Remote Access mit NX NoMachine unter CentOS 6.x
Mit Hilfe von NX, einer Remote-Desktop-Software der Firma NoMachine, können wir auf den Bildschirminhalt eines entfernten Computers oder Servers von einem lokalen Rechner zugreifen. Dabei ist es egal welche Betriebssysteme zum Einsatz kommen. Somit könnte man zum Beispiel an zentraler Stelle mit einem leistungsfähigen Server aufsetzen, auf dem man dann mit älteren Rechnern oder Thin Clients zugreift und arbeitet. Auch Support und Remote-Access ist somit einrichtbar.
Ein großer Vorteil von NX ist, dass selbst bei einer Modemverbindung mit nur 40 kBit/s Datenübertragungsrate ein flüssiges Arbeiten möglich ist. Ein weiterer Hauptvorteil von NX gegenüber dem X11 Protokoll liegt darin, dass NX ähnlich wie VNC seamless connections unterstützt. So kann eine bestehende Verbindung zu einem NX Server getrennt und später wieder von einem anderen Rechner aufgenommen werden. Laufende Programme verrichten dabei auf dem Zielsystem weiterhin ihren Dienst.
Als Übertragungsprotokoll wird dabei ein SSH-X-Tunnel genutzt.
Sowohl die Basis-Bibliotheken wie auch die wichtisten Kernbestandteile von NX wurden von der Firma NoMachine unter die freie Lizenz GPL gestellt. Somit lassen sich sie auch in freie Desktops wie Gnome oder KDE integrieren. Nur die zentrale Client- und die Serverapplikation ist proprietär.
Server
Installation
Als erstes installieren wir uns die benötigten Server-Komponenten via YUM.
# yum install nx freenx -y
Was uns die beiden Pakete mitliefern, offentbart uns jeweils ein rpm -iql.
# rpm -qil nx
Name : nx Relocations: (not relocatable) Version : 3.5.0 Vendor: CentOS Release : 1.el6.centos Build Date: Thu 01 Dec 2011 02:34:59 PM CET Install Date: Tue 20 Dec 2011 09:55:15 AM CET Build Host: c6b4.bsys.dev.centos.org Group : Applications/Internet Source RPM: nx-3.5.0-1.el6.centos.src.rpm Size : 7571690 License: GPL, MIT/X11 for X11 bits Signature : RSA/SHA1, Sat 10 Dec 2011 04:41:57 AM CET, Key ID 0946fca2c105b9de Packager : CentOS BuildSystem <http://bugs.centos.org> URL : http://www.nomachine.com Summary : Proxy system for X11 Description : NX provides a proxy system for the X Window System. /usr/bin/nxagent /usr/bin/nxproxy /usr/bin/nxssh /usr/lib/NX /usr/lib64/NX /usr/lib64/NX/lib /usr/lib64/NX/lib/libX11.so.6 /usr/lib64/NX/lib/libX11.so.6.2 /usr/lib64/NX/lib/libXcomp.so.3 /usr/lib64/NX/lib/libXcomp.so.3.5.0 /usr/lib64/NX/lib/libXcompext.so.3 /usr/lib64/NX/lib/libXcompext.so.3.5.0 /usr/lib64/NX/lib/libXcompshad.so.3 /usr/lib64/NX/lib/libXcompshad.so.3.5.0 /usr/lib64/NX/lib/libXext.so.6 /usr/lib64/NX/lib/libXext.so.6.4 /usr/lib64/NX/lib/libXrender.so.1 /usr/lib64/NX/lib/libXrender.so.1.2.2 /usr/lib64/NX/nxagent /usr/lib64/NX/nxproxy /usr/lib64/NX/nxssh /usr/share/doc/nx-3.5.0 /usr/share/doc/nx-3.5.0/GUUG-Presentation-NX.pdf /usr/share/doc/nx-3.5.0/LICENSE /usr/share/doc/nx-3.5.0/README.SuSE /usr/share/doc/nx-3.5.0/nxcl /usr/share/doc/nx-3.5.0/nxcl/html /usr/share/doc/nx-3.5.0/nxcomp /usr/share/doc/nx-3.5.0/nxcomp/README /usr/share/doc/nx-3.5.0/nxscripts /usr/share/doc/nx-3.5.0/nxscripts/CHANGELOG /usr/share/doc/nx-3.5.0/nxscripts/COPYING /usr/share/doc/nx-3.5.0/nxscripts/LICENSE /usr/share/doc/nx-3.5.0/nxscripts/nxagent-service /usr/share/doc/nx-3.5.0/nxscripts/nxreplace /usr/share/doc/nx-3.5.0/nxscripts/run-nxagent /usr/share/doc/nx-3.5.0/nxscripts/run-nxagent-client /usr/share/doc/nx-3.5.0/nxscripts/run-nxagent-full /usr/share/doc/nx-3.5.0/nxscripts/run-nxagent-nxfs /usr/share/doc/nx-3.5.0/nxscripts/run-nxagent-server /usr/share/doc/nx-3.5.0/nxscripts/run-nxagent-shadow /usr/share/doc/nx-3.5.0/nxscripts/run-nxagent-solaris /usr/share/doc/nx-3.5.0/nxscripts/run-nxagent-windows /usr/share/doc/nx-3.5.0/nxscripts/run-nxdesktop /usr/share/doc/nx-3.5.0/nxscripts/run-nxdesktop-client /usr/share/doc/nx-3.5.0/nxscripts/run-nxdesktop-server /usr/share/doc/nx-3.5.0/nxscripts/run-nxproxy /usr/share/doc/nx-3.5.0/nxscripts/run-nxproxy-client /usr/share/doc/nx-3.5.0/nxscripts/run-nxproxy-connect /usr/share/doc/nx-3.5.0/nxscripts/run-nxproxy-reversed /usr/share/doc/nx-3.5.0/nxscripts/run-nxproxy-server /usr/share/doc/nx-3.5.0/nxscripts/run-nxproxy-thread /usr/share/doc/nx-3.5.0/nxscripts/run-nxviewer /usr/share/doc/nx-3.5.0/nxscripts/run-nxviewer-client /usr/share/doc/nx-3.5.0/nxscripts/run-nxviewer-server /usr/share/doc/nx-3.5.0/nxscripts/run-rdesktop /usr/share/doc/nx-3.5.0/nxscripts/run-x11perf /usr/share/doc/nx-3.5.0/nxscripts/tar-nx-X11 /usr/share/doc/nx-3.5.0/nxscripts/tar-nx-X11-org /usr/share/doc/nx-3.5.0/nxscripts/tar-nx-X11-org-updated /usr/share/doc/nx-3.5.0/nxscripts/tar-nx-X11-updated /usr/share/doc/nx-3.5.0/nxscripts/tar-nxagent /usr/share/doc/nx-3.5.0/nxscripts/tar-nxauth /usr/share/doc/nx-3.5.0/nxscripts/tar-nxauth-org /usr/share/doc/nx-3.5.0/nxscripts/tar-nxclient /usr/share/doc/nx-3.5.0/nxscripts/tar-nxcomp /usr/share/doc/nx-3.5.0/nxscripts/tar-nxcompext /usr/share/doc/nx-3.5.0/nxscripts/tar-nxcompsh /usr/share/doc/nx-3.5.0/nxscripts/tar-nxcompshad /usr/share/doc/nx-3.5.0/nxscripts/tar-nxdarwin /usr/share/doc/nx-3.5.0/nxscripts/tar-nxdesktop /usr/share/doc/nx-3.5.0/nxscripts/tar-nxesd /usr/share/doc/nx-3.5.0/nxscripts/tar-nxkbd /usr/share/doc/nx-3.5.0/nxscripts/tar-nxkdrive /usr/share/doc/nx-3.5.0/nxscripts/tar-nxkill /usr/share/doc/nx-3.5.0/nxscripts/tar-nxproxy /usr/share/doc/nx-3.5.0/nxscripts/tar-nxscripts /usr/share/doc/nx-3.5.0/nxscripts/tar-nxsensor /usr/share/doc/nx-3.5.0/nxscripts/tar-nxservice /usr/share/doc/nx-3.5.0/nxscripts/tar-nxspool /usr/share/doc/nx-3.5.0/nxscripts/tar-nxssh /usr/share/doc/nx-3.5.0/nxscripts/tar-nxsync /usr/share/doc/nx-3.5.0/nxscripts/tar-nxuexec /usr/share/doc/nx-3.5.0/nxscripts/tar-nxviewer /usr/share/doc/nx-3.5.0/nxscripts/tar-nxwin /usr/share/doc/nx-3.5.0/nxscripts/tar-nxwin-org /usr/share/doc/nx-3.5.0/nxscripts/update-NX /usr/share/doc/nx-3.5.0/nxscripts/update-NX-client /usr/share/doc/nx-3.5.0/nxscripts/update-NX-server /usr/share/doc/nx-3.5.0/nxscripts/update-NX-workstation /usr/share/doc/nx-3.5.0/nxscripts/update-nx-X11 /usr/share/doc/nx-3.5.0/samples /usr/share/doc/nx-3.5.0/samples/README /usr/share/doc/nx-3.5.0/samples/run-nxagent-client /usr/share/doc/nx-3.5.0/samples/run-nxagent-server /usr/share/doc/nx-3.5.0/samples/run-nxapp /usr/share/doc/nx-3.5.0/samples/run-nxproxy-client /usr/share/doc/nx-3.5.0/samples/run-nxproxy-server
Sowie:
# rpm -qil freenx
Name : freenx Relocations: (not relocatable) Version : 0.7.3 Vendor: CentOS Release : 8.el6.centos Build Date: Thu 01 Dec 2011 03:17:25 PM CET Install Date: Tue 20 Dec 2011 09:55:26 AM CET Build Host: c6b5.bsys.dev.centos.org Group : Applications/Internet Source RPM: freenx-0.7.3-8.el6.centos.src.rpm Size : 302915 License: GPL Signature : RSA/SHA1, Sat 10 Dec 2011 04:42:27 AM CET, Key ID 0946fca2c105b9de Packager : CentOS BuildSystem <http://bugs.centos.org> URL : http://freenx.berlios.de Summary : Freenx application/thin-client server Description : Freenx is an application/thin-client server based on nx technology. NoMachine nx is the next-generation X compression and roundtrip suppression scheme. It can operate remote X11 sessions over 56k modem dialup links or anything better. This package contains a free (GPL) implementation of the nxserver component. /etc/logrotate.d/nxserver /etc/nxserver /etc/nxserver/node.conf /etc/nxserver/node.conf.sample /etc/rc.d/init.d/freenx-server /usr/bin/nxcheckload /usr/bin/nxcups-gethost /usr/bin/nxdesktop_helper /usr/bin/nxdialog /usr/bin/nxkeygen /usr/bin/nxloadconfig /usr/bin/nxnode /usr/bin/nxnode-login /usr/bin/nxpasswd /usr/bin/nxprint /usr/bin/nxredir /usr/bin/nxserver /usr/bin/nxserver-helper /usr/bin/nxsetup /usr/bin/nxviewer_helper /usr/lib64/libnxredir.so.0 /usr/share/doc/freenx-0.7.3 /usr/share/doc/freenx-0.7.3/AUTHORS /usr/share/doc/freenx-0.7.3/CONTRIB /usr/share/doc/freenx-0.7.3/COPYING /usr/share/doc/freenx-0.7.3/ChangeLog /usr/share/doc/freenx-0.7.3/nxacl.sample /usr/share/doc/freenx-0.7.3/nxcheckload.sample /var/lib/nxserver /var/lib/nxserver/db /var/lib/nxserver/db/closed /var/lib/nxserver/db/failed /var/lib/nxserver/db/running /var/log/nx
Konfiguration
NX Server
In der Konfigurationsdatei etc/nxserver/node.conf die im RPM mitgeliefert wurde, passen wir ggf. den Port unseres NX-Servers an und aktivieren wir nun als erstes die PASSDB Authentifizierung.
# vim /etc/nxserver/node.conf
... # The port number where local 'sshd' is listening. # Django : 2011-12-20 # default : #SSHD_PORT=22 SSHD_PORT=9876 ... ... # This adds the passdb to the possible authentication methods # Django : 2011-12-20 # default : ENABLE_PASSDB_AUTHENTICATION="0" ENABLE_PASSDB_AUTHENTICATION="1" ...
- /etc/nxserver/node.conf
# node.conf # # This file is provided by FreeNX. It should be placed either into # /etc/nxserver/node.conf (FreeNX style) or /usr/NX/etc/node.conf # (NoMachine NX style). # # It is mostly compatible with NoMachine node.conf. The most important # difference is that no spaces are allowed when assigning values (eg # "A=value" is allowed, "A = value" is NOT). # # This file is sourced by bash, so you can do some fancy stuff here if you # want to, but be aware that it is sourced 3 times per connection. If you # want autostart stuff, set NODE_AUTOSTART instead! # # # You surely are aware that FreeNX is based on the fantastic results that # the hard work by NoMachine.com has achieved. NoMachine.com released the # core NX libraries under the GPL. The installation of these libs are the # precondition for all FreeNX scripts to work. If you are installing this # software with the help of one of the package management tools of your # Linux distribution, you can assume that this dependency is taken care of # by the tool. # # You have questions about the inner workings of the NX technology? # # Then you are recommended to first check out the rich and very detailed # NoMachine documentation and their online Knowledge Base at # # http://www.nomachine.com/kb/ # # Other sources of information are the NoMachine mailing lists # (nxusers@nomachine.com and nxdevelopers@nomachine.com): # # http://www.nomachine.com/mailinglists.php # # The FreeNX (freenx-knx@kde.org) list is here: # # https://mail.kde.org/mailman/listinfo/freenx-knx # # SVN: $Id: node.conf.sample 613 2008-09-01 20:42:31Z fabianx $ ######################################################################### # General FreeNX directives ######################################################################### # The host name which is used by NX server. It's should be used if it's # different than the default hostname (as returned by `hostname`) #SERVER_NAME="$(hostname)" # The node ip which is used by NX Node in unecnrypted session mode. # Set it if you want to use a specific external ip or the autodetection # is not working. #EXTERNAL_PROXY_IP="" # The port number where local 'sshd' is listening. # Django : 2011-12-20 # default : #SSHD_PORT=22 SSHD_PORT=9876 ######################################################################### # Authentication / Security directives ######################################################################### # Authentication directives # This adds the usermode to the possible authentication methods # Usermode means that a user can start the nxserver as his shell # and connect directly to the right server via a custom client. #ENABLE_USERMODE_AUTHENTICATION="0" # This adds the passdb to the possible authentication methods # Django : 2011-12-20 # default : ENABLE_PASSDB_AUTHENTICATION="0" ENABLE_PASSDB_AUTHENTICATION="1" # This adds SSH to the possible authentication methods. For it to work sshd # must be set up at localhost accepting password authentication. #ENABLE_SSH_AUTHENTICATION="1" # This adds SU to the possible authentication methods. For it to work the # "nx" user must be in the wheel (RedHat, Fedora) or the users group (SUSE) # and the user logging in must have a valid shell that accepts the -c # parameter. #ENABLE_SU_AUTHENTICATION="0" # Require all users to be in the passdb, regardless of authentication method #ENABLE_USER_DB="0" # If enabled forces the user to use encryption. This will bail out # if the user does not have encryption enabled. #ENABLE_FORCE_ENCRYPTION="0" # Refuse the NX client connection if SSHD does not export the # SSH_CONNECTION and SSH_CLIENT variables in the environment # passed to the NX server. # 1: Will check the remote IP and will not accept the # connection if it can't be determined. # 0: Will accept the connection even if the remote IP # is not provided. #SSHD_CHECK_IP="0" # If ENABLE_SLAVE_MODE="1" the user will be just logged in _once_ and the # communication is done via nxnode slave mode. # # This is useful for one time passwords or to have less traffic in utmp # and wtmp. # # Also session startup times are much faster in slave mode. This is true especially # if many printers or shares have to be added. # # For this to work the binary nxserver-helper has to be installed in # PATH_BIN. # #ENABLE_SLAVE_MODE="1" # If ENABLE_LOG_FAILED_LOGINS="1" then failed login attempts are logged to the system # auth.log. # # This is useful in combination with tools like fail2ban. # # The default is to log failed login attemps via syslog (3). # #ENABLE_LOG_FAILED_LOGINS="1" ######################################################################### # Restriction directives ######################################################################### # The base display number from which sessions are started. #DISPLAY_BASE=1000 # The maximum number of contemporary sessions that can be run on FreeNX #SESSION_LIMIT=200 # The maximum number of contemporary sessions that a single user can run # on FreeNX. Defaults to the value of SESSION_LIMIT. #SESSION_USER_LIMIT=200 # The number of displays reserved for sessions, it has to be greater or equal # to the maximum number of contemporary sessions that a server can run. #DISPLAY_LIMIT=200 # User for which sessions should be persistent. Either the keyword "all" or a # comma-separated list of usernames or groups in the @groupname syntax. #ENABLE_PERSISTENT_SESSION="all" # Users and groups for whom persistent sessions should be disabled. # Especially useful if ENABLE_PERSISTENT_SESSION="all" #DISABLE_PERSISTENT_SESSION="" # This enables the mirroring of running sessions via VNC feature. # # Session is marked as resumable and type is vnc-mirrored. # #ENABLE_MIRROR_VIA_VNC=1 # This enables the sharing of :0 via VNC feature. # # Session is marked as resumable and type is vnc-local. # # Note: You need to have the rights to access the display # else it does not work. # #ENABLE_DESKTOP_SHARING=1 # # General shadowing / mirroring notes: # # By default shadowing is only allowed for the same user. # # If nxserver finds nxshadowacl binary, it asks it, for which users # the permission is granted. # # nxshadowacl <user> # # Exit code: # # 0 -> Save cookie in session file for other users # 1 -> Do not save cookie # # Check if user is allowed to be shadowed by admin user. # # nxshadowacl <user> <admin> # # Exit code: # # 0 -> Yes, allow shadowing and add to list # 1 -> No, don't allow shadowing # # # When using NX 3.0 shadowing, this enables asking the user whether # he authorizes another user to shadow his session # # 0: No authorization request will be presented, # and the session will be shadowed as if the user had approved. # 1: (default) Ask for authorization # #ENABLE_SESSION_SHADOWING_AUTHORIZATION=1 # Allow session shadowing in interactive mode: # # 1: The shadowing user can interact with the shadowed session. # # 0: The shadowed session is view-only. No interaction with the # shadowed session is possible. # #ENABLE_INTERACTIVE_SESSION_SHADOWING=1 # # Enable or disable clipboard: # # client: The content copied on the client can be pasted inside the # NX session. # # server: The content copied inside the NX session can be pasted # on the client. # # both: The copy&paste operations are allowed both between the # client and the NX session and vice-versa. # # none: The copy&paste operations between the client and the NX # session are never allowed. # #ENABLE_CLIPBOARD="both" # # Enable or disable the pulldown dialog, which provides a graphical # way to suspend or terminate the rootless session: # # 1: Enabled. The pulldown menu is shown when the mouse pointer # moves near the middle of the top boundary of a window and # allows the user to suspend or terminate the session by means # of an icon-click. # # 0: Disabled. The ctrl+alt+T key combination has to be issued # to get the dialog for suspending or terminating the session. # #ENABLE_PULLDOWN_MENU="1" # The option USE_PROCESSOR_TASKSET is for setting the CPU affinity of all # nx related processes. # # Note: To have for example startkde run on even another core, just specify: # # COMMAND_STARTKDE="taskset -c 2 -- startkde" # # FreeNX runs this option like: $COMMAND_TASKSET -cp "$USE_PROCESSOR_TASKSET" $$ # # So with $USE_PROCESSOR_TASKSET set to 3,4 it would balance the tasks to cores # 3 and 4. # # If this option is empty, no balance to cores is done. # #USE_PROCESSOR_TASKSET="" # If you set ENABLE_ADVANCED_SESSION_CONTROL="1" you can start a new application in an already # running rootless session by using "add <rest of name>" as session name. # # Note: The client will return a message on that. # #ENABLE_ADVANCED_SESSION_CONTROL="0" # If you set ENABLE_SHOW_RUNNING_SESSIONS="0" then nxserver will only show # suspended sessions and you will not be able to resume or terminate a running # session. # #ENABLE_SHOW_RUNNING_SESSIONS="1" ######################################################################### # Logging directives ######################################################################### # This directives controls the verbosity of the server-wide log. # 0: No Logging # 1: Errors # 2: Warnings # 3: Important information # 4: Server - Client communication # 5: Information # 6: Debugging information # 7: stderror of some applications NX_LOG_LEVEL=4 # By setting this to 0 the nxserver might be a bit faster, but passwords can be found in the log files. #NX_LOG_SECURE=1 # Before turning logging on, please make sure that NX_LOGFILE is # writeable for the "nx" user NX_LOGFILE=/var/log/nx/nxserver.log # This directive controls if the temporary session directory # ($HOME/.nx/C-<hostname>-<display>-<session_id>) should be kept after a # session has ended. A successfully terminated session will be saved as # T-C-<hostname>-<display>-<session_id> while a failed session will be saved # as F-C-<hostname>-<display>-<session_id>. # The default is to cleanup the directories. #SESSION_LOG_CLEAN=1 # Amount of seconds nxserver is to keep session history. The default of 2592000 # is equivalent to 30 days. If this is 0 no session history will be kept # and a negative value denotes infinity. #SESSION_HISTORY=2592000 ######################################################################### # Forwarding directives ######################################################################### # FreeNX with ENABLE_SERVER_FORWARD="1" will automatically forward all # connections to the host specified in SERVER_FORWARD_HOST with the # secret key SERVER_FORWARD_KEY. # # This allows to have a "chain" of NX Servers. Note that you will need to # use "SSL encryption" for all connections. #ENABLE_SERVER_FORWARD="0" #SERVER_FORWARD_HOST="" #SERVER_FORWARD_PORT=22 #SERVER_FORWARD_KEY="/usr/NX/share/client.id_dsa.key" # FreeNX with ENABLE_NOMACHINE_FORWARD_PORT="1" will automatically forward all # connections to the commercial NoMachine nxserver installed on the same # machine, which go in by port NOMACHINE_FORWARD_PORT. This feature is introduced # to enable the usage of FreeNX and NoMachine NX side by side on the same machine # without conflicts. # # Note: You need to let SSHD listen to several ports to make use of this # directive. #ENABLE_NOMACHINE_FORWARD_PORT="0" #NOMACHINE_FORWARD_PORT="22" #NOMACHINE_SERVER="/usr/NX/bin/nxserver" #NOMACHINE_NX_HOME_DIR="/usr/NX/home/nx" # LOAD BALANCING # ============== # # To do load balancing setup some hosts in LOAD_BALANCE_SERVERS and # make: # # - either sure that all incoming connections are sent to the master # server by using forwarding directives on the "slave" servers. # # - or share the session database space via NFS between the servers. # (not recommended at the moment as race conditions for DISPLAYs can # occur) # #LOAD_BALANCE_SERVERS="" # The following load_balance_algorithms are available at the moment: # # "load", "round-robin", "random" # # For "load" you need a script called nxcheckload in PATH_BIN. # # A sample script, which you can change to your needs it shipped with # FreeNX under the name nxcheckload.sample. #LOAD_BALANCE_ALGORITHM="random" # By setting ENABLE_LOADBALANCE="1" you can let users choose their # preferred host, while being forwarded to another server. Of course # this is just a preference. The loadbalancing algorithm can completely # choose to ignore the users choice. #ENABLE_LOAD_BALANCE_PREFERENCE="0" ######################################################################### # Services directives ######################################################################### # FreeNX with ENABLE_ESD_PRELOAD="1" will automatically try to setup # the sound with the help of the esd media helper. # # Currently ESD will be used just by the Windows NX Client. # # Be sure that $ESD_BIN_PRELOAD is in your path, does exist and work # before enabling this directive. #ENABLE_ESD_PRELOAD="0" #ESD_BIN_PRELOAD="esddsp" # FreeNX with ENABLE_ARTSD_PRELOAD="1" will automatically try to setup # the sound with the help of the artsd media helper. # # Currently ARTSD will be used just by the Linux NX Client. # # Be sure that $ARTSD_BIN_PRELOAD is in your path, does exist and work # before enabling this directive. #ENABLE_ARTSD_PRELOAD="0" #ARTSD_BIN_PRELOAD="artsdsp" # FreeNX with ENABLE_KDE_CUPS="1" will automatically write # $KDE_PRINTRC and put the current used socket into it. # # If you additionally enable ENABLE_KDE_CUPS_DYNAMIC it will set the # Host entry to the script nxcups-gethost, which dynamically tries all # possible entries to find the current printing host. # # The order is: CUPS_SERVER (env var), ~/.cups/client.conf, $KDE_PRINTRC, # $CUPS_DEFAULT_SOCK, localhost # # So this option is most useful with ENABLE_CUPS_SERVER_EXPORT="1". # # $KDE_PRINTRC is automatically calculated if its not set. #ENABLE_KDE_CUPS="0" #ENABLE_KDE_CUPS_DYNAMIC="0" #KDE_PRINTRC="$KDEHOME/share/config/kdeprintrc" # FreeNX with ENABLE_CUPS_SERVER_EXPORT="1" will automatically # export the environment variable CUPS_SERVER. #ENABLE_CUPS_SERVER_EXPORT="1" # FreeNX with ENABLE_CUPS_SEAMLESS will automatically try to download the # necessary ppds from the client. # # As the forwarding is just active as soon as nxagent is started, # we need a small delay of $CUPS_SEAMLESS_DELAY. # # Note: You need to use a patched cupsd on client side. #ENABLE_CUPS_SEAMLESS="0" #CUPS_SEAMLESS_DELAY="10" # FreeNX with ENABLE_FOOMATIC will integrate the foomatic db to the list # of available ppd drivers via the $COMMAND_FOOMATIC command. #ENABLE_FOOMATIC="1" #COMMAND_FOOMATIC="/usr/lib/cups/driver/foomatic-ppdfile" # CUPS_BACKEND and CUPS_ETC are the corresponding paths of your CUPS # installation. #CUPS_BACKEND="/usr/lib/cups/backend" #CUPS_IPP_BACKEND="$CUPS_BACKEND/nxipp" #CUPS_DEFAULT_SOCK="/var/run/cups/cups.sock" #CUPS_ETC="/etc/cups" # SAMBA_MOUNT_SHARE_PROTOCOL is a key to configure the supported # protocols for mounting shares. # # This key can be set to the following values: # # both, either SMB and CIFS protocol are supported, this is the default value. # smbfs, only SMB protocol is supported. # cifs, only CIFS protocol is supported. # none, no network file-sharing protocol is supported. #SAMBA_MOUNT_SHARE_PROTOCOL="both" # FreeNX with ENABLE_SAMBA_PRELOAD="1" will automatically setup # port 445 and 139 and forward them to the used samba port. # # This enables samba browsing to the local subnet in for example # konqueror. # #ENABLE_SAMBA_PRELOAD="0" # FreeNX with ENABLE_SOURCE_BASH_PROFILE="1" will source the users ~/.bash_profile # before application startup as we are kind of a login shell. # # With this key this behaviour can be enabled (default) or disabled. # #ENABLE_SOURCE_BASH_PROFILE="1" ######################################################################### # Path directives ######################################################################### # USER_FAKE_HOME is the base directory for the .nx directory. Use this # parameter instead of the users home directory if $HOME is on a NFS share. # Note that this directory must be unique for every user! To accomplish this # it is recommended to include $USER in the path. #USER_FAKE_HOME=$HOME # Add the nx libraries to LD_LIBRARY_PATH before starting nx agents. # WARNING: This will NOT (and should not) affect applications. ONLY Disable # this if the nx libraries are in a standard system path (such as /usr/lib)! #SET_LD_LIBRARY_PATH="1" # The command binary for the default window manager. If set it is run when a # 'unix-custom' session is requested by the NX Client and an application # to run is specified. It defaults to empty (ie no WM is run). # If KILL_DEFAULT_X_WM is set the WM is terminated after the started # application finishes. Else FreeNX will wait for the WM to complete. #DEFAULT_X_WM="" #KILL_DEFAULT_X_WM="1" # When a 'unix-default' session is requested by the client the user's X startup # script will be run if pressent and executable, otherwise the default X # session will be run. # Depending on distribution USER_X_STARTUP_SCRIPT might be .Xclients, .xinitrc # and .Xsession # Depending on distribution DEFAULT_X_SESSION might be /etc/X11/xdm/Xsession, # /etc/X11/Sessions/Xsession or /etc/X11/xinit/xinitrc #USER_X_STARTUP_SCRIPT=.Xclients #DEFAULT_X_SESSION=/etc/X11/xdm/Xsession # The key that contains the name of the script that starts a KDE session. # It's run when a 'unix-kde' session is requested by the client. #COMMAND_START_KDE="/usr/bin/ssh-agent /usr/bin/dbus-launch --exit-with-session /usr/bin/startkde" # The key that contains the name of the script that starts a gnome session. # It's run when a 'unix-gnome' session is requested by the client. #COMMAND_START_GNOME="/usr/bin/ssh-agent /usr/bin/dbus-launch --exit-with-session /usr/bin/gnome-session" # The key that contains the name of the script that starts a CDE session. # It's run when a 'unix-cde' session is requested by the client. #COMMAND_START_CDE=cdwm # The key that contains the name of the complete path of command name # 'xterm'. It is run when a unix "xterm" session is requested by the # client. #COMMAND_XTERM=xterm # The key that contains the name of the complete path of command name # 'xauth'. #COMMAND_XAUTH=/usr/bin/xauth # The key that contains the name of the complete path of command name # 'smbmount'. #COMMAND_SMBMOUNT=smbmount # The key that contains the name of the complete path of command name # 'smbumount'. #COMMAND_SMBUMOUNT=smbumount # The key that contains the name of the complete path of command name # 'mount.cifs'. #COMMAND_SMBMOUNT_CIFS=/sbin/mount.cifs # The key that contains the name of the complete path of command name # 'umount.cifs'. #COMMAND_SMBUMOUNT_CIFS=/sbin/umount.cifs # The key that contains the name of the complete path of the 'netcat' command. #COMMAND_NETCAT=nc # The key that contains the name of the complete path of the 'ssh' and # 'ssh-keygen' command. #COMMAND_SSH=ssh #COMMAND_SSH_KEYGEN=ssh-keygen # The key that contains the name of the complete path of the 'cupsd' command. #COMMAND_CUPSD=/usr/sbin/cupsd # The tool to generate md5sums with #COMMAND_MD5SUM="openssl md5" COMMAND_MD5SUM="md5sum" # The key that contains the name of the complete path of the 'rdesktop' command. #COMMAND_RDESKTOP=rdesktop # The key that contains the name of the complete path of the 'vncviewer' command. #COMMAND_VNCVIEWER=vncviewer # The key that contains the name of the complete path of the 'vncpasswd' command. # By default the builtin nxpasswd is used. #COMMAND_VNCPASSWD="$PATH_BIN/nxpasswd" # The key that contains the name of the complete path of the 'x11vnc' command. #COMMAND_X11VNC=x11vnc # The key that contains the name of the complete path of the 'taskset' command. #COMMAND_TASKSET=taskset ######################################################################### # Misc directives ######################################################################### # When you installed an old 1.5.0 NX Backend, set this to 1. #ENABLE_1_5_0_BACKEND="0" # When set to 1 this will automatically resume started sessions #ENABLE_AUTORECONNECT="0" # When set to 1 this will automatically resume started sessions # but only if an older client version is used #ENABLE_AUTORECONNECT_BEFORE_140="1" # When set to 1 exports NXUSERIP / NXSESSIONID in nxnode #EXPORT_USERIP="0" #EXPORT_SESSIONID="1" # This can be set to any executable, which is started after session startup # like: $NODE_AUTOSTART {start|restore} #NODE_AUTOSTART="" # When set to 1 will start nxagent in rootless mode. #ENABLE_ROOTLESS_MODE="1" # If enabled writes entries via the COMMAND_SESSREG program # into utmp/wtmp/lastlog database. # Note: You have to make sure that you add the nx user to the # utmp or tty group or how its called on your system # before this directive works. #ENABLE_USESSION="1" #COMMAND_SESSREG="sessreg" # Extra options sent to the different nx agents. See !M documentation # for examples of useful parameters. #AGENT_EXTRA_OPTIONS_RFB="" #AGENT_EXTRA_OPTIONS_RDP="" #AGENT_EXTRA_OPTIONS_X="-nolisten tcp" # The number of seconds we wait for the nxagent to start before # deciding startup has failed #AGENT_STARTUP_TIMEOUT="60" # The font server the agent will use. If set to "" no font server is used. # For this to do any good, the client has to have the same font server set # in /etc/X11/XF86Config #AGENT_FONT_SERVER="" # Disable or enable use of 'tcp nodelay' on proxy. Old versions of Linux # kernels have problems using this option on sockets that will cause a loss # of TCP connections. This option is not set by default to allow clients to # specify whether to enable or disable TCP nodelay. Setting this option to # the value of "0" NX proxy avoids using 'tcp nodelay' but it will cause a # loss of interaction in sessions. #PROXY_TCP_NODELAY="" # Extra options to nxproxy. See !M documentation for useful parameters. #PROXY_EXTRA_OPTIONS="" # In case you want to use an external 'rdesktop' command # set this to "1". # # If nxdesktop cannot be found this is set automatically to "1". #ENABLE_EXTERNAL_NXDESKTOP="0" # This configuration variable determines if 'rdesktop' command should be run with -k keyboard option # or if the keyboard should be autodetected. # #ENABLE_EXTERNAL_NXDESKTOP_KEYBOARD="1" # In case you want to use an external 'nxviewer' command # set this to "1". # # If nxviewer cannot be found this is set automatically to "1". #ENABLE_EXTERNAL_NXVIEWER="0"
SSH Daemon
Damit sich der User nx auch via ssh einloggen darf, geben wir diesen User in der zentralen Konfigurationsdatei des SSH Daemon frei.
# vim /etc/ssh/sshd_config
...
AllowUsers django nx
Unsere Änderung aktivieren wir nun mit einem Restart des SSH-Servers.
# service sshd restart
Stopping sshd: [ OK ] Starting sshd: [ OK ]
DSA-Schlüssel
Abhängig von unserer Konfiguration unseres SSH-Daemons kopieren wir nun noch die Datei authorized_keys. Hierzu fragen wir als erstes die Konfiguration unserews SSH-Daemons ab.
# grep AuthorizedKeysFile /etc/ssh/sshd_config
AuthorizedKeysFile .ssh/authorized_keys
Wir kopieren also das im RPM mitgelieferte Keyfile an Ort uns Stelle.
# cp -a /var/lib/nxserver/home/.ssh/authorized_keys2 /var/lib/nxserver/home/.ssh/authorized_keys
Zum Testen, ob wir uns nun mit nur einem Zertifikat als Nutzer nx abmelden können benötigen wir noch den privat-key das DSA-Schlüssels auf einem Rechner, von dem wir später die Fernadministration unseres Servers vornehmen wollen. Den Inhalt der Datei /var/lib/nxserver/home/.ssh/client.id_dsa.key holen wir uns noch auf unseren Testrechner und speichern dies als Datei id_dsa im Verzeichnis ~/.ssh/ ab.
# cat /var/lib/nxserver/home/.ssh/client.id_dsa.key
-----BEGIN DSA PRIVATE KEY----- MIIBugIBAAKBgQCa+bgZ4K27YsI9Xkm5rA3PHeYXWKW5y8kHUVyh4RQoPNU0rRdo ieZS3NW07Wvf05Q2Q0eONO4HX0II5i6KNhoUW0sWRkK7USbKIRWV/RzduHl8JXLM YQo9P3ZI3D0uq16T8kPf8QCKPjVl7GS0Ur5DIx41xHmNeqMj24Pew5h6JQIVAL5r W2zK7B73tB1nSc0aG31lesAuAoGAX6pmjhXeyklRZza2ZtTj/TZDEicmz4DVUAuP bR8oiqrR9PQqiz4qkJ0/OD1lFnmib1Ysouu6jiNNNGv+aZK8rMQv74nUgX3BkmwF y/r+Ru5XWTxHAyKI0GF90ZlcnO4UB4N+87UM1Ee7gDLfxeUc2n6VSq3Vl4XHtfJ+ 33GqkR8CgYBqUpMNHGlZkwRFqT7GBwpery12vz+i4Cb6b1g89/BP8dpUQTkBndCm RZbr46pb/95Xzf1Eor3jn+jKRC2bTLxOgqZbp/fnEDO44UyHXs2BtUUaEqDJk2f3 djpKvIbmrYixEc9sTUowkCTh2sFOYT0d/FM4hC7tqEJNzwsFnHVQ9gIUKiZ3E5mq JMpiwJKcMAHNPGEEhvE= -----END DSA PRIVATE KEY-----
Auf unseren entfernten Rechner, von dem wir die Verbindung aufbauen wollen, legen wir den Schlüssel nun im Homeverzeichnis unseres Benutzers ab.
$ vim ~/.ssh/id_dsa
Anschließend passen wir noch die Nutzerrechte entsprechend an.
$ chmod 600 ~/.ssh/id_dsa
Nun können wir testen, ob wir nur mit dem Zertifikat den ersten Tunnel vom Administrationsrechner aus zum Zielserver aufspannen können.
$ ssh -p 9876 nx@192.168.10.222
The authenticity of host '[192.168.10.222]:9876 ([192.168.10.222]:9876)' can't be established. RSA key fingerprint is c5:f2:18:36:72:74:d8:ac:c9:d8:e9:f2:21:f1:fb:68. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '[192.168.10.222]:9876' (RSA) to the list of known hosts. ############################################################################## # # # This is a private home server. # # # # Unauthorized access to this system is prohibited ! # # # # This system is actively monitored and all connections may be logged. # # By accessing this system, you consent to this monitoring. # # # ############################################################################## HELLO NXSERVER - Version 3.2.0-74-SVN OS (GPL, using backend: not detected) NX> 105 quit quit Quit NX> 999 Bye Connection to 192.168.10.222 closed.
Später bei der Administration unseres Servers via dem NXNomachine-Clients wird neben dem SSH-Tunnel des Users nx für unseren Benutzer ein weiterer SSH-Tunnel in dem ersten erzeugt. Damit hier die Anmeldung klappt, müssen wir noch den public-key des users zu den bekannten Schlüssel unseres Benutzers hinzufügen.
# cat /etc/nxserver/users.id_dsa.pub >> /home/django/.ssh/authorized_keys
erster Programmstart
Zur Aktivierung unserer angepassten Konfiguration in der Datei node.conf starten wir nun freenx-server einmal durch.
# service freenx-server restart
Restarting freenx-server: Stopping freenx-server: [ OK ] Starting freenx-server: [ OK ]
automatisches Starten des Servers beim Systemstart
Damit nun unser freenx-Server beim Booten automatisch gestartet wird, nehmen wir noch folgende Konfigurationsschritte vor.
# chkconfig freenx-server on
Anschließend überprüfen wir noch unsere Änderung:
# chkconfig --list | grep freenx-server freenx-server 0:off 1:off 2:on 3:on 4:on 5:on 6:off
Client
Download
Den Client laden wir uns von der NoMachine - NX Client for Linux - Seite herunter.
# cd /usr/local/src/packages/
# wget http://64.34.161.181/download/3.5.0/Linux/nxclient-3.5.0-7.i386.rpm
Installation
Das soeben heruntergeladene RPM-Paket installieren wir nun mit:
# yum localinstall --nogpgcheck /usr/local/src/packages/nxclient-3.5.0-7.i386.rpm -y
Was uns dieses Client-Paket mitliefert, offentbart uns jeweils ein rpm -iql.
# rpm -qil nxclient
Name : nxclient Relocations: (not relocatable) Version : 3.5.0 Vendor: NoMachine Release : 7 Build Date: Fr 17 Jun 2011 18:04:26 CEST Install Date: Di 20 Dez 2011 14:24:46 CET Build Host: build09.nomachine.com Group : NoMachine NX Source RPM: nxclient-3.5.0-7.src.rpm Size : 10171715 License: NoMachine License Signature : (none) Packager : NoMachine URL : http://www.nomachine.com/ Summary : NX Client Description : NoMachine NX is a fast and scalable terminal server system based on the X11 protocol. NX lets you work fluently even across slow links like modems and provides a full set of administration tools that make it a complete desktop virtualization solution for your organization. This package contains the graphical front-end used to access X, RDP and RFB sessions on a remote NX Server. It also includes NX X compression libraries and utilities needed by both NX Client and Server. Baseline: nx-X11: 3.5.0-1 nxauth: 3.5.0-1 nxwin: 3.5.0-2 nxssh: 3.5.0-2 nxcomp: 3.5.0-2 nxesd: 3.5.0-2 nxkill: 3.5.0-1 nxservice: 3.5.0-2 nxcompsh: 3.5.0-1 nx-X11-compat: 3.5.0-1 /etc/profile.d/nx.csh /etc/profile.d/nx.sh /usr/NX /usr/NX/bin /usr/NX/bin/nxclient /usr/NX/bin/nxesd /usr/NX/bin/nxkill /usr/NX/bin/nxprint /usr/NX/bin/nxservice /usr/NX/bin/nxssh /usr/NX/lib /usr/NX/lib/libXcomp.so /usr/NX/lib/libXcomp.so.3 /usr/NX/lib/libXcomp.so.3.5.0 /usr/NX/lib/libXcompsh.so /usr/NX/lib/libXcompsh.so.3 /usr/NX/lib/libXcompsh.so.3.5.0 /usr/NX/lib/libcrypto.so /usr/NX/lib/libcrypto.so.0.9.8 /usr/NX/lib/libjpeg.so /usr/NX/lib/libjpeg.so.62 /usr/NX/lib/libjpeg.so.62.0.0 /usr/NX/lib/libpng12.so /usr/NX/lib/libpng12.so.0 /usr/NX/lib/libpng12.so.0.1.2.8 /usr/NX/lib/libz.so /usr/NX/lib/libz.so.1 /usr/NX/lib/libz.so.1.2.3 /usr/NX/share /usr/NX/share/applnk /usr/NX/share/applnk/clean /usr/NX/share/applnk/clean/.directory /usr/NX/share/applnk/clean/nxclient-admin.desktop /usr/NX/share/applnk/clean/nxclient-help.desktop /usr/NX/share/applnk/clean/nxclient-wizard.desktop /usr/NX/share/applnk/clean/nxclient.desktop /usr/NX/share/applnk/mdk /usr/NX/share/applnk/mdk/menu /usr/NX/share/applnk/mdk/nxclient /usr/NX/share/applnk/mime-kde /usr/NX/share/applnk/mime-kde/nx-session.desktop /usr/NX/share/applnk/mime-xdg /usr/NX/share/applnk/mime-xdg/nomachine.xml /usr/NX/share/applnk/network /usr/NX/share/applnk/network-gnome /usr/NX/share/applnk/network-gnome/.directory /usr/NX/share/applnk/network-gnome/nxclient-admin-gnome.desktop /usr/NX/share/applnk/network-gnome/nxclient-gnome.desktop /usr/NX/share/applnk/network-gnome/nxclient-help-gnome.desktop /usr/NX/share/applnk/network-gnome/nxclient-wizard-gnome.desktop /usr/NX/share/applnk/network-rh8 /usr/NX/share/applnk/network-rh8/.directory /usr/NX/share/applnk/network-rh8/nxclient-admin.desktop /usr/NX/share/applnk/network-rh8/nxclient-help.desktop /usr/NX/share/applnk/network-rh8/nxclient-wizard.desktop /usr/NX/share/applnk/network-rh8/nxclient.desktop /usr/NX/share/applnk/network/.directory /usr/NX/share/applnk/network/nxclient-admin.desktop /usr/NX/share/applnk/network/nxclient-help.desktop /usr/NX/share/applnk/network/nxclient-wizard.desktop /usr/NX/share/applnk/network/nxclient.desktop /usr/NX/share/applnk/x-nxclient /usr/NX/share/applnk/x-nxclient-direct /usr/NX/share/applnk/x-nxclient-direct/.directory /usr/NX/share/applnk/x-nxclient-direct/nxclient-admin.desktop /usr/NX/share/applnk/x-nxclient-direct/nxclient-help.desktop /usr/NX/share/applnk/x-nxclient-direct/nxclient-wizard.desktop /usr/NX/share/applnk/x-nxclient-direct/nxclient.desktop /usr/NX/share/applnk/x-nxclient-kde /usr/NX/share/applnk/x-nxclient-kde/.directory /usr/NX/share/applnk/x-nxclient-kde/nxclient-admin-kde.desktop /usr/NX/share/applnk/x-nxclient-kde/nxclient-help-kde.desktop /usr/NX/share/applnk/x-nxclient-kde/nxclient-kde.desktop /usr/NX/share/applnk/x-nxclient-kde/nxclient-wizard-kde.desktop /usr/NX/share/applnk/x-nxclient/.directory /usr/NX/share/applnk/x-nxclient/nxclient-admin.desktop /usr/NX/share/applnk/x-nxclient/nxclient-help.desktop /usr/NX/share/applnk/x-nxclient/nxclient-wizard.desktop /usr/NX/share/applnk/x-nxclient/nxclient.desktop /usr/NX/share/applnk/xdg-x /usr/NX/share/applnk/xdg-x-direct /usr/NX/share/applnk/xdg-x-direct/nxclient.directory /usr/NX/share/applnk/xdg-x-direct/nxclient.menu /usr/NX/share/applnk/xdg-x/nxclient.directory /usr/NX/share/applnk/xdg-x/nxclient.menu /usr/NX/share/cups /usr/NX/share/cups/mime.convs /usr/NX/share/cups/mime.types /usr/NX/share/documents /usr/NX/share/documents/client /usr/NX/share/documents/client/cups-info /usr/NX/share/documents/client/license-info /usr/NX/share/documents/client/readme-info /usr/NX/share/fonts /usr/NX/share/fonts/TTF /usr/NX/share/fonts/TTF/encodings.dir /usr/NX/share/fonts/TTF/fonts.dir /usr/NX/share/fonts/TTF/fonts.scale /usr/NX/share/fonts/TTF/luximb.ttf /usr/NX/share/fonts/TTF/luximbi.ttf /usr/NX/share/fonts/TTF/luximr.ttf /usr/NX/share/fonts/TTF/luximri.ttf /usr/NX/share/fonts/TTF/luxirb.ttf /usr/NX/share/fonts/TTF/luxirbi.ttf /usr/NX/share/fonts/TTF/luxirr.ttf /usr/NX/share/fonts/TTF/luxirri.ttf /usr/NX/share/fonts/TTF/luxisb.ttf /usr/NX/share/fonts/TTF/luxisbi.ttf /usr/NX/share/fonts/TTF/luxisr.ttf /usr/NX/share/fonts/TTF/luxisri.ttf /usr/NX/share/fonts/base /usr/NX/share/fonts/base/10x20-ISO8859-1.pcf.gz /usr/NX/share/fonts/base/5x7-ISO8859-1.pcf.gz /usr/NX/share/fonts/base/5x8-ISO8859-1.pcf.gz /usr/NX/share/fonts/base/6x10-ISO8859-1.pcf.gz /usr/NX/share/fonts/base/6x12-ISO8859-1.pcf.gz /usr/NX/share/fonts/base/6x13-ISO8859-1.pcf.gz /usr/NX/share/fonts/base/6x13B-ISO8859-1.pcf.gz /usr/NX/share/fonts/base/6x13O-ISO8859-1.pcf.gz /usr/NX/share/fonts/base/6x9-ISO8859-1.pcf.gz /usr/NX/share/fonts/base/7x13-ISO8859-1.pcf.gz /usr/NX/share/fonts/base/7x13B-ISO8859-1.pcf.gz /usr/NX/share/fonts/base/7x13O-ISO8859-1.pcf.gz /usr/NX/share/fonts/base/7x14-ISO8859-1.pcf.gz /usr/NX/share/fonts/base/7x14B-ISO8859-1.pcf.gz /usr/NX/share/fonts/base/8x13-ISO8859-1.pcf.gz /usr/NX/share/fonts/base/8x13B-ISO8859-1.pcf.gz /usr/NX/share/fonts/base/8x13O-ISO8859-1.pcf.gz /usr/NX/share/fonts/base/9x15-ISO8859-1.pcf.gz /usr/NX/share/fonts/base/9x15B-ISO8859-1.pcf.gz /usr/NX/share/fonts/base/9x18-ISO8859-1.pcf.gz /usr/NX/share/fonts/base/9x18B-ISO8859-1.pcf.gz /usr/NX/share/fonts/base/cursor.pcf.gz /usr/NX/share/fonts/base/encodings.dir /usr/NX/share/fonts/base/fonts.alias /usr/NX/share/fonts/base/fonts.dir /usr/NX/share/icons /usr/NX/share/icons/16x16 /usr/NX/share/icons/16x16/application-nx-session.png /usr/NX/share/icons/16x16/nxclient-admin.png /usr/NX/share/icons/16x16/nxclient-desktop.png /usr/NX/share/icons/16x16/nxclient-icon.png /usr/NX/share/icons/16x16/nxclient-wizard.png /usr/NX/share/icons/22x22 /usr/NX/share/icons/22x22/application-nx-session.png /usr/NX/share/icons/22x22/nxclient-admin.png /usr/NX/share/icons/22x22/nxclient-desktop.png /usr/NX/share/icons/22x22/nxclient-icon.png /usr/NX/share/icons/22x22/nxclient-wizard.png /usr/NX/share/icons/32x32 /usr/NX/share/icons/32x32/application-nx-session.png /usr/NX/share/icons/32x32/nxclient-admin.png /usr/NX/share/icons/32x32/nxclient-desktop.png /usr/NX/share/icons/32x32/nxclient-icon.png /usr/NX/share/icons/32x32/nxclient-wizard.png /usr/NX/share/icons/48x48 /usr/NX/share/icons/48x48/application-nx-session.png /usr/NX/share/icons/48x48/nxclient-admin.png /usr/NX/share/icons/48x48/nxclient-desktop.png /usr/NX/share/icons/48x48/nxclient-icon.png /usr/NX/share/icons/48x48/nxclient-wizard.png /usr/NX/share/images /usr/NX/share/images/about-down.png /usr/NX/share/images/about-up.png /usr/NX/share/images/connect-01.png /usr/NX/share/images/connect-02.png /usr/NX/share/images/connect-03.png /usr/NX/share/images/connect-04.png /usr/NX/share/images/connect-fail-01.png /usr/NX/share/images/error.png /usr/NX/share/images/folder-shared-disabled.png /usr/NX/share/images/folder-shared.png /usr/NX/share/images/info.png /usr/NX/share/images/kill-dsb.png /usr/NX/share/images/kill.png /usr/NX/share/images/logo-small.png /usr/NX/share/images/logo.png /usr/NX/share/images/monitor-arrow-over.png /usr/NX/share/images/monitor-arrow.png /usr/NX/share/images/monitor-box.png /usr/NX/share/images/monitor-icon.png /usr/NX/share/images/monitor-mask.png /usr/NX/share/images/monitor-message.png /usr/NX/share/images/monitor-user-dsb.png /usr/NX/share/images/monitor-user.png /usr/NX/share/images/multimedia.png /usr/NX/share/images/new-session-dsb.png /usr/NX/share/images/new-session.png /usr/NX/share/images/printer-default-icon-disabled.png /usr/NX/share/images/printer-default-icon.png /usr/NX/share/images/printer-icon-disabled.png /usr/NX/share/images/printer-icon.png /usr/NX/share/images/printer-shared-disabled.png /usr/NX/share/images/printer-shared.png /usr/NX/share/images/pulldown-close.png /usr/NX/share/images/pulldown-suspend.png /usr/NX/share/images/pulldown-terminate.png /usr/NX/share/images/refresh-dsb.png /usr/NX/share/images/refresh.png /usr/NX/share/images/remove-dsb.png /usr/NX/share/images/remove.png /usr/NX/share/images/session-stats-01-dsb.png /usr/NX/share/images/session-stats-01.png /usr/NX/share/images/session-stats-02-dsb.png /usr/NX/share/images/session-stats-02.png /usr/NX/share/images/sharing.png /usr/NX/share/images/terminate-dsb.png /usr/NX/share/images/terminate.png /usr/NX/share/images/view-log-dsb.png /usr/NX/share/images/view-log.png /usr/NX/share/images/warning.png /usr/NX/share/images/wizard.png /usr/NX/share/keyboards /usr/NX/share/keys /usr/NX/share/keys/server.id_dsa.key /usr/NX/share/rgb
Konfiguration
Serverseite
Unser Nutzer, den wir nachfolgend einrichten werden, muss natürlich im System bereits bekannt seinn, d.h. er muss bereits einen Nutzeraccount haben. Auf den Desktop dieses Nutzers werden wir dann zukünftig den Zugriff ermöglichen. Diesen Nutzer geben wir nun dem NX Server bekannt.
# nxserver --adduser django
NX> 100 NXSERVER - Version 3.2.0-74-SVN OS (GPL, using backend: not detected) NX> 1000 NXNODE - Version 3.2.0-74-SVN OS (GPL, using backend: not detected) NX> 716 Public key added to: /home/django/.ssh/authorized_keys2 NX> 1001 Bye. NX> 999 Bye
Weiterhin hinterlegen wir das Zugangspasswort für den späteren NX Client.
Bei der Eingabe des Passwortes genau aufpassen, da dies nur 1x eingegeben werden muss!
# nxserver --passwd django
NX> 100 NXSERVER - Version 3.2.0-74-SVN OS (GPL, using backend: not detected) New password: Password changed. NX> 999 Bye
Clientseite
Die Konfiguration des Clients nehmen wir nun direkt über die GUI des NX Clients for Linux vor.
Diesen rufen wir über das Menü Anwendungen - Internet - NX Client for Linux auf, oder starten die GUI von der Konsole aus:
$ /usr/NX/bin/nxclient
Wir klicken uns also durch die folgenden Fenster und geben jeweils die Daten unserer Arbeitsumgebung passend ein:
Im folgenden Fenster tragen wir den Hostnamen und die Portnummer ein, auf den wir später zugreifen wollen. Ferner geben wir der Sitzung einen eindeutigen Sitzungsnamen, unter der wir später die Verbindung aufbauen wollen. Die Netzwerkanbindung, die uns für den Zugriff zu Verfügung steht, wählen wir über den Schieberegler aus.
Hier legen wir fest, welcher Displaymanager auf dem Zielsystem läuft und wie groß die Bildschirmauflösung dort ist.
Für den schnellen und leichten Zugriff lassen wir uns eine Verknüpfung auf den Desktop legen. Da wir aber noch den Schlüssel für die Netzwerkverkbindung hinterlegen müssen, setzen wir das Häkchen bei Advanced Configuration dialog.
Im folgenden Fenster wählen wir die Schaltfläche Key aus.
Hier tragen wir nun den client.id_dsa.key den wir bei der Clientinstallation auf dem Server erzeugt hatten. Dieser befindet sich im Verzeichnis /var/lib/nxserver/home/.ssh/ auf den Server/Zielrechner!.
# cat /var/lib/nxserver/home/.ssh/client.id_dsa.key
Zum Schluß speichern wir unsere Änderungen natürlich ab.
Clientverbindung aufbauen
Die Verbindung zu unserem Client rufen wir über das Menü Anwendungen - Internet - NX Client for Linux auf, oder starten die GUI von der Konsole aus:
$ /usr/NX/bin/nxclient
Nach Eingabe unseres Passwortes, welches wir bei der Clientinstallation auf dem Server eingegeben hatten, wird die Verbindung zum Client aufgebaut.
Sofern bereits eine Session auf dem Zielhost für den gewählten Nutzer läuft, wir uns im Verbindungsdialog diese im folgenden Fenster zur Auswahl angeboten.
Die Verbindung zum Client wird aufgebaut: