Thursday, May 21, 2015

Remote access to linux machines with x2go.


You have a linux desktop somewhere, and you're not there.  It's running a GUI application (like firefox or matlab), how do you access it; with the following criteria;

  1. Easy to use.
  2. Client available for Windows, OSX, Linux.
  3. Able to resume previous sessions.
  4. Free.
  5. Feature rich
  6. Backed by an active open source community.


In order of preference, 1 being most preferable;

  1. Use x2go.  An open source fork of NX and my new favorite.
  2. Use freeNX-server
    It might be ok, but i had issues getting it to work
  3. Run VNC over an (encrypted) ssh tunnel
    slow over high latency networks
    complex to setup for novice users.
  4. Install VNC with vnc4server
    slow over high latency networks
    pretty insecure, you ought to encrypt that traffic.
  5. Use X forwarding over SSH
    very slow
    OSX and Windows clients require an X server install
  6. Use nomachine NX
    Once the poster-child for linux remote access, now gone proprietary.  Noted here for completeness.


x2go.  My new goto toy for quick and simple remote access to linux machines.

Wednesday, May 20, 2015

Understanding SSH agent

Assume the following;

  1. You're on host A
  2. Your SSH public key exists on all hosts, but your private key exists only on A.
  3. You need to get to host C via SSH, key auth only.
  4. You can't ssh from A to C because there's a firewall in the way.
  5. Logically you could A to B to C; but B doesn't have your private key.
  6. B is a shared computer.

The bad way;

  1. Put your ssh private key on B
  2. then ssh from A to B to C.

The correct way;

  1. use ssh agent to cache your private key (and keyphrase)
  2. ssh from A to B to C.

How to use ssh agent;

  1. write the following file to .sshenv
  2. source it when you need to use ssh agent
  3. ssh to B with ssh -A B
  4. from B ssh to C and ssh agent will use your cached private key.

 hoolio@macbook:~$ cat .sshenv  
 function start_agent {  
    echo "Initialising new SSH agent..."  
    /usr/bin/ssh-agent | sed 's/^echo/#echo/' > "${SSH_ENV}"  
    echo succeeded  
    chmod 600 "${SSH_ENV}"  
    . "${SSH_ENV}" > /dev/null  
 # Source SSH settings, if applicable  
 if [ -f "${SSH_ENV}" ]; then  
    . "${SSH_ENV}" > /dev/null  
    #ps ${SSH_AGENT_PID} doesn't work under cywgin  
    ps -ef | grep ${SSH_AGENT_PID} | grep ssh-agent$ > /dev/null || {  

Thursday, May 14, 2015

Easy blog code formatting codeformatter

 $ sestatus  
 SELinux status:         enabled  
 SELinuxfs mount:        /selinux  
 Current mode:          enforcing  
 Mode from config file:     enforcing  
 Policy version:         24  
 Policy from config file:    targeted  

To get code looking like this ^^^;

  1. visit
  2. paste in your source code
  3. copy out the html
  4. switch your blog to html input
  5. paste in the html block
  6. switch back to compose or preview etc.
Thankyou codeformatter!

X forwarding firefox in OSX yosemite

 hoolio@macbook:~$ ssh -Y server  
 Warning: No xauth data; using fake authentication data for X11 forwarding.  
 Last login: Thu May 14 11:03:26 2015 from xxx  
 $ firefox &;  
 [1] 18949  
 $ connect localhost port 6000: Connection refused  
 connect localhost port 6000: Connection refused  
 connect localhost port 6000: Connection refused  
 Error: cannot open display: localhost:0.1  
 [1]+ Exit 1         firefox  

Apparently X is no longer a part of OSX, and you have to install xquartz to get x forwarding again.

 hoolio@macbook:~$ ssh -Y server  
 /opt/X11/bin/xauth: file /Users/hoolio/.Xauthority does not exist  
                                  Last login: Thu May 14 11:39:05 2015 from xxx
 $ firefox &  
 [1] 20620  
  Custom widget with id loop-button does not return a valid node  
  Custom widget with id loop-button does not return a valid node  
 SystemMessageCache: init  

and up pops a firefox window, hooray :)  now it's just working out why its .. so.. slooow....

EDIT: i discovered it's to do with the ssh encryption type.  try this;

 hoolio@macbook:~$ ssh -Y -C -o CompressionLevel=9 -c arcfour,blowfish-cbc server firefox -no-remote  

and DON'T do it over wifi; the double encryption plus inherent X latency make it terribly slow.