all. That might be a good idea when everything falls into place in a ltsp package.

-- WvEngen - 18 Jan 2005

Local App Firefox

Local App Firefox

Local App Opera^?

LocalAppOpera

-- UdoPuetz - 06 Sep 2006

Text mode CD player

See the adcd section on the page LtspAudioCd

DOS Emulation(dosemu)

Installation guide

DOS old hands should know that DOS program used up most CPU resources while waiting for keyboard input. So, it would be best for all DOS programs run on local machine.

1. Download Dosemu. Unzip and move them under your home directory, make sure it runs without any problem on server side.

2. Now assumed that you've done what JimMcQuillan instructed above to run local application perfectly.

3. Download runremote script from article Generating SSH keys where WvEngen posted and save it to /usr/bin on server side. Don't forget to give it execute permission.

chmod +x /usr/bin/runremote

In my case, I would like to make everybody run dos program on local machine

echo "runremote -prepare" > /etc/X11/Xsession.d/10runremote

4. Now move to your thin client and open a terminal, type

runremote dosemu/xdosemu

Dosemu configuration tips

1. Run dosemu without options -f dosemurc

cp $HOME/dosemu/conf/dosemurc $HOME/.dosemurc

2. LTSP doesn't ship with touch and xset command, so there will be errors when you're running dosemu. Simply copy them from your current distro to it.

cp /usr/bin/xset /usr/bin/touch $LTSPROOT/usr/bin/

3. Eliminate "layout" warning message, uncomment $_layout in lts.conf and change it to proper value. e.g. "us", "uk", "latin"...

4. To print to local dot-matrix printer, you must first declare printer type and load corresponding module in lts.conf, for this example I use parallel printer.

Edit $LTSPROOT/etc/rc.local, add a line before exit

...
chmod 666 /dev/lp0

exit

Next edit $HOME/.dosemurc, find out $_printer_command = "lpr" and uncomment it

$_printer_command = "cat - > /dev/lp0 2> /dev/null "

5. If you wish to use fullscreen, use runremote dosemu/xdosemu -w instead. First you will notice that the font is pretty ugly. Simply uncomment $_X_font and change it to $_X_font = "vga".

-- PangBY - 11 Jul 2006

Wish list

We wish these applications would work as local apps.

Video and audio players

Rationale: Generate a lot of network traffic (more with video than audio) Requires /home access: not for streaming media, but yes for local media

SCIM

The Smart Common Input Method (SCIM) is a relatively small piece of software that seems better placed running on the terminal than the server. -- StevenMcCoy - 23 Jun 2006

All Local Apps

how do i setup ltsp to run ALL apps localy. so, the ltsp server can be considered only as a harddrive replacement. -- DennyHalim - 22 Aug 2005

Why would you want to? It kind of defeats the purpose and optimization of shared program memory! LocalApps can be compiled on a per-need basis by using the LBE. -- LottCaskey - 19 Jun 2006

Check out the LTSPFatClients page on EdubuntuWiki^?, not sure what you gain, apart from losing speed, over traditional Diskless Ubuntu. -- StevenMcCoy - 23 Jun 2006

Contributed LocalAppContrib Packages

Click the LocalAppContrib link to find a list of contributed LTSP packages.

-- LottCaskey - 23 Jun 2006