Graphical Remote Control Desktops for Linux, part 3
By: A. Lizard
Thursday, November 6, 2008 04:53:41 PM EST
URL: http://www.linuxplanet.com/linuxplanet/tutorials/6575/1/
Final Steps For NXServer Setup
First you may wish to read part 1 and part 2.
Create NX Server keys:
# /usr/NX/scripts/setup/nxserver -keygen
The critical output from your viewpoint is:
NX> 704 Keys updated. NX clients should now use key:
NX> 704 /usr/NX/share/keys/default.id_dsa.key
NX> 704 to get connected to this NX server.
Now you should copy the encryption key to a more convenient location, and give it correct permissions:
# cp /usr/NX/share/keys/default.id_dsa.key /home/username/path-to-somewhere-convenient/default.id_dsa.key
# chown nx:root /usr/NX/home/nx/.ssh/authorized_keys2
# chmod 0644 /usr/NX/home/nx/.ssh/authorized_keys2
# chown nx:root /usr/NX/home/nx/.ssh/default.id_dsa.pub
# chmod 0644 /usr/NX/home/nx/.ssh/default.id_dsa.pub
Open /usr/NX/etc/server.cfg as root with a text editor and make the following changes:
# ServerName = "localhost.localdomain"
ServerName = "localhost"
#SSHDPort = "22"
SSHDPort 54322
#SSHDAuthPort = "22"
SSHDAuthPort = "54322"
The following configuration allows a local and remote user to share a desktop, helpful if one is a remote client user trying to work with a user on the server. Great for remote customer service, and tthere are also options that allow customizing the "shadow session" starting with "Allow session shadowing on this server" in the section just above this one and several sections of the configuration file below it.
# EnableInteractiveSessionShadowing = "1"
EnableInteractiveSessionShadowing = "1"
Note location of keys:
/usr/NX/share/keys/default.id_dsa.key
This is the key you will later be distributing to client machines for Nxclient.
# chown nx:root /usr/NX/home/nx/.ssh/authorized_keys2
# chmod 0644 /usr/NX/home/nx/.ssh/authorized_keys2
# chown nx:root /usr/NX/home/nx/.ssh/default.id_dsa.pub
# chmod 0644 /usr/NX/home/nx/.ssh/default.id_dsa.pub
# /usr/NX/bin/nxserver -restart
# /usr/NX/bin/nxserver --useradd username
NX> 801 User: username uses SSHD authentication.
NX> 900 Adding public key for user: username to the authorized keys file.
NX> 716 Public key added to: /home/username/.ssh/authorized_keys2.
NX> 900 Verifying public key authentication for NX user: alizard.
NX> 900 Public key authentication succeeded.
NX> 301 User: username enabled in the NX user DB.
NX> 999 Bye.
NX client setup on client machine
Figure 1 shows the NX client running on an eeePC with NX server desktop display. Note that the display is necessarily compressed, the screen of an eeePC is far smaller than my 1280x1024 desktop display. What's shown is a "shadow" session, that M in the upper right corner is a user prompt on the desktop machine requesting permission to start a session. The Windows-looking window onscreen floating over my server desktop is a VMware Server guestVM, which I can interact with just as I would if I were sitting at the server in person. The ability to do this and access my regular mail client from anywhere on the Net is a major reason why I installed NX server.
Install nxclient on client machine as you did on the server. Import a copy of the key from /usr/NX/share/keys/default.id_dsa.key from the server. You can do this via SAMBA file transfer on a LAN, sneakernet on a USB flash dongle, etc.
If you are installing on an eeePC, the desktop icon is NOT created, you'll have to invoke nxclient from a terminal prompt:
$ /etc/NX/bin/nxclient
NX client GUI Configuration
Figure 2 shows the NX client login window. The first thing you do is push the configure button, and then you see a configuration menu like Figure 3.
The General tab shows settings for a typical setup intended to access a Linux server running KDE. ADSL is the fastest setting that provides all the compression options without display setting compromises intended to reduce bandwidth you might see on modem and ISDN settings. Also note that if you're going to access a server via, say, cell phone modem or dialup connection, you'll appreciate the modem setting. The KDE setting reflects KDE running on the server. There is a Gnome setting, too. For Host, fill in the IP address or the computername (if on your LAN) or the subdomain/domain you registered with your dynamic DNS service. Note that the subdomain/domain name won't work to connect unless you are on the public Internet.
I recommend the "Available Area" option from the Display menu, that way the taskbar on the client remains visible and you can access non-NX applications from the client.
If you choose a "Full Screen" window from the Display menu, the easiest way I've found to disconnect is to go to
Start Menu (on server) > Internet > NX client for Linux > NX session administrator and use that to locate and close the NX session from that window. Otherwise, click the square M menu on the upper left of the NX client session window and select Close.
Now push the Key button, which is shown in Figure 4. Push the Import button and find the directory you put the default.id_dsa.pub from wherever you put it on the client system. Once you find that file, enter it and close the window.
In Figure 5 you see how to select your desktop. If you are accessing a Linux server, use the Unix or Shadow Desktop options.
Once you are done with configuration, push the Save button on the general tab and then Ok, fill in your regular server user password, and push Login. When you see "connected" and then "downloading desktop", you're in business.
If you want to run an interactive session with a user on the server, select "Shadow" from the Configuration > General tab > Desktop menu. But avoid Shadow unless you actually need to work remotely and interactively with a customer on a machine running Linux from somewhere else. It slows things way down.
Figure 6 shows the client's "permission to connect" request window on NX server desktop. In interactive mode, the user has to pull down the username and select it as usual for a menu item, which might be difficult if you are the user and several thousand miles away. I'm not quite sure why the default is white text on a gray window for NX client user prompts (like Disconnect, Terminate, Cancel) and the user prompt for the shadow session. I am sure it makes them very hard to read. Peer very closely at the screen is the best advice I can give at this point.
Firewall Setup, Multimedia, File Transfers
How one interfaces with a Linux firewall depends on whether one is using a firewall UI like Firestarter or manually edits iptables from within a firewall script. You might want to make a copy of your firewall script and call it something slightly different to make it possible for you to have a different firewall setup for when you're running on your local LAN and don't want even the possibility of outside access to your server and when you are elsewhere and want access to it yourself. Refer to your own firewall documentation for how to open whichever of these port ranges you decide to open.
Port Ranges in the default NX Server configuration
| NX proxy port | 5000 - 5200 * |
| X11 port | 7000 - 7200 * |
| NX CUPS service port | 3000 - 3200 |
| NX SMB/CIFS share service port | 4000 - 4200 |
| NX Media service port | 8000 - 8200 |
| NX X11 auxiliary channel port | 9000 - 9200 |
To use rdesktop RDP for Windows connections, open port 3389
The posts with asterisks are required, the rest are optional depending on what optional services you actually want to run. Open at least those asterisk ports on your server and any external firewall. If you want more services, open the corresponding ports.
With respect to printing, I generally would be working on a document via remote desktop, and I can print from it on the server without opening any new ports, if I give the print command on the remote desktop from within an application, it'll do that. If I need to print a server document on the client, I'll grab the file and open it locally in Open Office and print... or send it as a fax to a fax machine that's physically accessible to me. See comments on file transfers below.
For more specific information, go to NX Server Administrator's Guide, chapter 13.
File transfers between NX Server server and nxclient
SAMBA is supported, you'll need to set this up on the host and client and open the corresponding ports. SAMBA setup is beyond the scope of this document. While I have SAMBA set up on my home LAN, I'd rather leave the firewall ports closed and transfer files to/from client/server via a web-based "large file attachments" service like yousendit to make your files up to 2G in size available to client or server. SAMBA requires no special setup for NX Server, other than making sure the SAMBA ports used by Observer for encrypted file transmission (see firewall setup) are available from outside your computer or LAN.Multimedia in NX Server
The only sound that can be remoted from the server is via the obsolete ESD audio server rather than the ALSA that's much more normal for modern Linux distributions. Since ESD does not work from within my current Debian/Lenny setup, I can't comment on how well this works. Hopefully, Nomachines will fix this problem in future releases. If this is important to you, here are setup instructions that will work with some multimedia programs, xmms for instance.I recommend not bothering with remote desktop multimedia unless and until they get around to supporting ALSA by default. If you want to run multimedia on your client machine, grab the files on the server and run them on the client. The other upside of this is that you don't have to open the 5000-5200 port range in your firewall which NX Server defaults to.
Resources:
- RDP clients information from Microsoft
- Remote Desktop general information from MS
- w9.x /2000 client setup
- NoMachines support database / documentation links