Graphical linux desktop access using NX

This article explains how to connect to a graphical linux desktop within the JASMIN environment using NoMachine NX. It explains:

  • how using a JASMIN-side graphical desktop can improve performance
  • how to set up your connection using the NX enterprise client
  • how to log in and use a graphical desktop session

Note: This is a new service - make sure you read the instructions carefully and bear with us in the case of any teething problems.

Introduction

Using graphical applications over a wide-area network can be very slow, and is not recommended or supported on JASMIN. This new helps by providing a graphical desktop within the JASMIN environment, instead of on the end-user’s local machine at the end of a wide-area network path from JASMIN. A small client application available for you to install on your local machine enables you to connect to specific servers within JASMIN but send graphics output across the network in compressed form, resulting in much better performance.

Via a web browser provided on this graphical desktop, this service also provides a means of accessing web-based resources within JASMIN which are not otherwise visible outside.

The service provides an improved user experience compared to that offered by the alternative X2GO system previously offered on JASMIN, and is strongly recommended over standard X11 graphics.

The following "special" login servers have the NX service available and can be used as described below: 

  • nx-login1.jasmin.ac.uk
  • nx-login2.jasmin.ac.uk (Coming soon: this will be configured with the Contingency config similar to one of the regular login servers, to make it available from clients without reverse DNS lookup)
  • nx-login3.jasmin.ac.uk

Note: In all other respects these are the same as the standard login servers, but should only be used by users connecting with the NX enterprise client as described below. Please do not use them for standard terminal-based SSH connections as this preserves system resources for their intended purpose.

Installing NoMachine Enterprise Client

Download NoMachine Enterprise Client from https://www.nomachine.com/download-enterprise. This page contains links to several different products. The only one you need to install is "NoMachine Enterprise Client".

Versions are available for Windows, Mac and Linux. You may need privileges on your local machine in order to install the software so you may need to ask for help from your local IT helpdesk.

Note that the "enterprise" edition of the NX client is different to the "standard" edition available from the more publicised download link on the NoMachine website: the standard edition contains additional server components to enable remote access to your own machine: perhaps convenient but not something we would recommend by default. The enterprise edition is purely a client to connect to a remote server, which is what we're trying to achieve here for you to be able to access JASMIN.

Remember to check for updates for the enterprise client to ensure you always have the latest stable version. You can configure the application to check for updates (and optionally apply them automatically) by going to Settings / Updates in the menu.

Setting up your connection

As you can see from the following videos, the instruction steps below are very similar for Windows / Mac / Linux, once the enterprise client is installed.

  1. Open the NX client
    1. On Mac and Windows, click the NoMachine Icon
    2. On Linux, the default location for the executable once installed is /usr/NX/nxplayer, so you may want to add this to your path. Your desktop environment may enable you to add an icon to your desktop. 
  2. In the "Recent Connections" window, click "New"
  3. Select "SSH" (rather than "NX") protocol in the pull-down list, click Continue
  4. Enter the name of the host as nx-login1.jasmin.ac.uk (or one of the other machines listed above) and leave the port as 22. Click continue.
  5. Select "Private key" for the authentication method, tick the box for "forward authentication" and click Continue.
    1. Please do not use "Authentication agent" as the authentication method: this may not work universally so is not supported.
    2. Select the location of your private key file on your computer. This may be in a hidden directory e.g. ~/.ssh see Troubleshooting
  6. Select "Don't use a proxy", click Continue
  7. Edit the name of the connection if you wish, click Done

Connecting

  1. Select the connection profile which you just created (by default it will now be highlighted). Click Connect
  2. Enter your JASMIN username and your SSH passphrase. Click OK
  3. Select "Create a new virtual desktop", click Continue
  4. Note the instructions for how to reach the NX menu once in the session, and select screen settings from the list of icons: Recommended setting is "Fit to window" (leftmost icon)
  5. Click OK on this and subsequent screens giving information about the NX and desktop environments.
  6. You should be presented with a linux deskop on  nx-login1.jasmin.ac.uk 
  7. To see the list of sci servers which is normally presented at login (which helps in selected a less-loaded sci server), type the following:
  8. $ cat /etc/motd	

Using the graphical desktop environment

Once you have set up the environment to your liking, you can

  • use the web browser on that system to access web-based resources available only within JAMSIN
  • make SSH connections to other systems within JASMIN such as  sci1.jasmin.ac.uk 
  • if necessary, use a graphical applications on other systems within JASMIN and send the output back to your graphical desktop.
  1. Click "Activities" (top left menu on desktop) 

  2. Click the Firefox icon in the side bar menu to start the Firefox web browser. Use this to access web-based resources only available within JASMIN. Do not use for personal web browsing. To toggle Firefox between taking up the whole of your desktop, and running in a smaller, sizeable window, double-click its title bar (this applies to any windowed application on the desktop).

  3. Click the Terminal icon 

  4. Try an onward SSH connection, for example to a SCI machine.
    $ ssh -AX <username>@sci1.jasmin.ac.uk

    (where <username> should be replaced by your JASMIN username).

  5. Work interactively on a SCI machine as you would normally, but any graphical tools/applications should now work efficiently.

  6. (Example of a graphical application on another machine within JASMIN). Try opening a simple graphical application on sci1.jasmin.ac.ac.uk  with the command:
  7. $ xclock

    (you may find  -AY works if -AX does not).

    You may also get a few warning messages like this, which can safely be ignored:

    Warning: Missing charsets in String to FontSet conversion

    Cancel the graphical application (xclock) with CTRL + c, or use the application's own exit command, if it has one.

    With other graphical applications opened on other servers within JASMIN, you may get warning/error messages like these as they start up: these can safely be ignored. Sometimes an application window can take a few seconds to appear, but should work normally after that.

    Failed to open connection to "session" message bus: /usr/bin/dbus-launch terminated abnormally without any error message
    Running without a11y support!
    Gtk-Message: 08:58:38.169: Failed to load module "pk-gtk-module"
    Gtk-Message: 08:58:38.171: Failed to load module "canberra-gtk-module"
  8. To log out of the virtual desktop, locate the menu top-right, and select your name, then "Log Out"

  9. Notes:

  • The number of "virtual desktops" which can be created per user is limited to 1 in order to preserve system resources.
  • Although in theory sessions and desktop windows should persist when you close down the NoMachine client and when you re-open it to the same connection, you should not rely on this feature.
  • The option to shut down the machine does not work for a "regular" user (only admins). Please just "Log out" instead.

Troubleshooting

  • After the first connection (particularly for Mac users, subsequent connections to the same connection profile sometimes have some symbols keys e.g. @ and " transposed.
    • Watch the following video for how to correct this. Doing as shown leaves a small drop-down choice tool in your Gnome desktop menu so that you can correct the problem if it re-occurs later. The correct choice for the authors's UK Mac was "English (UK, Macintosh), but you may need to experiment with the choices available to match your own keyboard layout. If you click the small keyboard-layout icon (bottom right when viewing the list of choices), you will be shown a preview of that keyboard layout to compare with your own.
  • Please do not try and connect using the proprietary "NX" protocol. Select "SSH" as the protocol. If you mistakenly use "NX" as the protocol you may see an error similar to the following when you try to connect (The correct port for SSH connections is 22):
    A connection timeout has occurred while trying to connect to 'nx-login1.jasmin.ac.uk' on port '4000'. The issue could either be caused by a networking problem, by a firewall or NAT blocking incoming traffic or by a wrong server address. Please verify your configuration and try again.
  • Please use "Private key" as the authentication method, not "Authentication agent", as the former has been found to work more consistently and reliably, particularly for onward connections to other machines.
  • Make sure you have installed and are using the most recent version of the NoMachine Enterprise Client.
  • If you created your SSH private key using the "PuTTYgen" application, and are getting "Authentication failed" for a key pair that you know works OK for simple terminal connections, it could be that you need to convert the private key to "OpenSSH format" for use here. By doing this you would be creating an alternately-formatted version of the same private key, so the public key stays the same (and you don't need to re-upload that to JASMIN).
    • Open PuTTYgen and "Load an existing private key file" (click "Load")
    • Ignore the notice about saving it in PuTTY's own format (this is not useful here) (click "OK")
    • In the PuTTYgen menu, select "Conversions", then "Export OpenSSH key"
    • Save the newly-formatted private key file locally. The passphrase needed to unlock it should not have changed.
    • Use this newly-formatted key file with NoMachine NX.
  • The location of your private key on your local machine may be in a hidden directory for example ~/.ssh. In order to navigate to it to provide the location when setting up your connection profile, you may need to enable the display of hidden directories/files in your local desktop environment first. On a Mac you can do this with the shortcut cmd + shift + .. In Windows this is under File Explorer / View / Hidden Items.