On Wed, May 7, 2014 at 4:02 PM, Yasha Karant <[log in to unmask]> wrote:
> Thank you for the information on www.nomachine.com, etc. Two points: I was
> not confused about the mechanisms and terminology of X windows, but the
> university network security czar administrative (not academic) group
> evidently was -- I simply "followed instructions" that clearly are
> incorrect, and, silly me, did not experiment with simple tests. Second:
> does the package you recommend behave *IDENTICALLY* to ssh -X so far as any
> network security (ports, protocols, packet headers, etc.) can detect?
It does not. It runs a separate SSH tunneling server on an alternative
port, one that has much more graceful server side interfaces to manage
the configurations. It requires a client SSH private key to establish
the original connection, and this is easily altered on a site by site
basis, so it supports a robust 2-fator authentication work mode. It
then has a graceful GUI for managing client sessions, setting policies
for maximum numbers of clients, whether a client can have two
sessions, or whether a client can share their sessions.
> Almost all network protocols are blocked by the same security group,
> including some internal packet examination that may be able to detect if ssh
> -X is not being used. Only ssh -X is "permitted" by this group for remote X
> windows, and none of the MS Windows (currently 7) university-wide-supplied
> classroom console "workstations" have any X windows servers -- thus I must
Why not bring a USB stick with CygWin on it? Or a live DVD to boot
with, unless they've locked that down?
And a word with them about "NX based X sessions", mentioning the free
personal use and better resource management, might be worth educating
them about it. See https://www.nomachine.com/AR01L00770 for more
details about the relevant ports and services.
> bring my research laptop to class to demonstrate any GUI running on a Linux
> machine (such as a compute server with a graphical debugger). Of necessity,
> we have more control over the protocols, etc., used on the research
> networks, but these are not used by any direct instructional facility.
> Within our Department (technically, School), our instructional technicians
> run our own instructional network (separate from any research network), and
> this is more permissive of protocols than the university czar group allows
> -- although the czar group has attempted to gain control of, and thus
> effectively shut down, our instructional network (that mostly has SL6
> workstations). However, the question I am pursuing is for use in classrooms
> outside those we control.
>
> Yasha Karant
OK, I've not tried to install the Windows NX client on removeable
media, but that might be a good way to make it work.
|