slitaz-doc-wiki-data diff pages/en/guides/remotedesktop.txt @ rev 141

Added nmon to en:handbook:systemtools
author Christian Mesh meshca@clarkson.edu
date Mon Mar 19 22:00:56 2012 +0000 (2012-03-19)
parents
children
line diff
     1.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     1.2 +++ b/pages/en/guides/remotedesktop.txt	Mon Mar 19 22:00:56 2012 +0000
     1.3 @@ -0,0 +1,110 @@
     1.4 +===== Remote Desktop =====
     1.5 +
     1.6 +\\
     1.7 +
     1.8 +==== NoMachine (NX) ====
     1.9 +
    1.10 +<note important>This section is under construction and has not been verified by others. It has been created from one particular (working) configuration.</note>
    1.11 +
    1.12 +[[http://www.nomachine.com|NoMachine]] (NX) is a propietary remote desktop system, supporting multiple hosts and keypair-based log-ins.
    1.13 +
    1.14 +<note>This guide assumes you have a working SSH configuration for remote access. NoMachine/NX channels authentication and encrypted communications through SSH. This can be via password authentication or an RSA key pair; NoMachine/NX uses a DSA key pair to authenticate.</note>
    1.15 +
    1.16 +<note>My ([[http://forum.slitaz.org/index.php/profile/20/seawolf|seawolf]]) personal SSH configuration uses a non-standard port and key pair-based, password-less authentication. The differences in this guide to a standard, password-protected SSH configuration using port 22 are irrelevant as the default is given initially.</note>
    1.17 +
    1.18 +There are three parts to a NX system:
    1.19 +  - the **server** is the machine to which you connect;
    1.20 +  - the **node** is one in a group of resources that hosts your session - this can be the server;
    1.21 +  - the **client** that connects to a server (and in turn, the node).
    1.22 +
    1.23 +\\
    1.24 +
    1.25 +=== Download the Software ===
    1.26 +
    1.27 +There are three packages available to [[http://www.nomachine.com/download-package.php?Prod_Id=2071|download]] from NoMachine. All clients must have installed the client package, whereas all three packages must be installed on servers and nodes. This is because parts of the client package is used by the node, parts of which are used by the server.
    1.28 +
    1.29 +  * Decompress the three NX packages (client, node, server) on the server into ''/usr'' to create ''/usr/NX'' directory.
    1.30 +  * Decompress the client package on the client(s).
    1.31 +
    1.32 +\\
    1.33 +
    1.34 +=== Server Configuration ===
    1.35 +
    1.36 +The automated commands are not compatible with BusyBox and the SliTaz configuration, so the installation commands need to be edited:
    1.37 +  * Create the symlinks ''/etc/rc.d/rc#.d/'' all pointing to ''/etc/init.d/''. This can be easily achieved with the following command performed as the //root// user:
    1.38 +  * ''for NUM in 0 1 2 3 4 5 6 ; do cp /etc/rc.d/init.d /etc/rc.d/rc$NUM.d; done''
    1.39 +
    1.40 +  * Modify ''/usr/NX/scripts/setup/nxserver'' by:
    1.41 +      * fixing the user add/del commands in lines 924, 963, 984.
    1.42 +      * comment out the command in line 956 by placing a hash immediately after the opening quotation mark (command not needed)
    1.43 +  * Install the server: ''sudo /usr/NX/scripts/setup/nxserver --install fedora''
    1.44 +      * the OS doesn't really matter but it's the closest match for the numerous /etc/init.d commands
    1.45 +  * Change the server name & SSH port (if necessary) in ''/usr/NX/etc/server.cfg'' (line 31, 36 & 236)
    1.46 +  * Allow administrative logins in line 87 of ''/usr/NX/etc/server.cfg''
    1.47 +
    1.48 +\\
    1.49 +
    1.50 +=== Node Configuration ===
    1.51 +
    1.52 +The automated commands are not compatible with BusyBox and the SliTaz configuration, so the installation commands need to be edited:
    1.53 +  * Modify ''/usr/NX/scripts/setup/nxnode'' by:
    1.54 +      * specify SSH port in line 43 (if necessary)
    1.55 +      * change to ''local.sh'' on line 1305
    1.56 +
    1.57 +  * Install the node: ''sudo /usr/NX/scripts/setup/nxnode --install fedora''
    1.58 +      * ignoring warning about CUPS detection if you don't have a printer
    1.59 +  * Change server name & SSH port (if necessary) in'' /usr/NX/etc/node.cfg'' (line 32, 342)
    1.60 +
    1.61 +\\
    1.62 +
    1.63 +=== User Configuration ===
    1.64 +
    1.65 +  * Enable the nx user account by using: ''sudo passwd -u nx''
    1.66 +  * Confirm this with: ''sudo /usr/NX/bin/nxserver --usercheck //username//''
    1.67 +
    1.68 +<code>
    1.69 +NX> 900 Verifying public key authentication for NX user: //username//.
    1.70 +NX> 900 Adding public key for user: //username// to the authorized keys file.
    1.71 +NX> 716 Public key added to: /home/ //username// /.ssh/authorized_keys2.
    1.72 +NX> 900 Verifying public key authentication for NX user: //username//.
    1.73 +NX> 900 Public key authentication succeeded.
    1.74 +NX> 999 Bye.
    1.75 +</code>
    1.76 +
    1.77 +You should now be able to log-in to the server/node using a normal username and password.
    1.78 +
    1.79 +\\
    1.80 +
    1.81 +=== Recreating Keys ===
    1.82 +
    1.83 +When the default key pair authenticates correctly, they should be regenerated for security reasons. Issue the following command to create a new key pair:
    1.84 +''sudo /usr/NX/bin/nxserver --keygen''
    1.85 +
    1.86 +New keys should be created. Distribute the secret key ''/usr/NX/share/keys/default.id_dsa.key'' to clients and import it in the client GUI (Configure > General > Server > Key... > Import).
    1.87 +
    1.88 +Restart the server (''sudo /usr/NX/bin/nxserver --restart'') to complete the changes.
    1.89 +
    1.90 +\\
    1.91 +
    1.92 +=== Tips ===
    1.93 +
    1.94 +  * If you want to use key pair and password-less authentication, ammend ///etc/ssh/sshd_config// with:
    1.95 +PasswordAuthentication no
    1.96 +AllowUsers nx //other usernames//
    1.97 +
    1.98 +  * Open ports 5000-5200 for an unencrypted connection. This is because after a successful authentication has taken place the client reconnects to a display in the range starting at 'DisplayBase' up to the value ('DisplayBase' + 'DisplayLimit'). These parameters default to the values "1,000" and "200" respectively and TCP port numbers are obtained by adding the value "4,000" to the display numbers, thus giving 5000 and 5200. If encrypted display is enabled, all traffic is piped through SSH.
    1.99 +
   1.100 +  * If the client fails to connect to the server with the following messages:
   1.101 + 
   1.102 +<code>
   1.103 +NX> 203 NXSSH running with pid: //PID//
   1.104 +NX> 285 Enabling check on switch command
   1.105 +NX> 285 Enabling skip of SSH config files
   1.106 +NX> 285 Setting the preferred NX options
   1.107 +NX> 200 Connected to address: //IP address// on port: //SSH port//
   1.108 +NX> 202 Authenticating user: nx
   1.109 +NX> 208 Using auth method: publickey
   1.110 +NX> 204 Authentication failed.
   1.111 +</code>
   1.112 +
   1.113 +then the ''/usr/nx/home/nx/.ssh/authorized_keys2'' file is likely at fault.