Nomachine NX server
- very fast, full graphical desktop (even over dial-up modem).
- much faster than VNC
- far more secure than VNC
- simple and reliable configuration leveraging OpenSSH
- source code available under GNU Public License (GPL).
- free support from the Linux Community
- enterprise-level paid support available from Nomachine and CentOS
Installing NX server on your RHEL4 box
1. Server side (your RHEL4 linux colocated server box)
Download the NX and FreeNX packages from the CentOS4 repository.
CentOS is Community Enterprise Linux, a whitebox rebuild of RHEL,
so it is fully compatible with Red Hat Enterprise Linux 4, and
supported to the same level.
wget http://mirror.centos.org/centos/4/extras/i386/RPMS/nx-1.5.0-1.centos4.i386.rpm
wget http://mirror.centos.org/centos/4/extras/i386/RPMS/freenx-0.5.0-10.c4.noarch.rpm
Install the NX and FreeNX packages as follows:
sudo rpm -Uvh nx-1.5.0-1.centos4.i386.rpm
sudo rpm -Uvh freenx-0.5.0-10.c4.noarch.rpm
This adds a new user called nx to your linux colocated server box:
nx:x:499:11::/var/lib/nxserver/home:/usr/bin/nxserver
Note that the "shell" of this new nx user is /usr/bin/nxserver, so it is
dedicated to the purpose of serving NX clients, and isn't a general-purpose
user account.
The package installation also generates a new OpenSSH keypair in the home
directory of the new nx user. Please make sure the permissions are as follows
after the install, to allow OpenSSH to work properly:
bash-3.00# ls -l /var/lib/nxserver/home/.ssh
total 16
-r-------- 1 nx root 602 Dec 16 10:33 authorized_keys2
-rw------- 1 nx root 668 Dec 16 09:50 client.id_dsa.key
-rw-r--r-- 1 nx root 220 Dec 16 09:50 known_hosts
-rw------- 1 nx root 602 Dec 16 09:50 server.id_dsa.pub.key
2. FreeNX client-side for Microsoft Windows
A nice guide can be found here.
After installing the NX server as shown above, copy the following file from your linux colocated server box
/var/lib/nxserver/home/.ssh/client.id_dsa.key
over to your Microsoft Windows client machine.
This is the "key" you'll need to gain access to the nxserver you installed
in section 1., above.
Download the NX client from Nomachine.
Click on the green arrow next to NX Client for Windows,
download the installer package file for Microsoft Windows:
wget http://64.34.161.181/download/2.1.0/Windows/nxclient-2.1.0-9.exe
Install it as usual, then start it up.
Click on Configure, and under the General tab, click on the
[Key...] button:
Here, click on Import to read in the contents of the client.id_dsa.key
we mentioned above.
For Host, enter the name of your linux colocated server box.
For Port, enter 22.
For Desktop, choose Unix and GNOME.
Make sure to select GNOME as the window manager, the default (KDE) is
missing the KDE panel, making it awkward to use KDE. Looks like a bug, but
the GNOME window manager is preferred by Red Hat, so it is fine for now.
For the network speed setting, the default ADSL is suitable if you're
working from home, but for working from the office WAN might be better.
Choose the Display setting to suit your needs, depending on your client
machine's current desktop resolution. Start with 1024x768. Once things are
working properly, you can go back and choose Custom and enter 1280x1024,
as this will give you a larger desktop.
On the Advanced tab, make sure to select the option
[x] Enable SSL encryption on all traffic
It's important to select this option, because not only is the traffic
encrypted, but the NX client-server connection uses only the Port you
configured above on the server. No ports need to be open on your client
box (or on any intervening firewall).
In the Services tab, printing and audio (multimedia) support
can be configured, but that is somewhat more involved to explain.
Click [OK] once you've finished configuration.
It will prompt you whether to save, click [Yes].
Now enter your regular username and password that you use
to log in to your linux colocated server box.
Unlike in VNC where you use the F8 key to pop up a menu to
disconnect your client, when using NXclient click the "X" in the
top-right-corner of the window (to "kill" the NXclient window),
to be able to reconnect to your desktop session later on.
A dialog box will pop up within the desktop session as follows:
Press the suspend button to disconnect the running session.
You will be able to resume the session at later time. Press the
terminate button to exit the session and close all the running
programs.
(Suspend) (Terminate) (Cancel)
Click on "Suspend"
The next time you log in using the NXclient, you will see the message:
Resuming the suspended session
and your desktop will be just where you left it earlier.
Note that cut-and-paste works properly between the nxclient
environment and your Microsoft desktop, so it is a much
cleaner working experience than what you get when using VNC
viewer to remotely control your linux colocated server box.
3. FreeNX client-side for Ubuntu Linux (Dapper Drake 6.06LTS)
A nice guide can be found here.
After installing the NX server as shown above, copy the file /var/lib/nxserver/home/.ssh/client.id_dsa.key
over to your client machine to gain access to the nxserver, giving it the name id_dsa in your $HOME/.ssh directory, as follows:
cp $HOME/client.id_dsa.key $HOME/.ssh/id_dsa
Test that you can use OpenSSH to gain access to the nxserver you installed
on your linux colocated server box. Essentially, just do a plain OpenSSH login to your
linux colocated server box as the nx user (no password should be necessary, because
you will be using your private client DSA key from $HOME/.ssh/id_dsa),
and what you should see is the "shell" of the nxserver, as follows:
ssh nx@linux_colo_box
Last login: Sat Dec 16 18:48:53 2006 from client.your.domain
which: no xauth in (/usr/local/bin:/bin:/usr/bin)
HELLO NXSERVER - Version 1.5.0-50-SVN OS (GPL)
NX> 105
Now install the client package for Ubuntu Linux.
Here, we'll use the proprietary NX client from Nomachine
(the Nomachine logo is "!M").
Search for NX Client DEB for Linux and click on the green download arrow:
wget http://64.34.161.181/download/2.1.0/Linux/nxclient_2.1.0-9_i386.deb
sudo dpkg -i nxclient_2.1.0-9_i386.deb
Launch the client using the command
/usr/NX/bin/nxclient
Click on Configure, and under the General tab, click on the
[Key...] button:
Here, make sure that you see the contents of the client.id_dsa.key
we mentioned above. If you don't see it, you can use the Import
button to read it in from the filesystem. Otherwise, Cancel if
all is looking good.
For Host, enter the name of your linux colocated server box.
For Port, enter 22.
For Desktop, choose Unix and GNOME
Make sure to select GNOME as the window manager, the default (KDE) is
missing the KDE panel, making it awkward to use KDE. Looks like a bug, but
the GNOME window manager is preferred by Red Hat, so it is fine for now.
For the network speed setting, the default ADSL is suitable if you're
working from home, but for working from the office WAN might be better.
Choose the Display setting to suit your needs, depending on your client
machine's current desktop resolution. Start with 1024x768. Once things are
working properly, you can go back and choose Custom and enter 1280x1024,
as this will give you a larger desktop.
On the Advanced tab, make sure to select the option
[x] Enable SSL encryption on all traffic
It's important to select this option, because not only is the traffic
encrypted, but the NX client-server connection uses only the Port you
configured above on the server. No ports need to be open on your client
box (or on any intervening firewall).
In the Services tab, printing and audio (multimedia) support
can be configured, but that is somewhat more involved to explain.
Click [OK] once you've finished configuration.
It will prompt you whether to save, click [Yes].
Now enter your regular username and password that you use
to log in to your linux colocated server box.
Note that once the desktop has started up, the /usr/NX/bin/nxclient
exits. To be able to reconnect to your desktop session later on,
click the "X" in the top-right-corner of the client window (to "kill" the nxclient window).
A dialog box will pop up within the desktop session as follows:
Press the suspend button to disconnect the running session.
You will be able to resume the session at later time. Press the
terminate button to exit the session and close all the running
programs.
(Suspend) (Terminate) (Cancel)
Click on "Suspend"
The next time you log in again using the command
/usr/NX/bin/nxclient
you will see the message:
Resuming the suspended session
and your desktop will be just where you left it earlier.
Note that cut-and-paste works properly between the nxclient
environment and your client linux desktop, so it is a much
cleaner working experience than what you get when using VNC
viewer to remotely control your linux colocated server box.
Understanding the security aspects of NX server
The OpenSSH key is only used to gain access to the NX server which
runs as the "shell" of the nx user. It is the NX server that performs
the actual PAM authentication using your supplied username and password.
The client-side id_dsa key is really an additional layer of precaution,
which secures access to the "shell" of the nx user, i.e. to the
NX server itself, in case the NX server had any security hole in
its PAM authentication layers.
This is why the client-side id_dsa key isn't usually further secured
with a passphrase, but if you are familiar with the use of ssh-agent,
you may feel it worthwhile to add a passphrase to the id_dsa.