Linux

Check out NX remote access for Linux and Solaris systems

Vincent Danen shows you the basics to using the NX remote desktop system for Linux and Solaris. It is fast, secure, and has free clients available for Linux, Windows, OS X, and Solaris.

We have looked at other remote desktop-sharing programs in the past, but one of my favourites is NoMachine's NX. NX has been around for a long time, and one of the reasons I enjoy it so much is that it uses SSH as a transport and authentication layer. If the remote system can run sshd, and port 22 or some other port that sshd is listening to can be accessed through a firewall, then you have most of the pre-requisites for remote desktop access via NX already in place.

NX server is available for Linux and Solaris, so it isn't as cross-platform as one might like. If, however, you strictly need something to share or access a remote Linux or Solaris system, NX is a perfect solution.

The free NX server is packaged with many Linux distributions. On Fedora, you can easily install it using:

# yum install freenx-server

The client package is called freenx-client; clients for other operating systems can be downloaded from the NX web site.

Once the server package is installed, you can start it by executing:

# service freenx-server start

The best transport mechanism NX uses is SSH -- this allows strong authentication and encryption of the session. The client will connect to the remote system as the nx user, so if you have modified /etc/ssh/sshd_config to only allow specific users, you will need to add the user nx to this list.

Next, you need to obtain a copy of the server's /etc/nxserver/client.id_dsa.key file and import it on the client. You also need to know the user's password that you want to establish the connection for. Essentially, the NX client will connect to the server as the user nx, then authenticate locally to the defined user with the defined password, and finally start the remote desktop.

To launch the Linux client from the freenx-client package, launch the qtnx application (also available under Applications | Internet in Fedora's GNOME menu). If a freenx client is not available, download the client from the NX web site.

Figure A

On the client, in the General tab (Figure A), you will see the hostname of the host to connect to, the port (default is 22), and you can also tell the NX client to remember your password. There is a button entitled Key, which is what you need to use to import the contents of the client.id_dsa.key you obtained from the server. You choose whether you want to use GNOME, KDE, or some other desktop interface, and select the connection type; usually Unix will suffice here. You can also customize the size of the remote display (Figure B).

Under the Services tab of the official NX client, you can determine whether or not multimedia support is enabled (i.e., receive sound events from the server), whether CUPS printing is enabled, and whether SMB file sharing is enabled. This functionality does not exist in the QtNX client.

Figure B

NX is a really fast, and very secure, remote desktop system. The Free NX server comes with most Linux distributions, and the clients are free for download; there are clients for Linux, Windows, OS X, and Solaris.

The downside of NX is that the server only runs on Linux and Solaris. It would be really great to see a server for OS X, and one for Windows as well. Then NX would be the perfect cross-platform replacement for other remote desktop protocols, including VNC.

About

Vincent Danen works on the Red Hat Security Response Team and lives in Canada. He has been writing about and developing on Linux for over 10 years and is a veteran Mac user.

14 comments
gigi.mathew-1
gigi.mathew-1

NoMachine NX implements a standard compliant X server on the NX server side. This virtual X server accomplishes the task of encoding the X11 protocol efficiently and forwarding the output to the client, therefore all applications that use the X-Window protocol for displaying their output should work with NX without modifications.

gracedman
gracedman

We have working with NX for several years now and are using it extensively. However, we have been using the X2Go implementation instead (http://www.x2go.org). It takes a slightly different approach and is not strictly an NX look-alike. Instead, it bundles several services including NX but also pulseaudio and sshfs to create a complete virtual desktop environment including sound, local printing, and local file sharing. We have also been working closely with the VCXSRV developers (http://vcxsrv.sourceforge.net) to dramatically improve functionality and performance for the windows client. Although NX does not run on Windows as a server, we have found that it is so much faster than VNC or RDP that we are delivering remote Windows desktops by having the remote desktop connect to an X2Go server in the background and then run an rdesktop session to a Windows server on the same LAN. Sending the Windows screens via NX through the X2Go server is much, much faster than trying to do RDP across the WAN connection.

gigi.mathew-1
gigi.mathew-1

NX is a really fast, and very secure, remote desktop system. The Free NX server comes with most Linux distributions, and the clients are free for download; there are clients for Linux, Windows, OS X, and Solaris. Great alternative for VNC

gigi.mathew-1
gigi.mathew-1

NX is a really fast, and very secure, remote desktop system. The Free NX server comes with most Linux distributions, and the clients are free for download; there are clients for Linux, Windows, OS X, and Solaris. Great alternative for VNC

pgit
pgit

Not having a windows server is huge limitation. At most of the locations I service personnel need remote access directly into a windows desktop environment. Open VPN on a Linux server and windows remote desktop work beautifully for this. In all other situations, where a Linux machine needs to be accessed remotely, I'm doing the access and I don't need a desktop environment. ssh is perfect. So I haven't done much more than play around with NX. It is fast, stable and very easy to set up the client on windows. I would use it in any circumstance where a customer needed remote access to a Linux machine. I haven't figured out how to get people into that kind of a position. For eg databases stored on a Linux server are accessed from a windows (only) based client, so their remote access must be to a windows client, accessing the database directly is of no use. Running the database 'raw' over a remote connection (ssh or vpn) in order to run one of these client apps on a windows machine at home or on the road doesn't work. The dbs are very time sensitive, and there's a lot of data flowing back and forth between client and server. It's vastly less overhead to run the client on a machine in the office and only shovel desktop updates over the wire. So as of yet I've not been able to deploy freeNX anywhere. Shame, because it is a great application.

ketan
ketan

I use this daily - I even use it instead of switching my KVM from computer to computer... :D. It is nice and fast even across a slow dsl connection, or a slow Cellular connection. I love the way it works and have even setup some clients with it.

spearson@8herons.com
spearson@8herons.com

Hi, Does the Free NX server automatically start up during reboots so that you can access it via the NX client right away after a reboot without having to first login locally to the server, or do you have to jump through a few hoops to set it up that way, like you do with VNC?

Neon Samurai
Neon Samurai

I've not mucked with NX yet. How is the protocol better/faster/moresecure than RDP and VNC? (There is a rather nice AES plugin for VNC that bring's it's encryption up to snuff).

ketan
ketan

Yes indeed it does.

pgit
pgit

That it runs over ssh. VNC communicates in the clear unless you go out of your way to run it over ssh or use some other authentication and/or encryption. Not sure about the RDP, my clients use it extensively and there's been no issues with either security or reliability. I haven't looked into how it actually works, though. I suppose I should, but it's not a pressing matter as all of the clients using vista or win7 RDP are connecting to the remote over VPN using two forms of encryption. To my eyes a win7 to win7 RDP is faster than NX, but being there's no NX server for windows it's impossible to make a direct comparison. It very well could be the conversion between gdi and X is the difference, NX being just a touch slower on similar hardware. Remote desktop (and VPN) is something I have messed around with a lot.

martin.terbuc
martin.terbuc

The NX protocol is encripted and COMPRESED. The data are also cached localy and transmited are only changes. I have edited photographies over 512/256kB ADSL line and it was faster as on local computer. If You have computer with freeNX server and client on other computer on same table, start of applications and work is faster on remote computer as on local computer. If I go abroad, i can work without any problems on airport, hotel rooms, ...

pgit
pgit

I have a number of users regularly connecting over the internet with ultravnc, one of them actually offers business accounting services this way! Thankfully most are just helping grandma with her email settings. I haven't has much luck with security plugins and uvnc. I'll have a look at the link. I've basically been crossing my fingers and hoping nothing goes amiss with those setups.

Neon Samurai
Neon Samurai

That was my first consideration when I looked at it long ago. UltraVNC includes encryption plugins though these are a better addon in my opinion: http://adamwalling.com/SecureVNC RDP can have encription enabled through the LDAP policy (on Windows machines anyhow). I'm not sure about it's default settings offhand though I'm not seeing any credentials in my sniffer. Maybe it's using kerberos to authenticate before opening the session with lesser encryption? I should look into that more as I find RDP handy when I want multiple remote desktops open; that is one UltraVNC shorcoming, it's not so good with more than one remote session at a time. Either the UltraVNC client won't open twice do it or the DX client wrapper crashes out.

Neon Samurai
Neon Samurai

As it stands with RDP/VNC, I can tell when a remote machine is on wifi versus even a 100mb wire into someone's highspeed ISP.

Editor's Picks