On Wed, May 7, 2014 at 4:02 PM, Yasha Karant <[email protected]> wrote:
Thank you for the information on www.nomachine.com, etc. Two points: I was
not confused about the mechanisms and terminology of X windows, but the
university network security czar administrative (not academic) group
evidently was -- I simply "followed instructions" that clearly are
incorrect, and, silly me, did not experiment with simple tests. Second:
does the package you recommend behave *IDENTICALLY* to ssh -X so far as any
network security (ports, protocols, packet headers, etc.) can detect?
It does not. It runs a separate SSH tunneling server on an alternative
port, one that has much more graceful server side interfaces to manage
the configurations. It requires a client SSH private key to establish
the original connection, and this is easily altered on a site by site
basis, so it supports a robust 2-fator authentication work mode. It
then has a graceful GUI for managing client sessions, setting policies
for maximum numbers of clients, whether a client can have two
sessions, or whether a client can share their sessions.
Almost all network protocols are blocked by the same security group,
including some internal packet examination that may be able to detect if ssh
-X is not being used. Only ssh -X is "permitted" by this group for remote X
windows, and none of the MS Windows (currently 7) university-wide-supplied
classroom console "workstations" have any X windows servers -- thus I must
Why not bring a USB stick with CygWin on it? Or a live DVD to boot
with, unless they've locked that down?
And a word with them about "NX based X sessions", mentioning the free
personal use and better resource management, might be worth educating
them about it. See https://www.nomachine.com/AR01L00770 for more
details about the relevant ports and services.
bring my research laptop to class to demonstrate any GUI running on a Linux
machine (such as a compute server with a graphical debugger). Of necessity,
we have more control over the protocols, etc., used on the research
networks, but these are not used by any direct instructional facility.
Within our Department (technically, School), our instructional technicians
run our own instructional network (separate from any research network), and
this is more permissive of protocols than the university czar group allows
-- although the czar group has attempted to gain control of, and thus
effectively shut down, our instructional network (that mostly has SL6
workstations). However, the question I am pursuing is for use in classrooms
outside those we control.
Yasha Karant
OK, I've not tried to install the Windows NX client on removeable
media, but that might be a good way to make it work.
