Graphical linux desktop access using NX
This article explains how to connect to a graphical linux desktop within the JASMIN environment using NoMachine NX. It explains:
- how using a JASMIN-side graphical desktop can improve performance
- how to set up your connection using the NX enterprise client
- how to log in and use a graphical desktop session
Note: This is a new service - make sure you read the instructions carefully and bear with us in the case of any teething problems.
Using graphical applications over a wide-area network can be very slow, and is not recommended or supported on JASMIN. This service helps by providing a graphical desktop within the JASMIN environment, instead of on the end-user’s local machine at the end of a wide-area network path from JASMIN. A small client application available for you to install on your local machine enables you to connect to specific servers within JASMIN but send graphics output across the network in compressed form, resulting in much better performance.
Via a web browser provided on this graphical desktop, this service also provides a means of accessing web-based resources within JASMIN which are not otherwise visible outside.
The service provides an improved user experience compared to that offered by the alternative X2GO system previously offered on JASMIN, and is strongly recommended over standard X11 graphics.
The following "special" login servers have the NX service available and can be used as described below:
nx-login2.jasmin.ac.uk(Contingency config similar to
login2.jasmin.ac.uk, to make it available from clients without reverse DNS lookup to a domain in the JASMIN allow-list. Use this option if you need to connect from home and do not have an institutional VPN available)
Note: In all other respects these are the same as the standard login servers, but should only be used by users connecting with the NX enterprise client as described below. Please do not use them for standard terminal-based SSH connections as this preserves system resources for their intended purpose.
Installing NoMachine Enterprise Client
Download the appropriate version of the NoMachine Enterprise Client from NoMachine. This page contains links to several different products. The only one you need to install is "NoMachine Enterprise Client".
Versions are available for Windows, Mac and Linux. You may need privileges on your local machine in order to install the software so you may need to ask for help from your local IT helpdesk.
Note that "Nomachine Enterprise Client" is a different application to the "Nomachine Enterprise Desktop" available from the more publicised download link on the NoMachine website, or other applications in the NoMachine suite: the desktop edition contains additional components to enable remote access to your own (e.g. desktop) machine from a remote location: perhaps convenient but not what we are trying to enable for you here.
The NoMachine Enterprise Client is purely a client to connect to a remote server: in our case the server is at the JASMIN end, providing an additional (graphical desktop) interface to JASMIN.
Remember to check for updates for the enterprise client to ensure you always have the latest stable version. You can configure the application to check for updates (and optionally apply them automatically) by going to Settings / Updates in the menu.
Setting up your connection
As you can see from the following videos, the instruction steps below are very similar for Windows / Mac / Linux, once the enterprise client is installed. Note that the interface may look slightly different depending on which version number of the client you have installed (we can't promise to keep the videos up to date with every new version, unfortunately!)
Instructions for v7.x clients: (v6.x clients look slightly different hence slightly different steps, but same concept overall)
- Open the NX client
- On Mac and Windows, click the NoMachine Icon
- On Linux, the default location for the executable once installed is
/usr/NX/bin/nxplayer, so you may want to add this to your path. Your desktop environment may enable you to add an icon to your desktop.
- In the "Machines" view, select "Add"
- You're now in the "Address" tab. Type a name for this connection profile, and the full hostname, e.g.
nx-login1.jasmin.ac.uk. Set the Protocol to "SSH", which will change the port to 22.
- Go to the "Configuration" tab.
- Choose "Use key-based authentication with a key you provide", then click the Modify button to the right.
- The default is "Use password authentication": this generally doesn't work so we don't support this.
- Use the button to the right to navigate to your private key, or type the path in the box.
- Your private key may be in a hidden directory e.g.
- Your private key may be in a hidden directory e.g.
- Make sure you tick the box "Forward Authentication" **IMPORTANT**
- Go back to the Address Tab and press Connect (top right) if all looks correct.
- You may find that it has now forgotten where you're private key is, so repeat steps 4 & 5. [This appears to be a bug!]
- Click "Connect" then follow the steps below in "Connecting".
- Enter your JASMIN username and your SSH passphrase. Click OK
- Select "Create a new virtual desktop", click Continue
- Note the instructions for how to reach the NX menu once in the session, and select screen settings from the list of icons: Recommended setting is "Fit to window" (leftmost icon)
- Click OK on this and subsequent screens giving information about the NX and desktop environments.
- You should be presented with a linux deskop on
- Click "Activities" (top left menu on desktop)
- Open a terminal window by clicking the "Terminal" icon in the menu down the left hand side.
- To see the list of sci servers which is normally presented at login (which helps in selected a less-loaded sci server), type the following:
$ cat /etc/motd
Using the graphical desktop environment
Once you have set up the environment to your liking, you can
- use the web browser on that system to access web-based resources available only within JAMSIN
- make SSH connections to other systems within JASMIN such as
- if necessary, use a graphical applications on other systems within JASMIN and send the output back to your graphical desktop.
- Click "Activities" (top left menu on desktop)
- Click the Firefox icon in the side bar menu to start the Firefox web browser. Use this to access web-based resources only available within JASMIN. Do not use for personal web browsing. To toggle Firefox between taking up the whole of your desktop, and running in a smaller, sizeable window, double-click its title bar (this applies to any windowed application on the desktop).
- Click the Terminal icon
- Try an onward SSH connection, for example to a SCI machine.
$ ssh -AX <username>@sci1.jasmin.ac.uk<br>
<username>should be replaced by your JASMIN username).
Work interactively on a SCI machine as you would normally, but any graphical tools/applications should now work efficiently.
- (Example of a graphical application on another machine within JASMIN). Try opening a simple graphical application on
sci1.jasmin.ac.ac.ukwith the command:
- To log out of the virtual desktop, locate the menu top-right, and select your name, then "Log Out"
(you may find
-AY works if
-AX does not).
You may also get a few warning messages like this, which can safely be ignored:
Warning: Missing charsets in String to FontSet conversion<br>
Cancel the graphical application (xclock) with
CTRL + c, or use the application's own exit command, if it has one.
With other graphical applications opened on other servers within JASMIN, you may get warning/error messages like these as they start up: these can safely be ignored. Sometimes an application window can take a few seconds to appear, but should work normally after that.
Failed to open connection to "session" message bus: /usr/bin/dbus-launch terminated abnormally without any error message Running without a11y support! Gtk-Message: 08:58:38.169: Failed to load module "pk-gtk-module" Gtk-Message: 08:58:38.171: Failed to load module "canberra-gtk-module"<br>
- The number of "virtual desktops" which can be created per user is limited to 1 in order to preserve system resources.
- Although in theory sessions and desktop windows should persist when you close down the NoMachine client and when you re-open it to the same connection, you should not rely on this feature.
- The option to shut down the machine does not work for a "regular" user (only admins). Please just "Log out" instead.
- After the first connection (particularly for Mac users, subsequent connections to the same connection profile sometimes have some symbols keys e.g.
- Watch the following video for how to correct this. Doing as shown leaves a small drop-down choice tool in your Gnome desktop menu so that you can correct the problem if it re-occurs later. The correct choice for the author's UK Mac was "English (UK, Macintosh)", but you may need to experiment with the choices available to match your own keyboard layout. If you click the small keyboard-layout icon (bottom right when viewing the list of choices), you will be shown a preview of that keyboard layout to compare with your own.
- Please do not try and connect using the proprietary "NX" protocol. Select "SSH" as the protocol. If you mistakenly use "NX" as the protocol you may see an error similar to the following when you try to connect (The correct port for SSH connections is 22):
A connection timeout has occurred while trying to connect to 'nx-login1.jasmin.ac.uk' on port '4000'. The issue could either be caused by a networking problem, by a firewall or NAT blocking incoming traffic or by a wrong server address. Please verify your configuration and try again.<br>
- Please use "Private key" as the authentication method, not "Authentication agent", as the former has been found to work more consistently and reliably, particularly for onward connections to other machines.
- Make sure you have installed and are using the most recent version of the NoMachine Enterprise Client (not the NoMachine Enterprise Desktop or any other applications from NoMachine).
- If you created your SSH private key using the "PuTTYgen" application, and are getting "Authentication failed" for a key pair that you know works OK for simple terminal connections, it could be that you need to convert the private key to "OpenSSH format" for use here. By doing this you would be creating an alternately-formatted version of the same private key, so the public key stays the same (and you don't need to re-upload that to JASMIN).
- Open PuTTYgen and "Load an existing private key file" (click "Load")
- Ignore the notice about saving it in PuTTY's own format (this is not useful here) (click "OK")
- In the PuTTYgen menu, select "Conversions", then "Export OpenSSH key"
- Save the newly-formatted private key file locally. The passphrase needed to unlock it should not have changed.
- Use this newly-formatted key file with NoMachine NX.
- Be sure to use the PASSPHRASE associated with your SSH private key, and not the PASSWORD associated with your JASMIN account, when prompted using the NX client.
- The location of your private key on your local machine may be in a hidden directory for example
~/.ssh. In order to navigate to it to provide the location when setting up your connection profile, you may need to enable the display of hidden directories/files in your local desktop environment first. On a Mac you can do this with the shortcut
cmd + shift + .. In Windows this is under File Explorer / View / Hidden Items. It's also possible that your home directory itself (normally
/Users/<username>) is not configured to be displayed by default in
Finder. If this is case, go to Finder / Preferences / Sidebar / Show these items and tick the box next to the item representing your username: this should make it appear, and
.sshshould be a subdirectory of this.
- (Windows users) If, using the same private key, you can successfully connect to
nx-login2.jasmin.ac.ukfrom MobaXterm but NOT from the NoMachine NX client ("Authentication Failed"), then try following the steps below this has solved the issue in recent cases:
- Unload your private key from MobaXterm (MobaXterm / Settings / Configuration / SSH)
- Remove the private and public key files from the directory where you stored them (
id_rsa_jasmin.pub, respectively). Note that a path like
/drives/c/Users/fredin the MobaXterm terminal.
- Make yourself a new public key. Navigate using MobaXterm terminal ("start local terminal") to the directory where you stored your old key, then use this command. Don't forget to set a strong passphrase.
ssh-keygen -t rsa -b 2048 -C "email@example.com" -f id_rsa_jasmin
- Use the MobaXterm / Settings / Config / SSH tool to load the new private key (the file
id_rsa_jasmin) & restart MobaXterm: you should be prompted for the passphrase on restart.
- Go to your jasmin account profile and upload new public key
- you will need the authentication token sent to your registered email address (check junk folder)
- copy & paste the contents of the
id_rsa_jasmin.pubfile into the space provided. Make sure it's the .pub file, not the private key!
- you will need to wait 10-15 mins for the new key to be propagated to all parts of the JASMIN system
- Try a connection from a MobaXterm terminal window as you did before.
- If successful, make yourself a new NX connection profile, pointing to the new private key
- You should now be able to connect.
- For occasions where "it worked last time I tried to connect, but now doesn't", the time-honoured IT support advice of "turning it off and on again" is applicable: try restarting your local machine where the NX client is running, as this can sometimes clear issues with the client, your machine or your network connection. Don't forget to re-connect via your VPN if available.
- We have had reports of problems with the v7 Windows client with "forward authentication" enabled, but this is required for onward connection to other machines. If this happens, try:
- Uninstalling the v7 client client
- Deleting the
C:\Users\<username>\.nxdirectory on your machine
- Re-installing and trying again.