Installing X2Go NX Server on Linux Mint 17.2


  • Service Provider

    Getting the X2Go NX Server running on Linux Mint 17.2 is pretty simple. Just use this process:

    sudo add-apt-repository ppa:x2go/stable
    sudo apt-get update && sudo apt-get install x2goserver x2goserver-xsession
    

    That's it. The server will start itself up.

    Verified on Linux Mint 17.3.



  • @scottalanmiller said:

    X2Go NX Server

    For anyone wondering X2Go " is a Remote Desktop solution, which some vendors vaguely call Remote Control. This is not to be confused with Microsoft Remote Desktop Connection, which is a competing Remote Desktop solution and protocol."


  • Service Provider

    And X2Go is natively secure running over SSH so unlike RDP you don't need to worry about setting up a separate secure tunnel to protect it.



  • I've never used X2Go. How does it compare to NoMachine?


  • Service Provider

    @johnhooks said:

    I've never used X2Go. How does it compare to NoMachine?

    NoMachine is closed source and more limited but uses the NX4 protocol. X2Go is open source and uses the NX3 protocol.



  • It should be mentioned that the X2go system isn't compatible with all of the Mint Desktop environments. If you are having problems, I'd recommend trying the Mate desktop environment...

    sudo apt-get install mint-meta-mate
    

    And make sure you choose that environment when setting up your connection in your X2Go client.


  • Service Provider

    On which desktops have you seen issues?


  • Service Provider

    Just tested and works well on Cinnamon, the standard desktop.



  • Cinnamon does not work at all for me. Using the Windows X2Go client, I cannot see the mouse pointer at all. Using the PyHoca client, I get the desktop icons, but no panel at the bottom of my screen, lol.

    Using Mate, everything works beautifully. I must also add this is a Virtual Box VM that I am connecting to, and Cinnamon works fine when logged in locally at my laptop.


  • Service Provider

    @dafyre said:

    Cinnamon does not work at all for me.

    Are you fully up to date? Are you using the X2Go that came with the OS?


  • Service Provider

    @dafyre said:

    Using the Windows X2Go client, I cannot see the mouse pointer at all. Using the PyHoca client, I get the desktop icons, but no panel at the bottom of my screen, lol.

    OH WAIT!!!

    You mean on the terminal server side, not the local client side. Okay, totally different. And yes, we had Cinnamon issues with ScreenConnect but not with X2Go. But we don't use Cinnamon but use LXDE just because it is lighter and faster over the NX link.



  • Yea on the terminal Server side. I'm using the Pyhoca GUI + Mate. It rocks! And to whoever was complaining about the funky seal looking icon, thta is the Pyhoca GUI, and not the regular X2Go Client app.


  • Service Provider

    Any issues with software rendering and Mate? Mate is the one desktop we never test (Gnome 2 and all that.) You find it superior to LXDE? We find default XFCE to be very wasteful on screen real estate.



  • @scottalanmiller said:

    Any issues with software rendering and Mate? Mate is the one desktop we never test (Gnome 2 and all that.) You find it superior to LXDE? We find default XFCE to be very wasteful on screen real estate.

    I was always a big fan of the old Gnome (before Gnome 3 / Unity and all that). Mate runs plenty fast enough for me from off site, over ZT and a home connection that only has 4mbit upload.

    I really like the Pyhoca GUI, as it can dynamically resize the screen with only a short lag. I can watch videos on youtube (not in full screen, lol) and sound works too (I think). I also like Mate because it is similar in layout to Cinnamon without the hardware requirements for the fancy effects.

    I should probably try out LXDE, I don't recall using that recently.



  • I had the same issue with cinnamon. It would go to fallback mode and then all you had was the application menu and places. I couldn't even log out! But Mate works really well. You get the old Mint Menu design and it works pretty well at least on my LAN. I'm going to test it tomorrow from my parents house over ZeroTier to see how it works over the internet.


  • Service Provider

    @johnhooks said:

    I had the same issue with cinnamon. It would go to fallback mode and then all you had was the application menu and places. I couldn't even log out! But Mate works really well. You get the old Mint Menu design and it works pretty well at least on my LAN. I'm going to test it tomorrow from my parents house over ZeroTier to see how it works over the internet.

    How use ZeroTier? Why not connect directly?



  • @johnhooks It seems to work really well over the internet for me. I love the fact that I can disconnect a session and come back to it later. I've always wanted that for the Linux GUI.



  • @scottalanmiller Because we don't want to poke holes in our router / firewall. :-D ... and we already have ZT going.


  • Service Provider

    Yes, persistent desktops are really nice.



  • @scottalanmiller said:

    @johnhooks said:

    I had the same issue with cinnamon. It would go to fallback mode and then all you had was the application menu and places. I couldn't even log out! But Mate works really well. You get the old Mint Menu design and it works pretty well at least on my LAN. I'm going to test it tomorrow from my parents house over ZeroTier to see how it works over the internet.

    How use ZeroTier? Why not connect directly?

    It's on a VM on the server in my house. I'd either have to port forward or just use ZeroTier.


  • Service Provider

    @dafyre said:

    @scottalanmiller Because we don't want to poke holes in our router / firewall. :-D ... and we already have ZT going.

    But for security, you don't want unnecessary exposure, right?


  • Service Provider

    @johnhooks said:

    It's on a VM on the server in my house. I'd either have to port forward or just use ZeroTier.

    Ah, okay.



  • @scottalanmiller tries to see where you're going with this

    Right. So I'll use my existing ZT Network and not (manually) poke holes in my firewall.


  • Service Provider

    @dafyre said:

    @scottalanmiller tries to see where you're going with this

    Right. So I'll use my existing ZT Network and not (manually) poke holes in my firewall.

    So you are going to expose the whole network to any ransomware / cryptoware risks on your connecting machines? One of the beauties of using a terminal server is providing an air gap to keep the biggest risks from getting through. VPNs are huge risks to networkworks.



  • @scottalanmiller With something like ZeroTier, the LAN is simply spread over larger distances. In that same retrospect, considering any Remote-Desktop-like tool (RDSH / X2Go, et al) there's always a risk that someone can get infected with bad stuff.

    If a user is using X2Go/RDP and connected to my server and they are connected to all their shares, and they get hit with Cryptoware, it doesn't matter that they're on an remote-session, or if they're physically connected to the LAN or by ZT (or VPN), it will still encrypt their files and shares.


  • Service Provider

    @dafyre said:

    @scottalanmiller With something like ZeroTier, the LAN is simply spread over larger distances. In that same retrospect, considering any Remote-Desktop-like tool (RDSH / X2Go, et al) there's always a risk that someone can get infected with bad stuff.

    Not really. If I'm connected to an NX server at a client site, they cannot infect me nor can I infect them. We are firewalled from each other except for the graphical protocol. It's dramatically safer than a VPN.


  • Service Provider

    @dafyre said:

    If a user is using X2Go/RDP and connected to my server and they are connected to all their shares, and they get hit with Cryptoware, it doesn't matter that they're on an remote-session, or if they're physically connected to the LAN or by ZT (or VPN), it will still encrypt their files and shares.

    Well then don't bypass the security by allowing shares to be added making the channel an more generic VPN again. That's not an exposure that you want.

    Any direct LAN, ZT, VPN, etc. connection opens you up to huge exposure.



  • @scottalanmiller said:

    Not really. If I'm connected to an NX server at a client site, they cannot infect me nor can I infect them. We are firewalled from each other except for the graphical protocol. It's dramatically safer than a VPN.

    Right, but an End User can still get themselves infected. (Yes, it's Linux, no, it isn't bullet proof, but you know this already).

    @scottalanmiller said:

    Well then don't bypass the security by allowing shares to be added making the channel an more generic VPN again. That's not an exposure that you want.

    Any direct LAN, ZT, VPN, etc. connection opens you up to huge exposure.

    So I have allowed my end-user to connect to their X2Go / RDP server and say "Here's all your applications" ... but what about their Data?

    If their data lives on file shares, then what? They can have their apps but not their data?
    Okay. Let's use ownCloud... Their files still get encrypted, and we still have to restore them from backups.

    I do not disagree that there is more exposure. But how is this any different than being on a LAN? If my laptop worker is sitting at their desk connected to my LAN, or if they're 500 miles away, connected to my LAN?

    [Maybe this would be good to fork off into its own discussion, lol... Title suggestion: VPN vs Port Forwarding ?].


  • Service Provider

    @dafyre said:

    @scottalanmiller said:

    Not really. If I'm connected to an NX server at a client site, they cannot infect me nor can I infect them. We are firewalled from each other except for the graphical protocol. It's dramatically safer than a VPN.

    Right, but an End User can still get themselves infected. (Yes, it's Linux, no, it isn't bullet proof, but you know this already).

    All the more reason to keep them from infecting everyone else :)


  • Service Provider

    @dafyre said:

    So I have allowed my end-user to connect to their X2Go / RDP server and say "Here's all your applications" ... but what about their Data?

    They access it via the remote session, not the local one.



Looks like your connection to MangoLassi was lost, please wait while we try to reconnect.