The Linux remote desktop server built on open source technology.

The following information relates to installation of ThinLinc on a Red Hat Enterprise Linux or Fedora platform. Please read the information here before installing ThinLinc, or when encountering problems.

Couldn't set up secure tunnel to ThinLinc agent

Red Hat Enterprise Linux 9 unfortunately has a bug in its OpenSSH server that prevents the ThinLinc client from connecting. To work around this issue, either the system crypto policy must be relaxed to allow SHA-1:

$ sudo update-crypto-policies --set DEFAULT:SHA1
$ sudo reboot

Or the OpenSSH server must be reconfigured to not use RSA host keys by moving the key file out of the way, and mask the sshd-keygen service from recreating the key at server reboot:

$ sudo systemctl mask sshd-keygen@rsa.service
$ sudo mv /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_rsa_key.disabled
$ sudo systemctl restart sshd

Polkit authentication dialogs during login

Recent versions of both GNOME 3 and KDE contains bugs ([1],[2],[3]) which causes Polkit authentication dialogs to appear during login, when resizing the session etc. It is possible to prevent such dialogs by creating the file /etc/polkit-1/rules.d/40-thinlinc-no-auth-dialogs.rules with this content:

polkit.addRule(function(action, subject) {
   if (action.id == "org.freedesktop.color-manager.create-device" ||
        action.id == "org.freedesktop.color-manager.create-profile" ||
        action.id == "org.freedesktop.color-manager.delete-device" ||
        action.id == "org.freedesktop.color-manager.delete-profile" ||
        action.id == "org.freedesktop.color-manager.modify-device" ||
        action.id == "org.freedesktop.color-manager.modify-profile") {
	if (!subject.local) {
		return polkit.Result.NO;
	}
   }
});

polkit.addRule(function(action, subject) {
   if (action.id == "org.freedesktop.packagekit.system-network-proxy-configure" ||
       action.id == "org.freedesktop.packagekit.system-sources-refresh") {
	if (!subject.local) {
		return polkit.Result.NO;
	}
   }
});

Please note that the file should be created in /etc/polkit-1/rules.d. Otherwise, it may be necessary to restore the SELinux context by running restorecon on the file. For more information, see Bug 5584.

SELinux

See section SELinux for information about configuring SELinux on this platform.