You fine folks who need to connect remotely to your Linux boxen and prefer to use a nice graphical desktop should take a look at FreeNX.
FreeNX lets you connect from a Linux, Mac OS X, Solaris or Windows client, has built-in encryption, is easy to set up and use, and is satisfyingly fast over slow connections. It performs well even when you use a heavyweight desktop like GNOME or KDE, and there is hardly any noticeable lag with lighter-weight window managers like IceWM and XFce.
But, you ask, what about the current champ of remote X sessions, VNC (Virtual Network Computing)? VNC has long been the favorite remote graphical desktop for Linux. VNC is easy to use and runs on all the major operating systems, and is especially good for controlling two different systems with a single keyboard and mouse. (See Resources.) VNC has a couple of small disadvantages, however: You’ll get noticeable lag over a slow connection, and the free edition has no built-in encryption, but sends all traffic in clear-text. To run encrypted sessions requires purchasing one of the commercial editions, or tunneling through SSH.
FreeNX is a similar program based on NoMachine’s NX terminal server technology. It does not run on all the platforms that VNC does; its main advantages are it is fast even over dialup, and it comes with SSH support built-in. NoMachine released their basic libraries under the GPL, thank you very much, and thus FreeNX was born. NoMachine’s commercial versions are more fully-featured and come with technical support. FreeNX is ideal for users who want a free, secure, fast thin Linux client, or who need to access Linux machines from a variety of clients on other platforms.
FreeNX has not yet made it into Debian’s official archives. To get FreeNX for your Debian system add this line to /etc/apt/sources.list:
deb http://kanotix.com/files/debian/ ./
Next, run apt-get updateas root to update your package lists, then install with
# apt-get install nxserver
It will pull in other packages to satisfy all dependencies, such as expect, freenx, libnxcomp0, libnxcompext0, netcat, nxagent, nxlibs, and nxproxy.During installation it will ask you if you want to use the default DSA key that ships with FreeNX. Opt for custom keys, because using the default key is quite obviously non-secure, and the installer does all the work of creating and installing the custom keys anyway, so you have nothing to gain by using the default.
Then, as root, you’ll need to add users and passwords for users who are authorized to connect to the server. These users must also have system accounts, so if they are not in /etc/passwdyou’ll have to create system accounts for them. This is standard SSH behavior, and users who do not have accounts have no business trying to log in, so don’t whine about it. It is also a good security practice to force remote users to have different passwords than their system logins:
# nxserver --adduser carla
# nxserver --passwd carla
Interestingly, you only get one chance to set the password — it does not ask for confirmation, so type carefully.
It is not necessary to run the nxsetuputility because the installer does the setup for you. Make sure port 22 is open, and you’re done.
Fedora/Red Hat Installation
See Rick Stout’s HOWTO to find out where to download the FreeNX RPMs. You’ll also find a larger variety of RPMs on rpm.pbone.net; look for freenx and nx. Install them as usual:
# rpm -Uvh nx-1.4.0-0.fdr.4.i386.rpm
# rpm -Uvh freenx-0.4.0-0.fdr.1.noarch.rpm
Again, the installer will take care of the setup. Follow the steps in the above Debian instructions to add users and you’re done.
On a Windows PC go to nomachine.com/download/and download and install the Windows client. When you run the setup wizard it’s pretty much self-explanatory. Here is a quick rundown anyway:
- On the General tab, the host is either the IP of the Linux box or its hostname. Port is 22.
- Desktop is Unix; desktop environment is selected from the dropdown list, or choose Custom. To run a window manager or desktop environment not included in the dropdown list, click Custom -> Settings -> Run the following command. The command to start your chosen window manager can be found on your Linux box under /home/username/.xsession. For example, the command to use for IceWM is
- On the Advanced tab, make sure that “Enable SSL encryption of all traffic” is checked
Finally, copy the client DSA key on the Linux host to the Windows client, first changing the permissions to 644. The key is stored in /var/lib/nxserver/home/.ssh/client.id_dsa.key, and must be copied to Program FilesNX Client for WindowsShare.
Get the Linux client from nomachine.com/download/. Configuration is just the same as for the Windows client. Copy the client key to /usr/NX/share, and you’re ready to go.
Generate New Keys
If a key is ever compromised, or you have other reasons to change it, use the nxkeygenutility:
This will automatically back up your old keys, and you’ll have to copy the new client key to all authorized clients.
Help and Documentation
There are no man pages with any of the FreeNX components. Use your package managers to learn the names of the binaries. On Debian:
$ dpkg -L freenx
On RPM systems:
$ rpm -ql freenx
See the documentation and articles database at NoMachine.comto learn about additional features, such as file and printer sharing, and enabling multimedia. Yes, you can even access annoying sound effects remotely!
- Remote Control for Everybody: VNC Crosses Networks and Platforms
- The (Practically) Ultimate OpenSSH/Keychain Howto
- Chapter 17 of the Linux Cookbook, “Remote Access” for more information on using OpenSSH.