...making Linux just a little more fun!
By Peter Knaggs
In this article, I'm going to describe my first attempt at installing and trying out CentOS's packages on RHEL4 for Nomachine's NX server. I never had time to do it before, but it was well worth the journey of discovery.
Compared to VNC, it's amazingly fast, and quite straightforward to set up using the CentOS packages for RHEL4, so you can make all your "hosted" C developers much happier by giving them speedy access to the desktop of their RHEL4 hosted box, right from their "standard-issue" Microsoft Windows desktop machines. As I understand it, the NX client that Nomachine make available for free download is still proprietary; however, Nomachine makes the sources for Linux available under GPL, so I'm not quite sure how all that works out.
I have stumbled across NX server briefly a year ago when I used Kanotix,
because at the time I was surprised to find an unexpected authorized_keys
file sitting in "nx" user's home directory. I thought that some wiley hacker had
been fiddling with my laptop, but on closer inspection it turned out to be
the standard way NX package is installed (will be explained in more
detail at the end of this article).
In the following writeup, I use the term "Linux hosted box" to mean a Linux box hosted far away in a datacenter somewhere.
1. Server side (your RHEL4 Linux hosted box)
Download the NX and FreeNX packages from the CentOS4 repository.
CentOS is Community Enterprise Linux, a "whitebox" rebuild of RHEL,
so it is fully compatible with Red Hat Enterprise Linux 4, and
supported to the same level.
wget https://mirror.centos.org/centos/4/extras/i386/RPMS/nx-1.5.0-1.centos4.i386.rpm
wget https://mirror.centos.org/centos/4/extras/i386/RPMS/freenx-0.5.0-10.c4.noarch.rpm
Install NX and FreeNX packages as follows:
sudo rpm -Uvh nx-1.5.0-1.centos4.i386.rpm sudo rpm -Uvh freenx-0.5.0-10.c4.noarch.rpm
This also adds a new user called "nx" to your Linux hosted box (extract from /etc/passwd follows):
nx:x:499:11::/var/lib/nxserver/home:/usr/bin/nxserver
Note that the "shell" of this new "nx" user is "/usr/bin/nxserver", so it is dedicated to the purpose of serving NX clients, and isn't a general-purpose user account.
The package installation also generates a new OpenSSH keypair in the home directory of the new "nx" user. Please make sure the permissions are as follows after the install, in order to to allow OpenSSH work properly:
bash-3.00# ls -l /var/lib/nxserver/home/.ssh total 16 -r-------- 1 nx root 602 Dec 16 10:33 authorized_keys2 -rw------- 1 nx root 668 Dec 16 09:50 client.id_dsa.key -rw-r--r-- 1 nx root 220 Dec 16 09:50 known_hosts -rw------- 1 nx root 602 Dec 16 09:50 server.id_dsa.pub.key
2. Client side for Microsoft Windows
A nice guide can be found here:
https://wiki.centos.org/FreeNX
After installing the NX server as shown in Section 1., copy
/var/lib/nxserver/home/.ssh/client.id_dsa.key
to your
Microsoft Windows client machine. This is the key you'll need to gain
access to the nxserver you installed in section 1.
Download the NX client from Nomachine's website:
https://www.nomachine.com/download.php
Click on the green arrow next to "NX Client for Windows"; now click the same arrow again, and then click the "Download package" button. Install it as usual, then start it up.
Click on "Configure", and under the "General" tab, click on the "Key..."
button; then, click on "Import" to read in contents of
client.id_dsa.key
that was mentioned above.
For "Host", enter name of your Linux hosted box; for "Port", enter "22"; for "Desktop", choose "Unix" "GNOME".
Make sure to select "GNOME" as the window manager, as the default ("KDE") is missing KDE panel, making it awkward to use. Looks like a bug, but GNOME window manager is preferred by Red Hat, so it is fine for now.
For the network speed setting, the default "ADSL" is suitable if you're working from home, but for working from office "WAN" might be better.
Set "Display" setting to suit your needs, depending on your client machine's current desktop resolution. Start with 1024x768. Once things are working properly, you can go back, choose "Custom" and enter 1280x1024, as this will give you a larger desktop.
On "Advanced" tab, make sure to select the option
[x] Enable SSL encryption on all trafficIt's important because not only is the traffic encrypted, but then NX client-server connection uses only that port you have configured above. No ports need to be open on your client box (or on any firewall in between).
In the "Services" tab, printing and audio (multimedia) support can be configured, but that's somewhat more involved to explain; I suggest experimenting with it if you're interested.
Click [OK] once you've finished configuration. When you're prompted to save it, click [Yes].
Now enter your regular username and password that you use to log in to your Linux hosted box.
Note that once the desktop has started up, /usr/NX/bin/nxclient
exits. In order to be able to reconnect to your desktop session later,
click "X" in the top-right-corner to "kill" the NXclient window.
A dialog box will pop up within the desktop session as follows:
Press the suspend button to disconnect the running session. You will be able to resume the session at later time. Press the terminate button to exit the session and close all the running programs. (Suspend) (Terminate) (Cancel)
Click on "Suspend".
The next time you log in via NXclient, you will see this message:
"Resuming the suspended session"and your desktop will be just where you left it earlier.
3. Client side for Ubuntu Linux (Dapper Drake 6.06LTS)
A nice guide can be found here:
https://wiki.centos.org/FreeNX
After installing the NX server as shown in Section 1, copy
/var/lib/nxserver/home/.ssh/client.id_dsa.key
to your client machine in order to gain access to the nxserver.
Copy the key where it should be on client machine:
cp $HOME/client.id_dsa.key $HOME/.ssh/id_dsa
Test whether you can use OpenSSH to gain access to the nxserver you installed
on your Linux hosted box. Essentially, just do a plain 'ssh' login to your
Linux hosted box as user "nx" (no password should be necessary, because
you will be using your private client key from $HOME/.ssh/id_dsa
),
and what you should see is the "shell" of the "nxserver":
ssh nx@linux_hosted_box Last login: Sat Dec 16 18:48:53 2006 from client.your.domain which: no xauth in (/usr/local/bin:/bin:/usr/bin) HELLO NXSERVER - Version 1.5.0-50-SVN OS (GPL) NX> 105
Now install the client package for Ubuntu Linux. The source for this package is not available, it's a proprietary NX client from the Nomachine company (with the logo "!M"). You can do this straight from the command line:
wget https://64.34.161.181/download/2.1.0/Linux/nxclient_2.1.0-9_i386.deb sudo dpkg -i nxclient_2.1.0-9_i386.deb
Or, if you're a fan of doing things GUI way, you can go to https://www.nomachine.com/download-client-linux.php, search for "NX Client DEB for Linux", click on the green arrow, and then click the "Download package" button.
Launch the client using command
/usr/NX/bin/nxclient
and configure it as described in Section 2.
Note that cut-and-paste works properly between the nxclient environment and your client's desktop, so it is a much cleaner working experience than what you get when using VNC viewer to remotely control your Linux hosted box.
The OpenSSH key is only used to gain access to the NX server which runs as a "shell" of "nx" user. It is the NX server that performs actual PAM authentication using your supplied username and password.
The client.id_dsa.key
is actually an additional layer of precaution,
which secures access to the "shell" of "nx" user, i.e. to
NX server itself, in case NX server had any security holes in
its PAM authentication layers.
This is why client.id_dsa.key
isn't usually further secured
with a passphrase; however, if you are familiar with use of 'ssh-agent',
you may feel it worthwhile to add a passphrase to client.id_dsa.key
.
Talkback: Discuss this article with The Answer Gang
I studied engineering at Université de Liège for a year, then at Trinity
College Dublin for four more (and where I wish I had paid more attention
during the networking lectures). I've always been curious about audio and
video on computers, and Linux has been truly an amazing platform for learning
about these areas.