On 05/07/2014 05:27 PM, Nico Kadel-Garcia wrote:
> On Wed, May 7, 2014 at 4:02 PM, Yasha Karant <[log in to unmask]> wrote:
>> Thank you for the information on www.nomachine.com, etc. Two points: I was
>> not confused about the mechanisms and terminology of X windows, but the
>> university network security czar administrative (not academic) group
>> evidently was -- I simply "followed instructions" that clearly are
>> incorrect, and, silly me, did not experiment with simple tests. Second:
>> does the package you recommend behave *IDENTICALLY* to ssh -X so far as any
>> network security (ports, protocols, packet headers, etc.) can detect?
> It does not. It runs a separate SSH tunneling server on an alternative
> port, one that has much more graceful server side interfaces to manage
> the configurations. It requires a client SSH private key to establish
> the original connection, and this is easily altered on a site by site
> basis, so it supports a robust 2-fator authentication work mode. It
> then has a graceful GUI for managing client sessions, setting policies
> for maximum numbers of clients, whether a client can have two
> sessions, or whether a client can share their sessions.
>
>> Almost all network protocols are blocked by the same security group,
>> including some internal packet examination that may be able to detect if ssh
>> -X is not being used. Only ssh -X is "permitted" by this group for remote X
>> windows, and none of the MS Windows (currently 7) university-wide-supplied
>> classroom console "workstations" have any X windows servers -- thus I must
> Why not bring a USB stick with CygWin on it? Or a live DVD to boot
> with, unless they've locked that down?
>
> And a word with them about "NX based X sessions", mentioning the free
> personal use and better resource management, might be worth educating
> them about it. See https://www.nomachine.com/AR01L00770 for more
> details about the relevant ports and services.
>
>> bring my research laptop to class to demonstrate any GUI running on a Linux
>> machine (such as a compute server with a graphical debugger). Of necessity,
>> we have more control over the protocols, etc., used on the research
>> networks, but these are not used by any direct instructional facility.
>> Within our Department (technically, School), our instructional technicians
>> run our own instructional network (separate from any research network), and
>> this is more permissive of protocols than the university czar group allows
>> -- although the czar group has attempted to gain control of, and thus
>> effectively shut down, our instructional network (that mostly has SL6
>> workstations). However, the question I am pursuing is for use in classrooms
>> outside those we control.
>>
>> Yasha Karant
> OK, I've not tried to install the Windows NX client on removeable
> media, but that might be a good way to make it work.
The university provided MS Win 7 machines are fully locked down -- to
run gvim so that I could have students see Linux systems programming
sample source code, I had to have one of the university technicians
install gvim. It will work until the next "upgrade" that usually has a
full reformat of the university classroom computer drives. Although I
am a tenured professor who teaches this material (and deos research
involving it), I am not permitted to install software on any
Departmental machine (including those in Departmental classrooms) but
must have a Department technician install any applications, etc., that I
might need. As the Departmental Linux machines do support ssh -X (but
no other protocols -- and the Departmental MS Win machines have no X
servers), I ssh -X to a research machine (for which I do have root
access and have externally funded research support) to access
applications that I need for instructional demonstration as well as
research. A simple example will suffice: so that students can
experience the practical differences between GUI web browsers, I have
firefox, seamonkey, chrome, opera, konqueror, and several others
installed, and show MS Internet Exploder under MS Win 7 under Virtual
Box under Linux. This can be a very instructive demonstration of a
nominally "standards based" interface. However, it cannot be done from
any non-research machine.
|