The NX server provides a secure connection between the server and client, and seems much faster than the more commonly used VNC. This is not a detailed guide to configuration, simply an effort to help others avoid my mistakes.
NOTE: These days, I'm using x2go so this page is now obsolete, being left up as there may be some who still find it slightly useful. Once the nxclient went from version 3 to version 4, it no longer worked properly for me. At that point, I began looking for a replacement and found x2go
One problem I've found with both NX and x2go is that keyboard shortcuts don't work. Therefore, rather than a tiling window manager on the server, I use openbox. Generally, the only X applications I'll open on a remote machine are a browser and terminal, so this is sufficient for my needs.
The nomachine.com site offers a free version of their NX server. It allows only two concurrent connections. If that's sufficient for you, it is quite easy to install.
Most, if not all of these commmands, with the exception of nxclient, will have to either be performed as root or with sudo. This was done on Fedora.
Go to the download section and you will see the free version for Linux. I downloaded the version for Fedora 8. You also have to download the client and node rpms, both of which have to be installed before the server. Once they are downloaded, install them with rpm -Uvh. For example, the client is (at time of writing) nxclient-3.0.0-89.i386.rpm. So, I did
rpm -Uvh nxclient-3.0.0-89.i386.rpm |
(I use -Uvh to install an rpm. Others use -ivh, or even just -i. I believe their docs say to use -i, but it really doesn't matter, all will work.)
Install the client first, then the node, then the server.
They have an administrators handbook, but at this point, I just wanted to get it working. The default installation lets you log in if you have an account on the machine running nxserver with your normal username and password.
Note, that the server's path is /usr/NX/nxserver. Upon installation, this is actually added to your PATH, and, although not supported by chkconfig, is put into /etc/init.d, where it will run at startup unless you choose to disable it by editing /etc/rc.d/rc3.d and /etc/rc.d/rc5.d. In my installation, the two files were S99nxserver and S99nxserver and S99nxsensor. If I don't want them to run on startup, I would do
cd /etc/rc.d/rc3.d mv S99nxsensor K99nxsensor mv S99nxserver K99nxserver |
Do the same for /etc/rc.d/rc5.d.
(You may actually be able to add it to chkconfig with chkconfig --add nxserver, but I haven't tested this.)
I used another Linux machine as the client. The client program opens with a typical login dialog box but has a configure button. Clicking that gives you a menubox for your settings. The client setup instructions are the same for both the Windows and Linux client, both of which are free downloads.
For host, put the host name or IP of the machine running nxserver. The default port is 22. You can choose to remember your password. You can also import a key, but in this simple setup, I used my username and password on the box running nxserver.
The next section is for the Desktop. I chose Unix. The next dropdown box gives a choice of KDE, GNOME, CDE, XDM or custom. If the server is running KDE or Gnome, you can usually choose one of them and it will work without problem. In my case, the box running the server only had fluxbox, so I chose custom. I then clicked the settings command and chose the radio button to Run the following command. I typed in /usr/bin/fluxbox (which is the location of the fluxbox command on the server.) Also, I found that if I left it at its default of Floating window, it didn't work. I had to choose New virtual desktop.
Both selinux and iptables can interfere with the usage of the nxserver. I haven't yet investigated the settings that one has to configure to get it working with those two running. For testing, I just disabled iptables and selinux.
/etc/init.d/iptables stop /usr/sbin/setenforce 0 |
After that, it just worked.
There are times when the session may not start because it can't find the font "fixed." There is a ticket open on nomachines, but in any case, the work around is to install the xorg-x11-fonts-misc package.
yum -y install xorg-x11-fonts-misc |
Using iptables should be fine if you allow ssh connections. I'm not sure what adjustments have to be made to selinux.
In my case, I just needed a way to run something that is faster than VNC on a few Linux servers, and this simple setup meets my needs on a secured LAN.
CentOS tends to have their things well-documented, and there is an an excellent article on the CentOS wiki. The CentOS documentation worked perfectly on CentOS and is far more detailed than the main FreeNX docs.
I found the following to work for me on Fedora 8. If you have installed the nomachines version, I would first uninstall all three programs, server, node and client. I then did an updatedb and found all nxserver files and directories. The directories that I recollect finding are /etc/nxserver and /usr/bin/NX. There may be a few others that I don't remember. Also, make sure that the user nx, who was created during the installation, has been removed along with the programs. If you haven't tried using the nomachines version, you don't have to worry about this.
Install the programs.
yum install -y freenx |
This will also pull in nx. It will create a directory /usr/libexec/nx as well as a /usr/share/doc/freenx-version_number, such as /usr/share/doc/freenx-0.7.1. It will also create /etc/nxserver. In /etc/nxserver you will find a file, node.conf.sample. Copy it to node.conf.
cd /etc/nxserver cp node.conf.sample node.conf |
In the /usr/share/doc/freenx directory you will find the nxsetup script. Change into the /usr/share/doc/freenx directory. Make sure that you are root by doing su -. (Note the -, it's important that you have root's $PATH.) I've found that sudo didn't work properly for some reason.
You will also have to add /usr/libexec/nx to root's $PATH for the setup script to work. For this example, we'll use version 0.7.1 again.
su - PATH=$PATH:/usr/libexec/nx cd /usr/share/doc/freenx-0.7.1 ./nxsetup --install |
It will ask you if you want to create your own keypair or use theirs, and it suggests that you use theirs. I followed their suggestion, which means typing N at the prompt. When it is installed, it should start the NX server. You may get some warnings--for example, as I don't have Gnome or KDE installed, I get a warning about that in the configuration file and note to fix by editing my node.conf.
When I first wrote this, there was no freenx client. Apparently there is one now. I haven't yet tried it, when I do, I will update this page. The Freenx page recommended using the free, as in Free Diet Mountain Dew, nx client from nomachines.
You can review the CentOS wiki article mentioned above for information on importing the key. As I said, I found that it didn't seem to be necessary with the default file, I was able to connect with a username and password on the Fedora machine running freenx. The setup for the client is the same as that described above, when using it with the nomachines version of the server.
On a second installation, it didn't work unless I imported the key. If you're on a different Linux box then it's easy enough to scp it over. You probably have to be root or have root privilege to do so. Suppose the client machine is 192.168.1.17 and the user name on the client machine is john, with a password of 1234. On the machine running the server
cd /etc/nxserver scp client.id_dsa.key john@192.168.1.17: |
Then, open it in a text editor and copy it into the key section as described in the CentOS wiki.
If you're using Windows, you can use putty or another other ssh client to ssh into the box running nxserver, cd /etc/nxserver, do cat client.id_dsa.key, copy it with the mouse in putty then paste it into the key window on the MS machine's nxclient.
I suspect that if I fiddled a bit more with authentication in node.conf this wouldn't be necessary. As mentioned, with one install, even leaving node.conf with all its defaults, and not importing the key, I was able to connect to the server with a username and password that had an account on the server. Even when I import the key, I connect as an account with a username and password on the machine with the server. So, with our user john, I would just type john in the username box and 1234 as the password.
I haven't yet really investigated getting the service to run at startup. It can be started with /usr/libexec/nx/nxserver --start. The same pattern is used for stop and restart. My very subjective impression is that it seemed as fast as the nomachines version.
One last quirk worth mentioning. The default for ssh is to have it listen on all addresses. On one machine, as I had installed Linux-VServer I had set ssh to only listen on the host's IP address. My nxclient was unable to connect because it connects to the machine running the NX server by ssh to 127.0.0.1. (For the newcomers, that address means the localhost.)
I fixed this by adding a second Listen line to my /etc/ssh/sshd_config. The default is
#ListenAddress 0.0.0.0 #ListenAddress :: |
(They both have comment signs in front of them if you leave the defaults alone. )
I had changed it to the VServer host's address, for example, 192.168.1.20
ListenAddress 192.168.1.20 |
Now I added a second line
ListenAddress 127.0.0.1
After that, the nxclient was once again able to connect.
A helpful thread for Fedora 9 and 10 can be found here at Fedora forums.