Remote graphical access on Nymph
Instructions for Windows 10 and Linux
You need to activate the SSH client before logging in from Windows, see the instructions.
1.
Open the Windows PowerShell (
, hint: you can paste from the clipboard by right-clicking, copy
Enter
), or the Bash shell (
). Set the variable
LOGIN
(in the command below, replace "xlogin" with your faculty login):
-
Windows
PS C:\Users\user> $LOGIN="xlogin"
-
Linux
local$ LOGIN=xlogin
2.
Randomly select one of the permanently running Nymphs and also the port to use for VNC:
-
Windows
PS C:\Users\user> $NN= "0" + $(Get-Random -Maximum 3 -Minimum 1) PS C:\Users\user> $LC_PORT = $((5900 + $(Get-Random -Maximum 100))) PS C:\Users\user> echo $LC_PORT
Make a note of the port number for later use.
-
Linux
local$ NN=0$((RANDOM % 2 + 1)) && \
export LC_PORT=$((5900 + RANDOM % 100)) && \
echo $LC_PORT >/tmp/fi-nymfe-vnc-port
3.
The Nymfe machines are only accessible from the FI network, so you will need to log in via Aisu. We will connect via SSH, turn on compression, and create a tunnel. You will need to enter the password twice (unless you are using an SSH key), and you will also need to confirm the SSH key the first time you connect.
Alternatively, you can use a faculty VPN- then there is no need to use jump host when logging in via SSH.
-
Windows
SSH in Windows has a bug (written in February 2020) that makes the
-J
(jump host) switch not work. However, this can be worked around by using theconfig
configuration file in the home directory under the.ssh
folder.Create a file
C:\Users\user\.ssh\config
("user" is your Windows user) with the following content (replace "XLOGIN" with your faculty login):Host nymfe*.fi.muni.cz ProxyCommand C:\Windows\System32\OpenSSH\ssh.exe XLOGIN@aisa.fi.muni.cz -W %h:%p
We can now connect:
PS C:\Users\user> ssh -C $LOGIN@nymfe$NN.fi.muni.cz -L $LC_PORT":localhost:"$LC_PORT
-
Linux
local$ ssh -CJ $LOGIN@{aisa,nymfe$NN}.fi.muni.cz -L $LC_PORT:localhost:$LC_PORT -o SendEnv=LC_PORT
4.
Set a random VNC password (this is appropriate due to the possibility of a brute force attack while the VNC server is running), make a note of the password. You only need to do this step once the first time you use this tutorial, but you can also repeat it each time.
nymfe$ { pwgen 8 1 | tee /dev/std{out,err}; echo n; } | vncpasswd; echo
5.
Secure the graphical session type settings (this step does not need to be repeated):
nymfe$ test -f ~/.dmrc || echo -e "[Desktop]\nSession=default" >~/.dmrc
6.
Create a session
x11vnc
including the creation of a new X server. You can resize the remote desktop by editing the
-geometry
parameter. Variable forwarding does not work from Windows (
), so
replace "$LC_PORT" in the command with the port number you obtained in step
2.
nymfe$ x11vnc -auth .Xauthority -N -localhost -rfbport $LC_PORT -usepw -create -geometry 1280x1024
Do not close the terminal window.
7.
Connect from your machine to Nymfe using the VNC client (use the password from step 4):
-
Windows
For Windows, you can download e.g. Real VNC Viewer (you can also select the standalone version without installation).
Address:
localhost:LC_PORT
("LC_PORT" replace the port number from step 2).Don't be alarmed by the warning about the unencrypted connection, the connection from your machine to Nymfe is encrypted thanks to the SSH tunnel.
-
Linux
local$ vinagre localhost:$(cat /tmp/fi-nymfe-vnc-port)
Note: If you only see a black background with a white terminal (
xterm
), there is probably a problem with the session settings. In this case, try to start it manually via this terminal:
xterm$ gnome-session
Correct session termination
- Log out of the Gnome session, which will terminate the VNC client as well as the VNC and X server (it may take a while, estimated 20 seconds, before you get the Log Out: wait prompt)
- if the step above fails for some reason, exit
x11vnc
with the shortcutCtrl-C
and rungnome-session-quit --force --logout
- in any case, check for any leftover processes and kill them (
ps ux
,kill PID
, or if you don't have any other graphics processes running on your machine,systemctl --user stop dbus ssh-agent gpg-agent
may also help )