Server-based computing with the free X2Go terminal server
Completely Open Source
X2Go is not compatible with LTSP or NX, but goes its own way. The project wants to avoid the need to integrate applications for file or media shares in the server and client; thus, it relies on solutions such as FUSE and SSHFS, which are both maintained by other parties. All the components are open source, and the full source code is available for download from the project's homepage.
The three X2Go clients differ only slightly with respect to functionality, although they rely on different libraries. The Qt 4 client in Figure 3 runs on Linux, Windows, Mac OS X, and Maemo, and – just like its new Gtk counterpart (Figure 4) – either as a full-screen display manager in the style of XDM or as a standalone application. In both cases, administrators either can allow individual configurations or tell X2Go to use a central LDAP server.
All graphical clients follow the same usability concept (see Figures 2--4). The widget set used here was dubbed Cardview and uses a business card-style approach.
Sessions, users, and configurations are configurable via drop-down lists and pop-ups in this view, without the need to switch to an admin tool. However, if an LDAP server is used to manage user and configuration data, a client-side configuration is not needed; the tool simply shows a list of users allowed to log on from the current system.
Windows and CLI
The X2Go client can be configured via a simple desktop program that is reminiscent of a physical terminal server client. Again access to a central LDAP directory is possible, and on top of this, users can access other servers and resize and hide the window during use. The third option is a flexible command-line client, x2goclient-cli, which is best suited for launching from other programs.
In contrast, the new Gtk client is designed for Gnome and Linux users who want to avoid Qt-based programs and KDE. It was implemented natively and does completely without Qt dependencies. Officially, this client was still under development when this issue went to press, although no bugs are currently known.
SSHFS, NX, and Local Media
Client programs are not restricted to connecting to the graphical display on the X2Go server but can also connect the local filesystem with the server and redirect the server's sound output to the client machine.
The SSH port 22 and the X2Go tunnel are all it takes to access the server. But in contrast to NoMachine, the project uses SSHFS for file transfers, relying on the packages maintained by the distribution for this.
X2Go uses Udev to support local mass storage devices, such as CD-ROMs, and automatically connects them to the server. For computers that do not have a hardware key to eject media, the desktop displays an icon that forwards the commands to the client; this feature is important for Mac clients.
While a session is running, users can share additional directories (Figure 5). X2Go automatically adds them to the desktop like statically configured filesystem shares and adds entries for unmounting to the drop-down menu.
Besides simple username and password-based logins, X2Go also supports Sun-style flexible sessions to go, including smartcard or USB stick-based authentication. However, there is no alternative to a crypto filesystem on the USB stick; otherwise, users that gain access to a lost stick could simply read the ID number.
Admins in professional environments will probably want to opt for the security of a smartcard instead, the advantage being that the smartcard calculates the ID rather than storing it.
Cherry keyboards with integrated card readers are a good choice of hardware, as are attractively priced devices by Towitoko, or any other Class 1 card reader (or better) that supports OpenPGP card .
Buy this article as PDF
Lennart Poettering wants to change the way Linux developers talk to each other.
Enterprise giant frees itself from ink and home PCs (and visa versa).
Mozilla’s product think tank sinks silently into history.
TODO group will focus on open source tools in large-scale environments.
New tool will look like GParted but support a wider range of storage technologies.
New public key pinning feature will help prevent man-in-the-middle attacks.
Carnegie Mellon researchers say 3 million pages could fall down the phishing hole in the next year.
The US government rolls new best-practice rules for protecting SSH.
Klaus Knopper announces the latest version of his iconic Live Linux system.
All websites that use these popular CMS tools could be vulnerable to denial of service attacks if users don't install the updates.