Server-based computing with the free X2Go terminal server
Completely Open Source
X2Go is not compatible with LTSP or NX, but goes its own way. The project wants to avoid the need to integrate applications for file or media shares in the server and client; thus, it relies on solutions such as FUSE and SSHFS, which are both maintained by other parties. All the components are open source, and the full source code is available for download from the project's homepage.
The three X2Go clients differ only slightly with respect to functionality, although they rely on different libraries. The Qt 4 client in Figure 3 runs on Linux, Windows, Mac OS X, and Maemo, and – just like its new Gtk counterpart (Figure 4) – either as a full-screen display manager in the style of XDM or as a standalone application. In both cases, administrators either can allow individual configurations or tell X2Go to use a central LDAP server.
All graphical clients follow the same usability concept (see Figures 2--4). The widget set used here was dubbed Cardview and uses a business card-style approach.
Sessions, users, and configurations are configurable via drop-down lists and pop-ups in this view, without the need to switch to an admin tool. However, if an LDAP server is used to manage user and configuration data, a client-side configuration is not needed; the tool simply shows a list of users allowed to log on from the current system.
Windows and CLI
The X2Go client can be configured via a simple desktop program that is reminiscent of a physical terminal server client. Again access to a central LDAP directory is possible, and on top of this, users can access other servers and resize and hide the window during use. The third option is a flexible command-line client, x2goclient-cli, which is best suited for launching from other programs.
In contrast, the new Gtk client is designed for Gnome and Linux users who want to avoid Qt-based programs and KDE. It was implemented natively and does completely without Qt dependencies. Officially, this client was still under development when this issue went to press, although no bugs are currently known.
SSHFS, NX, and Local Media
Client programs are not restricted to connecting to the graphical display on the X2Go server but can also connect the local filesystem with the server and redirect the server's sound output to the client machine.
The SSH port 22 and the X2Go tunnel are all it takes to access the server. But in contrast to NoMachine, the project uses SSHFS for file transfers, relying on the packages maintained by the distribution for this.
X2Go uses Udev to support local mass storage devices, such as CD-ROMs, and automatically connects them to the server. For computers that do not have a hardware key to eject media, the desktop displays an icon that forwards the commands to the client; this feature is important for Mac clients.
While a session is running, users can share additional directories (Figure 5). X2Go automatically adds them to the desktop like statically configured filesystem shares and adds entries for unmounting to the drop-down menu.
Besides simple username and password-based logins, X2Go also supports Sun-style flexible sessions to go, including smartcard or USB stick-based authentication. However, there is no alternative to a crypto filesystem on the USB stick; otherwise, users that gain access to a lost stick could simply read the ID number.
Admins in professional environments will probably want to opt for the security of a smartcard instead, the advantage being that the smartcard calculates the ID rather than storing it.
Cherry keyboards with integrated card readers are a good choice of hardware, as are attractively priced devices by Towitoko, or any other Class 1 card reader (or better) that supports OpenPGP card .
Buy this article as PDF
VMware bids for a stake in the container industry with a bold effort to integrate containers with its classic virtualization system.
3ROS attack tool lowers the technical bar so anyone can be an intruder.
Mozilla's latest browser offers powerful new privacy feature
If attackers are on your system, saving your passwords in a password vault is no protection.
Faulty hash algorithm persists, despite efforts by experts to raise awareness.
Powerful man-in-the-middle attack is now targeting online shopping.
Another high-profile coder says the kernel team needs a kinder, gentler culture.
Bug database has a bug of its own that could allow an intruder to create an unauthorized account.
Report focuses federal resources on achieving universal Internet access.
Leading browser makers say “no” to porous encryption algorithm