FreeNX
|
Size: 10258
Comment: Removed crap, cleaned the page up a bit
|
Size: 6741
Comment: Re-add the custom key bit in a way that actually works
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 93: | Line 93: |
| $/usr/NX/bin/nxclient &}}} | /usr/NX/bin/nxclient &}}} |
| Line 97: | Line 97: |
## This is NOT supported by the freenx developers ## == Using custom keys for authentication == ## (Big parts taken from forums) ## ## === Generating the DSA private-public key pair. === ## ## You must use the "ssh-keygen" command line tool to create a private-public key pair. For ## example, by issuing the following command on the client machine: ## ## {{{# ssh-keygen -t dsa ## Generating public/private dsa key pair. ## Enter file in which to save the key (/Users/falfaro/.ssh/id_dsa): <ENTER OR SPECIFY DIFFERENT LOCATION> ## Enter passphrase (empty for no passphrase): <ENTER PASSPHRASE OR LEAVE BLANK AND PRESS ENTER> ## Enter same passphrase again: <REPEAT PASSPHRASE> ## Your identification has been saved in /Users/falfaro/.ssh/id_dsa. ## Your public key has been saved in p.pub. ## The key fingerprint is: ## 76:f1:09:07:f3:ef:4d:0a:a9:b7:ac:48:49:93:67:fe falfaro@mac.local}}} ## ## === Installing the private key into the NX client software === ## ## The next step is replacing the NX client software built-in private key with the one we have just created. NoMachine's NX client software stores the DSA private key in "/usr/NX/share/client.id_dsa.key": ## ## {{{# ls -l /usr/NX/share/client.id_dsa.key ## -rw-r--r-- 1 root wheel 668 27 Dec 13:59 /usr/NX/share/client.id_dsa.key}}} ## ## Thus, we should execute the following command: ## ## {{{# mv /usr/NX/share/client.id_dsa.key /usr/NX/share/client.id_dsa.key.OLD ## # mv /Users/falfaro/.ssh/id_sa /usr/NX/share/client.id_dsa.key ## # chown root:wheel /usr/NX/share/client.id_dsa.key ## # chmod 600 /usr/NX/share/client.id_dsa.key}}} ## ## === Installing the public key into the NX server software === ## ## The last step is installing the public key, which corresponds to the "nx" user, into remote server. The public key will be installed as an "authorized_keys2" file inside the home directory for the "nx" user. The OpenSSH service will use this file to store the "nx" user public key the NX client software uses to authenticate against the NX server. ## ## Depending on the distribution and FreeNX implementation, the home directory for the "nx" user will be located in different places. In Ubuntu, this is "/var/lib/nxserver/home". In Debian, this is usually "/home/.nx". ## ## The last step is distributing the "id_dsa.pub" file to the remote NX server machine and authorize it: ## ## {{{# scp /Users/falfaro/.ssh/id_dsa.pub root@NXSERVER: ## # rm /Users/falfaro/.ssh/id_dsa.pub ## # ssh root@NXSERVER ## # mv /root/id_dsa.pub /var/lib/nxserver/home/.ssh/authorized_keys2 ## # chown nx:root /var/lib/nxserver/home/.ssh/authorized_keys2 ## # chmod 600 /var/lib/nxserver/home/.ssh/authorized_keys2}}} ## ## === Testing public key authentication === ## ## Before using the NX client software to connect to the remote NX server, it's recommended to check whether we can connect remotely to the NX server using an SSH client using public key authentication for the "nx" user: ## ## If using a passphrase: ## {{{ ## ssh-add /usr/NX/share/client.id_dsa ## Enter passphrase for /usr/NX/share/client.id_dsa: ## Identity added: /usr/NX/share/client.id_dsa (/usr/NX/share/client.id_dsa) ## #ssh nx@NXSERVER ## Linux NXSERVER 2.6.10 #1 Sat Dec 25 05:20:24 CET 2004 i686 GNU/Linux ## ... ## HELLO NXSERVER - Version 1.4.0-02 OS_(GPL) ## NX> 105 quit ## quit ## Quit ## NX> 999 Bye ## Connection to ubuntu closed.}}} ## ## Otherwise: ## {{{# ssh -i /usr/NX/share/client.id_dsa.key nx@NXSERVER ## Linux NXSERVER 2.6.10 #1 Sat Dec 25 05:20:24 CET 2004 i686 GNU/Linux ## ... ## HELLO NXSERVER - Version 1.4.0-02 OS_(GPL) ## NX> 105 quit ## quit ## Quit ## NX> 999 Bye ## Connection to ubuntu closed.}}} ## ## If this works, we can be pretty sure the NX client will allow us to establish a remote session against the NX server. ## ## === Connecting === ## ## If you've entered a passphrase, you need to do something extra before you can connect. ## ## {{{# ssh-add /usr/NX/share/client.id_dsa ## Enter passphrase for /usr/NX/share/client.id_dsa: ## Identity added: /usr/NX/share/client.id_dsa (/usr/NX/share/client.id_dsa) ## }}} ## Now you can connect as usual. |
|
| Line 221: | Line 132: |
| === Using custom SSH keys === /!\ This is NOT supported by the FreeNX developers - only do this if you have no other option 1. Generate the DSA private-public key pair. {{{ ssh-keygen -t dsa}}} By default this key is places in ~/.ssh/id-dsa. You can leave the passphrase empty, this will not pose a security risk. 1. Install the public key in the FreeNX serving machine. The key should be placed in the file authorized_keys2 in the .ssh dir of the user named nx. {{{ cat ~/.ssh/id_dsa.pub | sudo -u nx tee -a ~nx/.ssh/authorized_keys2}}} 1. Install the private key in the NX client software. When creating a session, press the button labeled "Key" and select your new key in the window that pops up. |
[http://freenx.berlios.de FreeNX] is a system that will allow you to access your desktop from another machine over the internet. You can use this to login graphically to your desktop from a remote location. One example of its use would be to have a FreeNX server set up on your home computer, and graphically logging in to the home computer from your work computer, using a FreeNX client. This page will describe how to set up a FreeNX server and a client on Ubuntu systems, for the above example usage.
Terminology
The Server is the computer you want to connect to. This is the computer where the FreeNX server will need to be installed. The name of the Ubuntu package providing the server is "freenx". For the example used here, the home computer is the server.
The Client is the computer from which you want to be able to access the Server. The name of the Ubuntu package providing the client is "nxclient". For the example used here, the work computer is the client.
Installing the FreeNX server
We will be installing the FreeNX server on the Server machine, i.e., the machine that you want to access remotely. In the stated example, this is your computer that is at home.
Add these to /etc/apt/sources.list for hoary
deb http://ubuntulinux.nl/ /
Note: Some people will tell you to add kanotix or backports as a source. Do not do this. It is deprecated
or these for breezy
deb http://seveas.ubuntulinux.nl/ breezy-seveas freenx
A faster mirror, donated by Brett Johnson, is:
deb http://free.linux.hp.com/~brett/seveas/freenx/ ubuntu-seveas freenx
More mirror information on the SeveasPackages page
Note: The nxlibs in this version are compiled with g++4.0 from breezy and are thus not suitable for hoary.
Update your sources {{{sudo apt-get update }}}
If you get a GPG error, see http://seveas.ubuntulinux.nl Near the top of the page are instructions for adding the authentication key into the apt database.
Install it
sudo apt-get install freenx
During installation you will be given the option to select NoMachine keys, or custom keys. It is easier to select NoMachine keys. There is absolutely NO added security risk involved in using the default keys. Read an [http://en.wikipedia.org/wiki/Secure_Sockets_Layer SSL] primer if you want to know the details about why this is the case
Defining a non-default ssh port
By default, the nxserver uses port 22 for communicating over SSH. On some machines or networks, port 22 may be blocked. For example, my evil ISP blocks port 22. So I have the sshd (daemon) listening on port 8888. If port 22 is blocked on the machine that acts as the freenx server, then you can change the default port by doing the following:
Edit the file /etc/ssh/sshd_config
Find
Port 22
and change it to
Port 8888
Edit the file /etc/nxserver/node.conf
Find
# The port number where local 'sshd' is listening. #SSHD_PORT=22
and change it to:
# The port number where local 'sshd' is listening. SSHD_PORT=8888
(Here, "8888" is the port that sshd is listening on)
That is, change the port number to the one that sshd is listening to, and uncomment the line.
Installing the NX Client
You should be able to access your Ubuntu box from any Windows or Linux box using the free client from [http://nomachine.com NoMachine's website]. You can also embed your NX Server in a webpage by installing the Nomachine Web Companion and the Apache webserver.
This section covers installation of the NX client on a Ubuntu Linux machine. For the example covered in this article, the client is the work computer.
Add these to /etc/apt/sources.list for hoary
deb http://ubuntulinux.nl/ /
Note: Some people will tell you to add kanotix or backports as a source. Do not do this. It is deprecated
or these for breezy
deb http://seveas.ubuntulinux.nl/ breezy-seveas freenx
Install the NX client by doing the following on the client machine from where you wish to start an NX session:
$sudo apt-get install nxclient
Now you can execute the installed client using the following command:
/usr/NX/bin/nxclient &
Or by looking it up in the menu
This will start the NX client in a GUI, and step you through getting connected to the FreeNX server, and you will be on your way!
Miscellany
FreeNX on PowerPC
There are no precompiled binaries of FreeNX on this platform, so FreeNX have to be compiled from source. Sources for breezy can be found in this repository:
deb-src http://seveas.ubuntulinux.nl/ breezy-seveas freenx
These steps will build FreeNX from source:
Create a directory to hold the FreeNX source, and cd into it.
mkdir freenxSource; cd freenxSource
Build the freenx pacakges and install related packages.
sudo apt-get build-dep nx freenx apt-get -b source nx freenx
This will download the souce tarballs and build the freenx packages (*.deb) in the current directory.Install the FreeNX packages.
sudo dpkg -i *.deb
If dpkg complains about missing packages, let apt fix it
sudo apt-get -f install sudo dpkg -i *.deb
How to start/stop FreeNX
The FreeNX server is not a service but uses ssh. The following command will stop the FreeNX program from accepting connections.
sudo nxserver --stop
(Replace --stop by --start for starting it again)
Troubleshooting
If you encounter problems with icons when loggin multiple times with the same user in a gnome session, run gnome-settings-daemon. Let it run at every login (gnome->preferences->sessions).
Using custom SSH keys
![Warning /!\](/moin_static198/light/img/icon_eek.png "Warning /!\"){kind=icon}
This is NOT supported by the FreeNX developers - only do this if you have no other option
Generate the DSA private-public key pair.
ssh-keygen -t dsa
By default this key is places in ~/.ssh/id-dsa. You can leave the passphrase empty, this will not pose a security risk.Install the public key in the FreeNX serving machine. The key should be placed in the file authorized_keys2 in the .ssh dir of the user named nx.
cat ~/.ssh/id_dsa.pub | sudo -u nx tee -a ~nx/.ssh/authorized_keys2
- Install the private key in the NX client software. When creating a session, press the button labeled "Key" and select your new key in the window that pops up.
References
[http://en.wikipedia.org/wiki/FreeNX FreeNX on Wikipedia]
[http://mirror.ubuntulinux.nl FreeNX repository]
FreeNX (last edited 2008-08-06 16:28:22 by localhost)