Running Remote Applications
X11Forwarding Pros and Cons
Very secure—as secure as SSH.
Simple to configure.
Simple to use.
Works with port forwarding.
Does not require remote GDM or X server to be running.
Safest way to display remote app on other side of firewall to the local display.
Multiple applications with a single connection.
Can work with video.
Potentially very slow compared to VNC and GDM.
Audio doesn't work.
X11 protocol is a bandwidth hog.
XDMCP is the old-school method, and SSH is the safe method. But, the method best integrated into the desktop is Virtual Network Computing (VNC). VNC is a system based on the Remote Frame Buffer protocol from Olivetti Research Labs, which is available for anyone to implement. This protocol isn't based on X11, but lives at a lower level in the Infrastructure layer. This means VNC software can work with any desktop system, including Linux, Windows and Mac OS/X. With VNC, you can display remote Linux desktops next to remote Mac desktops on your local display.
VNC is essentially a protocol definition—it describes how something should work. There are numerous implementations available for Linux systems. Clients are referred to as viewer applications. One open-source implementation is TigerVNC, a fork of the popular TightVNC implementation. TigerVNC offers both server and client viewers and was created to help increase development activity on the project.
GNOME users will find Vino as the default VNC server and Vinagre as the most full-featured client viewer, and they are tightly integrated with the desktop, meaning GNOME provides menu options to configure and enable both the client (Vinagre) and server (Vino).
Unlike XDMCP/GDM and SSH, VNC is not used to launch remote applications for display on the local system. Instead, it is used to view and/or grab control of the remote desktop. Thus, the remote desktop must already be running. Additionally, VNC would not be useful if the remote system were running in headless mode, although Xvnc can remove this restriction also. Xvnc provides a remote “virtual” X server to which VNC clients can connect. Because the remote desktop is virtual, Xvnc also can be used to enable an alternate remote desktop and/or multiple remote desktops, perhaps of different sizes.
The VNC server must be enabled on the remote system for the client viewer to connect to it. The server is configured from GNOME using the System→Preferences→Remote Desktop menu option. The configuration dialog requires enabling desktop sharing, configuring security constraints and setting methods of notification (Figure 3).
Sharing refers to how the desktop will be accessed. Sharing is enabled by allowing remote users to view the desktop and, if desired, allowing them to take control of the desktop. In the latter case, the user of the desktop where the server is enabled will no longer be able to use the desktop while the remote user controls it. For administration of systems on your local network at home, the server should be configured to allow other users to control the desktop.
Under Security, the only option required for home use is specifying a password. This password is not encrypted for Vino or TigerVNC, so this protection is not very helpful outside of a local network protected by a firewall. If the option to confirm each connection is set, every time you use a VNC client viewer to connect to that machine, you also must walk over to that machine to allow the connection. For home use, this option should not be set.
Notifications are a personal preference. Because the idea of VNC, at least for our purposes here, is that the server is on a machine you don't want to be in front of, the notifications are of little use. However, it is helpful to have an icon displayed when a connection is active, in case you forget when one machine is controlling the one you're trying to use.
On the client side, the GNOME Vinagre VNC client viewer is started from Applications→Internet→Remote Desktop Viewer. The Vinagre client looks like any other desktop application (Figure 4), with a menu bar and an obvious Quit option (File→Quit). This is in contrast to, for example, Xephyr for displaying a remote desktop. Vinagre also allows opening connections to multiple remote servers with each remote desktop connection accessed by a tabbed folder (Figure 5). This makes using VNC very convenient and easy to understand, as it uses the usual desktop application widget paradigms.
- Users, Permissions and Multitenant Sites
- New Products
- Flexible Access Control with Squid Proxy
- Security in Three Ds: Detect, Decide and Deny
- High-Availability Storage with HA-LVM
- Tighten Up SSH
- DevOps: Everything You Need to Know
- Solving ODEs on Linux
- Non-Linux FOSS: MenuMeters
- March 2015 Issue of Linux Journal: System Administration