Linux remote access using NX
Introduction
The NX technology from NoMachine leverages remote access to a whole new level. NX implements it's own compression on top of X11 resulting in an amazing performance. The performance is even better then RDP, the remote desktop technology used in Microsoft Windows. A normal modem connections appears to be sufficient for NX access. The NX servers also allow sessions to disconnect and re-connect later.
Open and commercial
NoMachine NX comes in different flavours. You can install the commercial server and client software available from NoMachine. The clients are free of charge, but the server requires a license. This has advantages, like receiving commercial support.
For home users, the FreeNX server is a good alternative. The FreeNX server is a Bash script, which glues together the GPL components of NX to a working whole. The actual work is still done by the NX core libraries. The libraries are released as Open Source by NoMachine, notwithstanding the fact NoMachine is a commerial company.
NoMachine encourages the creation of Open Source software using NX technology, and uses code from many other Open Source projects at the same time. Their NX Servers and NX Clients represent the "value added" to NX software released as Open Source. They are intended to be the main source of revenues, followed by support contracts subscribed to by corporate customers.
Background
An NX connection is established in two steps.
First, a connection is made using SSH. The client connects with the username 'nx', and uses publickey authorization to login.
The 'nx' user does not have a normal shell, but a NX command prompt. From this prompt, the client authenticates itself with the NX server. The remote display is opened.
This technique gives the NX server full control over whom may login, while staying secure too. An NX server installation is always as secure as the respective SSH installation. The only weak link in this mechanism is the default key used to access the 'nx' account. To improve security, it's recommended to replace the default key with your own.
In this chain the FreeNX server plays a small but important role. The FreeNX server displays the NX command prompt, authenticates users, and starts the real NX tools.
Configuring FreeNX
The 'nx' user is already created during the installation of FreeNX. To configure FreeNX, create the publickey required to access the 'nx' account:
- Setup the FreeNX server:
nxsetup --setup-nomachine-key
This will create a default key in the folder /home/.nx/.ssh/. To allow publickey authorisation, change the following SSH server setting:
- Configure the SSH server: /etc/ssh/sshd_config
HostbasedAuthentication yes
The installation should work now! Connect to the server using a client from NoMachine, or the KDE client KNX.
Using a custom key
To make the installation of FreeNX more secure, replace the default key with a custom one.
- Replace the NoMachine key:
rm -f /home/.nx//.ssh/authorized_keys2 nxsetup
The key is stored at /home/.nx/.ssh/client.id_dsa.key. Copy the file to the systems allowed to access NX. A few typical locations for the key file are:
- Windows: C:\Program Files\NX Client for Windows\share\
- Linux (official client): /usr/NX/share/
- Linux (KDE client): /usr/share/knx/