Appendix C.  Restricting access to ThinLinc servers

Table of Contents

C.1. Disabling SSH access
C.2. Disabling shell access
C.2.1. Changing the configured shell
C.2.2. Using ForceCommand
C.3. Disabling port forwarding
C.3.1. Disabling remote port forwarding
C.4. Disabling clipboard
C.5. Disabling local drives

In some cases it might be desirable or required to restrict the users' access to the ThinLinc servers and their ability to move data in and out of the system. This chapter describes some ways this can be achieved, as well as the consequences of such restrictions.

C.1.  Disabling SSH access

The system's SSH server often includes a lot of functionality for accessing the system. Completely disabling this service is a quick way to restrict most of the external access to the system. However the native ThinLinc client requires SSH to function so users will be limited to only using the HTML based Web Access client.

Many SSH servers also support limiting access to just certain users. OpenSSH has settings such as AllowGroups and Match that can limit functionality without completely disabling the SSH server.