On Wed, May 7, 2014 at 4:02 PM, Yasha Karant <[email protected]> wrote: > Thank you for the information on www.nomachine.com, etc. Two points: I was > not confused about the mechanisms and terminology of X windows, but the > university network security czar administrative (not academic) group > evidently was -- I simply "followed instructions" that clearly are > incorrect, and, silly me, did not experiment with simple tests. Second: > does the package you recommend behave *IDENTICALLY* to ssh -X so far as any > network security (ports, protocols, packet headers, etc.) can detect?
It does not. It runs a separate SSH tunneling server on an alternative port, one that has much more graceful server side interfaces to manage the configurations. It requires a client SSH private key to establish the original connection, and this is easily altered on a site by site basis, so it supports a robust 2-fator authentication work mode. It then has a graceful GUI for managing client sessions, setting policies for maximum numbers of clients, whether a client can have two sessions, or whether a client can share their sessions. > Almost all network protocols are blocked by the same security group, > including some internal packet examination that may be able to detect if ssh > -X is not being used. Only ssh -X is "permitted" by this group for remote X > windows, and none of the MS Windows (currently 7) university-wide-supplied > classroom console "workstations" have any X windows servers -- thus I must Why not bring a USB stick with CygWin on it? Or a live DVD to boot with, unless they've locked that down? And a word with them about "NX based X sessions", mentioning the free personal use and better resource management, might be worth educating them about it. See https://www.nomachine.com/AR01L00770 for more details about the relevant ports and services. > bring my research laptop to class to demonstrate any GUI running on a Linux > machine (such as a compute server with a graphical debugger). Of necessity, > we have more control over the protocols, etc., used on the research > networks, but these are not used by any direct instructional facility. > Within our Department (technically, School), our instructional technicians > run our own instructional network (separate from any research network), and > this is more permissive of protocols than the university czar group allows > -- although the czar group has attempted to gain control of, and thus > effectively shut down, our instructional network (that mostly has SL6 > workstations). However, the question I am pursuing is for use in classrooms > outside those we control. > > Yasha Karant OK, I've not tried to install the Windows NX client on removeable media, but that might be a good way to make it work.
