HOWTO Configure remote desktop sessions on Linux

HOWTO Configure remote desktop sessions on Linux

From Consultancy.EdVoncken.NET

Jump to: navigation, search


The X Window System

Linux / Unix

On Linux / Unix, the X Window System already offers remote graphical access. In other words, the software can run on a different machine than the desktop display. For Microsoft Windows users, this may seem a bit strange but it is quite normal on Unix systems.

The current version of X Window, X11, uses a client/server architecture. At first it may seem that X11 has got the names wrong:

  • Your local workstation is called the "X Server"
  • The big machine in the server room is called the "X Client"

Actually, these names are quite correct: remember that a server waits for connections (from a client), while a client initiates connections (to a server).

It is the same with X11: the X Server offers display services, and waits for X Clients that wish to use these services.

Some well-known X Clients are:

  • xterm
  • xeyes
  • firefox

What about other platforms?

If you run Linux or Unix (for example Mac OS X) on your workstation, you should already have an X11 server.

On other platforms, most notably MS Windows, you will need to install your own X Server. Commercial and free software exists, for example:

Alternatively, the X11 protocol can be translated into something else that is more easily understood (VNC), or performs better on slow networks (NX).

Option A: Setting the DISPLAY variable

The simplest and least secure form uses the DISPLAY environment variable:

 bigmachine$ export DISPLAY=workstation.example.local
 bigmachine$ xterm &

If all is well, you should see an xterm window appearing on your workstation. In practice, you may need to permit access to your X Server using the "xhost" command:

 workstation$ xhost +bigmachine.example.local


This configuration is still used quite extensively, mainly in enterprise environments. The disadvantages are:

  • Unencrypted X11 traffic on the network, passwords can be snooped
  • Complicated login-scripts are needed to set the DISPLAY variable, depending on your current workstation
  • Inefficient use of bandwidth; mainly a concern over slower WAN links

Option B:Secure Shell X11 Forwarding

A greatly improved configuration uses SSH, or Secure Shell, to set up an encrypted tunnel for all X11 traffic.

 workstation$ ssh -X bigmachine.example.local
 bigmachine$ xterm &

As you can see, no more messing about with DISPLAY variables - this is all handled by Secure Shell. The DISPLAY variable is still used, but it is automatically set by SSH. Usually, you will find that DISPLAY is set at localhost:10.0 or something similar.

Note: Do NOT set the DISPLAY variable yourself - or you may inadvertently bypass the secure X11 tunnel!


This configuration has several advantages over the "DIY DISPLAY" approach above.

  • All X11 traffic is encrypted through the Secure Shell tunnel
  • No more login-scripts with complicated DISPLAY variable magic

It may also improve performance slightly, as SSH normally compresses data before transmission.

Option C: VNC Server

Virtual Network Computing is a a GUI sharing system that uses the Remote Frame Buffer (RFB) protocol to remotely control another computer. Clients are available on most popular computer platforms, including Linux, Mac OS X and MS Windows.

The protocol is not encrypted, and should be used only with an SSH tunnel or VPN connection.

For more information, please read: HOWTO Configure VNC Server on RHEL5 / CentOS 5.

Option D: NX Server

Nomachine NX offers X11 compression that is quite usable even on low-bandwidth, high-latency network connections.

Several implementations exist, both commercial and Open Source.

For more information, please read: HOWTO Configure NX Server on RHEL5 / CentOS 5.