Does anyone distribute a thin client that allows you to login to remote
Windows hosts from a secured OpenBSD box? Citrix distributes a client for
Linux, but we think it would be easier to build secure OpenBSD clients, and
frankly we don't need much functionality in the box except for the thin
client function.

We want to place only hardened OpenBSD thin clients on our wireless network,
and then use these to run encrypted sessions to Windows servers that are
accessed only via encrypted terminal services, and not accessible directly
by any other port. This way if someone does break into the wireless
network, there simply isn't going to be anything worth finding, and of
course with OpenBSD as the host OS, there isn't going to be anything they
could break into even if it were interesting.

Assuming no one has done a good thin client implementation, what version of
Linux best lends itself to building very stripped down configurations that
are easily secured? A lot of Linux distributions are becoming the very
definition of "bloatware", with untold numbers of security holes. We don't
want to waste time hand tweaking the box.

--
Will

On Mon, 7 Feb 2005 21:15:29 -0800, "Will"
<DELETE_westes@earthbroadcast.com> reported to us:

>Does anyone distribute a thin client that allows you to login to remote
>Windows hosts from a secured OpenBSD box? Citrix distributes a client for
>Linux, but we think it would be easier to build secure OpenBSD clients, and
>frankly we don't need much functionality in the box except for the thin
>client function.
>
>We want to place only hardened OpenBSD thin clients on our wireless network,
>and then use these to run encrypted sessions to Windows servers that are
>accessed only via encrypted terminal services, and not accessible directly
>by any other port. This way if someone does break into the wireless
>network, there simply isn't going to be anything worth finding, and of
>course with OpenBSD as the host OS, there isn't going to be anything they
>could break into even if it were interesting.
>
>Assuming no one has done a good thin client implementation,

Pessemistic?

>what version of
>Linux best lends itself to building very stripped down configurations that
>are easily secured? A lot of Linux distributions are becoming the very
>definition of "bloatware", with untold numbers of security holes. We don't
>want to waste time hand tweaking the box.
Not really an OpenBSD thing...

http://www.rdesktop.org/ works as does the client that comes in the
kdenetwork package. Rdesktop would probably better suit the skinnier
clients.



Wally

"No one has ever had an idea in a dress suit."
Sir Frederick G. Banting

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In comp.unix.bsd.openbsd.misc, Will dared to utter,
> Does anyone distribute a thin client that allows you to login to remote
> Windows hosts from a secured OpenBSD box? Citrix distributes a client for
> Linux, but we think it would be easier to build secure OpenBSD clients, and
> frankly we don't need much functionality in the box except for the thin
> client function.

You might have some success with linux binary compatability, but that's
kind of hit and miss.

> Assuming no one has done a good thin client implementation, what version of
> Linux best lends itself to building very stripped down configurations that
> are easily secured?

Slackware. Hands down the best Linux distro out there, particularly for
building striped down machines. Latest release was just this week and
is very solid. Coming from a BSD background you should feel right at
home with Slackware.

PS. Long time Slackware user, I'm biased. :^)

- --
It is better to hear the rebuke of the wise,
Than for a man to hear the song of fools.
Ecclesiastes 7:5
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCCNjJvgVcFKpJf4gRAnDWAJ9M4DwJHD0JcLa1YUa7ng 3ljT+N7QCg2QVs
TCyVPYweWU6+6QDhz8piS4U=
=I16J
-----END PGP SIGNATURE-----