xpra icon
Bug tracker and wiki

Opened 9 months ago

Closed 8 months ago

Last modified 8 months ago

#1991 closed enhancement (invalid)

Shadow server to take full control of the host system

Reported by: stdedos Owned by: stdedos
Priority: minor Milestone: 2.5
Component: server Version: 2.4.x
Keywords: Cc:

Description (last modified by Antoine Martin)

I would like to have the same functionality as TeamViewer has:

When connecting to a shadowed server, then:

  • Block all input from the physical computer (switching tty on a linux machine is fine)
  • Black out the physical screens (whereas the shadowed monitors are fine)
  • When making the transition to no clients connected, then physical computer would lock (so that further "interaction" needs to be authenticated), and all "limitations" would be lifted.

Change History (3)

comment:1 Changed 8 months ago by Antoine Martin

Description: modified (diff)
Owner: changed from Antoine Martin to stdedos

Block all input from the physical computer (switching tty on a linux machine is fine)

You can already try something like:

start-on-connect=chvt 2

(this probably requires special privileges to run on most distros)

Block all input from the physical computer (switching tty on a linux machine is fine)

chvt will black out the screens, but it may also stop the rendering if it is GPU based...

When making the transition to no clients connected, then physical computer would lock (so that further "interaction" needs to be authenticated), and all "limitations" would be lifted.

You should be able to achieve this by launching the lockscreen using the start-on-last-client-exit command line option. (added in r21068)

comment:2 in reply to:  1 Changed 8 months ago by stdedos

Replying to Antoine Martin:

Block all input from the physical computer (switching tty on a linux machine is fine)

You can already try something like:

start-on-connect=chvt 2

(this probably requires special privileges to run on most distros)

I am sorry :/ I meant that:

  • xpra should 'block' any input given;
  • * allowing to switch to a different tty (e.g. by means of using Ctrl+Alt+F1-7 on Ubuntu Xenial) is not within the scope of the above

If the quoted statement was true instead, then "a malicious user" could easily brute-force the correct tty and try to take control of the already-unlocked machine.

Last edited 8 months ago by stdedos (previous) (diff)

comment:3 Changed 8 months ago by Antoine Martin

Resolution: invalid
Status: newclosed

What you are asking for is not possible with X11 and shadow servers.

Last edited 8 months ago by Antoine Martin (previous) (diff)
Note: See TracTickets for help on using tickets.