用NX/FreeNX做远程主机管理
偶然的机会看到朋友用NX/FreeNX做远程的主机管理,了解之后,觉得还是很方便的,也推荐给大家。
以下内容转自 http://wiki.centos.org/HowTos/FreeNX
NX is a Terminal Server and Remote Access solution based on enterprise class open source technologies by NoMachine. Thanks to the outstanding compression, session resilience and resource management developed on top of the X-Window system, along with the integration of powerful resource sharing capabilities, printing and audio of the Linux / Unix world, NX makes it possible to run any graphical application across any network connection as if you were sitting in front of your CentOS (server) computer.
When making a connection, you have the server computer (the computer to which you will connect & upon which you will open the desktop) and the client computer (the computer from which you will make the connection to the server).
1. Installing NX / FreeNX on the server
Currently there is a version of NX and FreeNX in the CentOS Extras repository.
To install the stable version of NX / FreeNX, issue this command from the server:
yum install nx freenx
You may also download the RPMS from:
http://mirror.centos.org/centos/4/extras/i386/RPMS/
http://mirror.centos.org/centos/5/extras/i386/RPMS/
and the SRPMS from:
http://mirror.centos.org/centos/4/extras/SRPMS/
http://mirror.centos.org/centos/5/extras/SRPMS/
| Note: Sometimes, there are issues that require the No Machine Client to also be installed on your NX server. If you are having issues such as the inability to close the client, please download the latest No Machine Linux Client RPM (see the Linux link below) and install it on your NX server. These issues are much less prevalent in versions of NX > 3 and freenx > 0.7. |
2. Key-based authentication
Note: Although this section is optional, it is recommended that key-based authentication be implemented.
Copy a minimal configuration file for nxserver :
cd /etc/nxserver ; cp node.conf.sample node.conf
If your machine is connected to the Internet, you’ll probably want to disallow ssh password authentication (which is advised but not mandatory). Edit the /etc/ssh/sshd_config file and change/add the following lines:
PasswordAuthentication no
AllowUsers nx
Don’t forget to restart the sshd daemon after making that change:
service sshd restart
By default, if you try to connect to the NX server, it will use the nx account for the ssh connection (with key authentication) but it will try also to connect in ssh with your own username/password to the host you’re trying to reach. Because we’ve disabled the PasswordAuthentication (the advised method), we have to use the NX Database to allow pass-through authentication. Be sure that /etc/nxserver/node.conf file contains the following line :
ENABLE_PASSDB_AUTHENTICATION="1"
Then create yourself a posix account (with useradd/passwd if not already done). Add this newly created user to the nxserver database:
nxserver --adduser myuser NX> 100 NXSERVER - Version 1.5.0-60 OS (GPL) NX> 1000 NXNODE - Version 1.5.0-60 OS (GPL) NX> 716 Public key added to: /home/myuser/.ssh/authorized_keys2 NX> 1001 Bye. NX> 999 Bye
Assign a password for this user:
nxserver --passwd myuser NX> 100 NXSERVER - Version 1.5.0-60 OS (GPL) New password: Password changed. NX> 999 Bye
Don’t forget to add this new user on the AllowUsers line in the sshd_config file (for example: AllowUsers nx myuser) and then reload sshd (service sshd reload).
3. Installing the NoMachine Client
NoMachine does not allow the distribution of their client, so it must be downloaded from their website. There are clients for Linux, Mac OSX, Solaris, and Windows.
| Note: The 3.1.x and 3.0.x versions of the Nomachine clients have been tested and seem to work OK with the CentOS supplied FreeNX/NX solution. If you are having problems, here is a link to the latest 2.1.0 i386 client from no machine, which also does work. |
Pick the client for your OS and install it on your OS per the instructions on the No Machine site, then use the below instructions to connect to your NX server.
- Open the NX Connection Wizard. Enter a Session name, a hostname (or ip address), a Port number and select your Type of Internet Connection and select Next.
- Select the connection type, the desktop system you want to use, and the size of the desktop. Also decide if you want to Encrypt all Traffic via SSL. If you use SSL, not only is the traffic encrypted, but it uses only the SSL port you list to make the connection. This means only the SSL port needs to be open to inbound traffic if you are connecting from outside a firewall. Select Next when finished.
| Note: On newer NX clients (> 3.0.0), the check box is to disable SSL traffic, so do not check the box in that case if you want SSL encryption |
- Choose if you want to Create shortcut on desktop and then Select Show the Advanced Configuration dialog box and then select Finish.
- In the advanced dialog window under the General Tab, you should see the items you have already entered and a Key… button. You will need to ssh into the server which you are trying to connect and go to the /etc/nxserver/ directory and edit the file client.id_dsa.key (you must be the root user to open this file). Copy all the text (including the BEGIN DSA PRIVATE KEY and END DSA PRIVATE KEY lines. Press the Key… button, delete the text that is in there, and paste the client.id_dsa.key information from the server into the DSA Key text box (shown in yellow below}, then select Save.
- Select the Advanced tab. It is recommended that you have Enable SSL Encryption of All Traffic selected.
- You should now be able to connect to the Server machine and open your desktop from the client. Please see NoMachine Support for more information.
4. Troubleshooting
There seem to be problems with connecting the current NX client for Windows to the current (0.5.0-8) NX-Server in CentOS. This problem seems to be known as the “backingstore” problem.
This issue is now fixed in the 0.5.0-9 version (or greater) of the CentOS package. Which can be found in the Extras Repository. It should no longer be an issue, however we will leave the information as a reference for people still using the older versions.
From the FreeNX-FAQ:
Backingstore problem:
Thorsten Sandfuchs found some issues concerning backingstore. Problem arouse as you try to connect to a 0.5.0 installation with no 2.0.0 backend support and a 2.0.0-client. As Nomachine changed the behaviour of the backingstore-option. In 1.5.0-clients the client sends “always, when_requested” et all and freenx just passed this string to the nxagent-call. The new client now sends “backingstore=1″ and the 1.5.0-nxagent issues a warning and an error with “no argument requiered for -bs” or with “Error: NX Agent exited with exit status 1.”. You can read all his message here: Backingstore or 2.0.0-client and 1.5.0 backend and freenx-0.5
Look at nxnode and in function ‘node_start_agent()’ after this line
[ -n "$backingstore" ] && B="-bs $backingstore"
add these lines:
# backingstore = { "when_requested", "always", ... }
[ -n "$backingstore" -a "$ENABLE_2_0_0_BACKEND" != "1" -a "$backingstore" != "1" ] && B="-bs $backingstore"
# backingstore = 1 (new nxclient 2.0.0 doesn't send any strings in the option-string for backingstore anymore)
[ -n "$backingstore" -a "$ENABLE_2_0_0_BACKEND" != "1" -a "$backingstore" = "1" ] && B="+bs"
# backingstore = 1 and 2.0.0-Backend EXPERIMENTAL
[ -n "$backingstore" -a "$ENABLE_2_0_0_BACKEND" = "1" ] && B="-bs $backingstore"
This works using nxclient version 2.0.0-98.
–Predseda3D 15:12 Aug 2, 2006 (BST)
Heavy (100%) CPU load on Windows Vista NX Client:
Some users have reported heavy (100%) CPU loads on the NoMachine NX Windows client when running on Windows Vista. Disabling DirectDraw in the NX client is reported to fix the problem. See here for a discussion:
http://www.centos.org/modules/newbb/viewtopic.php?topic_id=14363&forum=38
5. Misc Notes
If you are installing FreeNX on a remote server, you will also need to install a Desktop environment on the machine in order to run the remote session. An easy to do that for Gnome is to run this command :
yum groupinstall 'GNOME Desktop Environment' 'X Window System'
Note: If you are running CentOS 5, yum groupinstall "GNOME Desktop Environment" may complain about a missing libgaim.so.0. This is a known bug. Please see CentOS-5 FAQ for details.
FreeNX expects to make an ssh connection at 127.0.0.1, i.e., at the local host address. If you haven’t changed your default sshd_config, the sshd daemon will be available at that IP address.
However, if you have modified the ListenAddress lines in /etc/ssh/sshd_config, this can cause a problem. Make sure that sshd is available at 127.0.0.1. This can be checked with
netstat -an |grep 22
The result should be similar to
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 :::22 0.0.0.0:* LISTEN
(The above assumes that you use the default port 22 for ssh connections.) This output indicates that sshd is listening on all addresses.
For various reasons, people sometimes modify sshd_config to listen on a specific address. If you see something like
tcp 192.168.1.20:22 0.0.0.0:* LISTEN
it means the sshd is only listening for connections at the address of 192.168.1.20. This will cause FreeNX connections to fail when they try to connect at 127.0.0.1
To fix this, add another ListenAddress line to /etc/ssh/sshd_config. It should read
ListenAddress 127.0.0.1
(It should be on a separate line from any other ListenAddress entries.)
If remotely connected, use the screen command. You are about to restart sshd which will disconnect a remote ssh session. (There are other ways to restart the sshd daemon without disconnecting yourself, but screen is one of the easiest ones.).
screen
This should give you a command prompt. Restart sshd.
/etc/init.d/sshd restart
Use netstat -an again to check that it is now listening at 127.0.0.1.
netstat -an
You should now see something like
tcp 192.168.1.20:22 0.0.0.0:* LISTEN tcp 127.0.0.1:22 0.0.0.0:* LISTEN
FreeNX will now be able to connect.
相关文章: