S-Terminal: A Secure X Terminal

Introduction
I've always loved the idea of X terminals. They require almost zero setup and maintenance. They don't suit everybody, but there are plenty of situations where they're an excellent solution. The down side has always been security. Traditionally, an X terminal user authenticates by passing plaintext user name and password information to a display manager application (e.g., xdm) running on a remote host. Once the user is successfully authenticated, the remote display manager fires up a collection of X applications (a "session") that are displayed by the local computer's X server. None of this activity is encrypted, and none of the subsequent traffic between your keyboard and the remote applications is encrypted.

One solution might be to run everything through an encrypted tunnel. Unfortunately, xdm seems designed to prevent this possibility. For example, say you've created an encrypted tunnel between localhost port 177 (xdmcp) and port 177 on server.somewhere.com. When you type "X -query localhost -port 177", xdm sends back a message saying "connect to server.somewhere.com" This causes your X server to bypass the encrypted tunnel and attempt to connect directly (unencrypted) to the remote host. (See the description of the "Willing" packet in the XDMCP protocol documentation: xdmcp.PS.gz.)

What is S-terminal?
Rather than trying to come up with a complicated way of encrypting communications with xdm, I decided to dump xdm altogether. The result is S-terminal. S-terminal collects the user's authentication information locally, then creates an encrypted tunnel to the remote host using ssh and starts an X session. All X applications on the remote machine communicate with the local host through the encrypted tunnel.

S-terminal and KNOPPIX
After security, my second goal was to make setup as easy as possible. An X terminal doesn't need disk space or CPU power. Any old box should do fine. I wanted to be able to just pop in a CD, reboot, and have a running, secure X terminal ready to use. But different hardware (ethernet cards and video cards especially) needs different drivers. I wanted one CD I could use in any computer that happened to be available, without having to worry about what hardware it contained.

That's where KNOPPIX comes in. KNOPPIX is a wonderful bootable Linux CD, with an amazingly complete set of software installed on it. The greatest thing about KNOPPIX, though, is its hardware detection. Klaus Knopper, the author of KNOPPIX, has done an outstanding job of detecting hardware at boot time, and automatically configuring the operating system appropriately.

KNOPPIX also has the ability to read configuration information from a floppy disk, or from additional files added to the CD image. (For information on easily creating a customized KNOPPIX disk, see making-a-cd.txt in the S-terminal distribution.) This makes it easy to customize KNOPPIX for a particular use.

Getting S-Terminal
You can download S-terminal here. See below for licensing terms and warranty disclaimer. The current version is 0.5.

How it Works
For use with KNOPPIX, I've packaged up the actual S-terminal application along with a set of modified configuration files (inittab, etc.) and a script (knoppix.sh) that installs these files at boot time. The S-terminal application consists of several perl scripts, a configuration file and a Wish script. These files and the modified KNOPPIX configuration files are packed up into a compressed tar archive, configs.tbz.

To try out S-terminal, you just need to burn a "stock" KNOPPIX CD, then take a blank floppy and copy knoppix.sh and configs.tbz onto it. Insert the floppy, boot the CD and type "knoppix floppyconfig" at the boot prompt. You should shortly see an S-terminal login window on the screen.

The modified inittab contained in configs.tbz has three lines near the bottom that

  1. Start the local X server
  2. Start the main S-terminal program (sterminal.pl)
  3. Start a cron-watcher program, which is part of S-terminal's update system (more about this later)
If any of these processes dies, init automatically restarts it.

The sterminal.pl program collects some information about the local system (MAC address, etc.), reads configuration directives from several optional sources (see the section below, on customizing), then fires up sterminal.xsession.tcl, which does most of the actual work. This is a Wish script that produces a login window like the one shown here:

The name of the remote host may be specified in S-terminal's configuration files, as well as whether the user is allowed to edit the host name.

Once the user's name and password have been collected, the script uses "expect" to start an X session on the remote host, via ssh. S-terminal's configuration options allow you to specify what command to use to start a session. For most Linux computers, the default value (/etc/X11/xdm/Xsession) should work, but you can specify any valid command on the remote system.

After the user logs out, S-terminal exits and the local computer's init process (remember the modified inittab we installed?) automatically restarts it, so it's ready for the next login.

Portability
S-terminal should be easily portable to any system that has an X server, perl, wish and expect.

Customizing S-terminal
S-terminal draws its configuration information from several sources.

  1. The sterminal.conf file, installed at boot time from configs.tbz.
  2. A "setup url" specified in the sterminal.conf file, which is consulted each time S-terminal restarts, and may override values contained in sterminal.conf. This url should return text information in the same format as sterminal.conf.
  3. A nightly update url ("cron url"), which is consulted each night, at a random time between Midnight and 4am, local time. This url should return an updated version of configs.tbz, which will be unpacked and installed in the same way knoppix.sh does it at boot time. The nightly update is done by a cron job that runs /etc/sterminal-update.pl. After installing the new configs.tbz, sterminal-update.pl also looks for an executable script called /etc/sterminal-update.script, and executes it if it exists. This script may contain any additional commands you'd like to have executed each night.

Here's the default sterminal.conf file:

setupurl    : http://sterminal-config.%ipdomain%/sterminal/config/?HWADDR=%hwaddr%&GROUP=%group%
cronurl	    : http://sterminal-config.%ipdomain%/sterminal/config/update/%group%/configs.tbz
group       : terminals
host        : Enter Host Name
xsession    : /etc/X11/xdm/Xsession
presession  : 
postsession : 
prelogin    : 
atsession   : 
postlogin   : 
bgcolor     : CadetBlue
bgimage     : sterminal.gif

The parameters as follows:

Each of the following parameters specifies an arbitrary command to run at some point during the lifetime of a session. Note that these commands will be executed on the LOCAL machine, not the remote system. Also note that a command like "xterm" may pause S-terminal's execution until the xterm exits, unless you explicitly put the command into the background AND disconnect its STDIN and STDOUT (e.g., "xterm > /dev/null 2>&1 &").

Configuration Examples

License
S-terminal is copyright 2003 by Bryan Wright <bkw1a_at_virginia_dot_edu> and released under the terms of the GNU General Public License. You should find a copy of the license included in the S-terminal distribution, in the file LICENSE.txt.

No Warranty
No warranty either expressed or implied. Use S-terminal at your own risk. It's not my fault if it eats your lunch and calls you names.