HOWTO: Use NXclient to remotely control Ubuntu

[A$h X]

What does remote desktop mean?

Well all it means is that you could have a machine at home/work/wherever which you want to access from another machine at a different location. Remote Desktop (or virtualization as it's now called) allows you to do this.

What do server, host, and client mean?

The server is the machine you want to control. It may be your home PC or a work machine you want to access whilst you are on the move or from another companies' machine.
Host is just another way to refer to the server.
The client is the machine from which you want to access the remote machine AKA the machine from which you will control the server. Another way to look at it is if you want to control your home PC from work then your work PC is the client and the home PC is the server.

Got that? Server= Far away computer, Client = Computer your sitting at now.

What you need:

Okay firstly there are loads of remote desktop (RDP) programs out there, I'll be using NXclient/server. With NXclient you require a minimum of effort to get things up and running, and it is popular as it is very fast compared to rival products. It is also free for linux and windows users, so that's an advantage.

Right now here's the files you need:
For an Ubuntu Gutsy (or any debian based distro) SERVER:

NXclient: http://64.34.161.181/download/3.1.0/...1.0-6_i386.deb

NXnode: http://64.34.161.181/download/3.1.0/...1.0-6_i386.deb

NXserver:http://64.34.161.181/download/3.1.0/...1.0-5_i386.deb

You need ALL of these files to able to control your ubuntu machine remotely.
Download and install them IN EXACTLY THE ORDER STATED. So that's client, node and finally server.

Next you need openSSH-server. Get it from the repo by searching for "openssh" or type:

sudo apt-get install openssh-server

Now for your CLIENT you only need the NXclient software as posted above. For windows users get the Windows XP Professional NXclient here:

http://64.34.161.181/download/3.1.0/...nt-3.1.0-6.exe

So now you have installed the client, node and server and openSSH-server software on the ubuntu machine you want to control, and the NXclient software on the ubuntu/windows machine from which you'll be doing the controlling.

STEP 1: Testing SSH

We just want to see if SSH is behaving as it should be, so in terminal type:

ssh localhost

Type yes when prompted. Now type:

ssh username@your.ipaddress.here

where "username " is your ubuntu username, and "your.ipaddress.here" is your IP address.
If you do not know your IP address then visit http://whatismyipaddress.com/

The final command for SSH is:

sudo /etc/init.d/ssh restart

Okay SSH server is configured, next is...

STEP 2: Configuring NXserver
We want to check if NXserver is running, so type (press return after each line):

cd /
cd /usr/NX/bin
sudo ./nxserver --status

That should say NX server is running. Next type:

sudo ./nxserver --useradd username --administrator

where "username" is your ubuntu username. This will add a NXserver user who has admin rights, I think this is necessary as normal users must be added by the admin, so the admin must be setup first. Anyway you will then be prompted for the system password (your login password) so go ahead and type it. After all that a new admin user should have been added, and a key generated.
To check if the user was added correctly type:

sudo ./nxserver --userlist

The username you just entered should be there. Now see if everything is okay authenication wise. Type:

sudo ./nxserver --usercheck username

where username is your system username. If everything is fine and dandy then I believe we are done with configuring NXserver.

STEP 3: Opening a listening port

You need to open port 22 on the server so NXclient can login. I use firestarter GUI to do this, which simply provides a front-end to ubuntu's built-in firewall IPtables. Go to synaptic and search for "firestarter" or type

sudo apt-get install firestarter

Start firestarter (from applications > internet) and then goto the policy tab and right click in the "allow service" window and add rule. Choose SSH from the drop-down menu and port 22 is automatically selected. Leave the "apply for" value as anyone, click OK and click apply policy.

If you have a router, then you will need to open port 22 in your router setup as well as in firestarter. More info about opening ports on your particular brand of router can be found at www.portforward.com


We are now finished configuring your ubuntu server. Now we just need to login from the client.

STEP 4: Connecting using NXclient
Once the server is all set then you need to configure the client. Start the NXclient connection wizard and enter a name for the session, then you have to enter the host. Here you enter the IP address of the server and the port is already set to 22. Click Next and you have enter what kind of machine you are connecting to. In the case of ubuntu it will be unix gnome, in the case of kubuntu it will be unix KDE. You can also specify how much screen space will taken up by the remote desktop window (I usually pick 800*600). Click next and finally you will be presented with a small NXclient box. Enter your username in the login field, your system password in the password field, and leave the session as it is.

If everything went according to plan then you should have a window pop up with a red !M logo, and then it should change into your remote desktop. Enjoy!

Wait! I'm worried about security!
I don't blame you, and there are a few steps we can take to ensure your remote desktop connection is more secure. Firstly because port 22 is a common target, we'll change it to something else. Firstly type:

sudo gedit /etc/ssh/sshd_config

Where it says:

# What ports, IPs and protocols we listen for
Port 22

change 22 for whatever port you wish. I suggest a higher number like 55555 as the lower numbers are used by other applications. SSH also requires another file to be modified to change your port. Type:

sudo gedit /etc/ssh/ssh_config

and on the line reading:

# Port 22

delete the # symbol and change 22 to the value you chose for your port.

Now we must change the config file for NXserver to listen on our new port. Type

sudo gedit /usr/NX/etc/server.cfg

Change the value 22 in the following two lines:

# Specify the TCP port where the NX server SSHD daemon is running.
#
# SSHDPort = "22"

(make sure to delete the # from in front of SSHD)

# Specify the TCP port where the SSHD daemon is running on the NX SSH
# authentication server.
#
SSHDAuthPort = "22"

to the value you chose for your port (55555 in my example). Finally you need to open your chosen port in firestarter and your router if you have one as shown above. Don't forget to delete the entry for port 22.

Now on NXclient you simply change the port to the value you chose and everything should work as before.

A fairly serious security hole is that when you logon to your remote desktop, you use the system password so you have full read/write/delete access which may not be good thing if the computer NXclient is on is an untrusted machine.
I recommend creating a separate user account on ubuntu which can only read/write to certain areas so as to minimize any chances of malicious action. Then create a NXserver account with that limited access user. You could also specify exactly what actions the NX user can take eg only use installed programs, no terminal access, no desktop only terminal etc.
I would recommend creating a separate NX account for each session at untrusted clients, and then deleting that user after your work is done. Ideally you should be not be remote connecting from insecure machines at all.

Another security risk is that your encryption key for NXclient may be copied, you can generate new keys from the server and then copy them over to the client (physically obviously, or by other means apart from NXclient).

You can find how to create restricted users, create and distribute new encryption keys and more from the NXserver manual, which can be found here:

http://www.nomachine.com/documents/admin-guide.php

Hey, I want to control XP from Ubuntu!

Unfortunately, there is no NXserver for windows (yet), so NXclient cannot control a XP machine.
BUT there is a better solution in that all the programs you need are already installed by default in gutsy and XP professional. Two simple steps are all it takes:

Step 1: Configuring remote desktop on XP

In XP goto control panel > system.
Click the remote tab of the system window.
Tick the "allow users to connect remotely to this computer" check box.
Click apply and OK.

Now open a port to allow us to connect in your firewall and router if you have one. By default remote desktop uses port 3389, but for security reasons you are advised to change it. Make sure the protocol is set to UDP.
I have been informed that ubuntu can only communicate with remote desktop if it uses the default port of 3389 so ignore the changing port advice until the bug is resolved.

Step 2: Configuring Terminal Server client
Now on your ubuntu system goto applications > internet > terminal server client.

In the computer box type the IP address of the XP machine you want to connect to, in the form of the IP address followed by a colon followed by the port number you opened. eg if the XP machines' IP address was 123.456.0.1 and the port we had opened was 55555, then this is what you would type:

123.456.0.1:55555

The default listening port for remote desktop is 3389 so if you didn't change it then you would use 3389, in that case you don't need to enter a colon followed by the port number, just the IP address 123.456.0.1 would be enough.

Leave protocol as RDP.
In user type the windows username that you use to login into XP.
In password type the windows password that you use to login into XP.
In client hostname type the name of the ubuntu machine. This step is optional IIRC.

Hit connect and that's it! You should get a window appear with your remote XP desktop inside it.

Note: Due to the publicly known port number amongst other reasons, remote desktop is very insecure, I recommend using SSH tunneling on the XP machine see here:

http://theillustratednetwork.mvps.or...esktopSSH.html

This will allow you to make a secure connection using port 3389.

[Inxsible]

I believe there is a small typo in your very useful guide.

If someone wants to change the SSH port then they would find the server.cfg file under /usr/NX/etc and NOT /usr/NX as mentioned in your guide. Apart from that, everything worked for me.


Having said that, I used a 1024x768 screen resolution from my XP machine, but I cannot see the entire desktop. i.e. I cannot see the AWN bar at the bottom and the gnome-panel that I have at the top. So I have to keep pressing Alt+F2 to do anything. Is there a way I can see the entire desktop including the two bars ?

My Ubuntu machine's resolution is 1440x900, if that matters.

[A$h X]

Glad you found the guide useful and thanks for catching the typo.
As far as not being able to see the entire remote desktop, because your ubuntu desktop is larger than your XP desktop, you won't be able fit the entire remote desktop into a window unfortunately.
Try lowering the resolution of your ubuntu desktop (system> preferences > screen resolution) to 1024x768 or less so you can have it in fullscreen in XP.

[Inxsible]

Thanks, I will try to change the resolution on the Ubuntu box.

But I tried to login right now and this is what I am getting:
Authentication failed for user:

I have attached a screenshot. And I have tried it multiple times and it still does not work. I even tried it with a couple other usernames that I have on the ubuntu box

[A$h X]

Is SSHserver and NXserver running on the ubuntu machine? Make sure you are logging in with a NX user; that is a user you have created in NXserver as specified in the guide?

[Inxsible]

Is SSHserver and NXserver running on the ubuntu machine? Make sure you are logging in with a NX user; that is a user you have created in NXserver as specified in the guide?

Yes to all the questions .

I'll try it again tonight.

[hansonlee]

I tried to add myself to the admin userlist in nxserver, but I kept getting error message that the system is unable to generate the SSH key.

I have the openSSH installed and running, and can even login from other computer through SSH telnet.

Ubuntu version: 7.10

Anyone has an idea? Thanks!

Code:

hanson@lsa-271c-004:/usr/NX/bin$ sudo ./nxserver --usercheck hanson
NX> 900 Verifying public key authentication for NX user: hanson.
NX> 900 Adding public key for user: hanson to the authorized keys file.
NX> 596 ERROR: NXNODE Ver. 3.1.0-6  (Error id e705430)
NX> 596 ERROR: Cannot add NX server public DSA key for user: hanson
NX> 596 to the authorized keys file.
NX> 596 ERROR: Cannot create file: /home/hanson/.ssh/authorized_keys2: Permission denied.
NX> 900 ERROR: Failed to add public key.
NX> 999 Bye.

[Inxsible]

Ok I think my problem is with the fact that I changed my port. Because if I change my port back to 22 it works.

if its anything but 22, I keep getting the "Authentication failed for user : _____" error.

[Inxsible]

Any ideas anyone?

everything works when I use the default SSH port of 22, but if I change it to anything else, i keep getting Authentication errors.

[A$h X]

Any ideas anyone?

everything works when I use the default SSH port of 22, but if I change it to anything else, i keep getting Authentication errors.

Changing the port works on mine, are you sure you have created a rule in firestarter and changed the port in NXclient? Make sure the port value is the same in all four (SSHD_config, server.cfg, and firestarter on the server, and NXclient's target port on the remote computer).

hansonlee: I'm trying to find more info on your problem, googling your error ID draws a blank, in the mean time trying deleting your user and re-adding them to see if it helps. Or create another system user, then add them as a SSH and NXserver user.