Persistent Terminals For a Dedicated Computing Box? 288
Theovon writes "I just built a high-end quad-core Linux PC dedicated to number-crunching. Its job is to sit in the corner with no keyboard, mouse, or monitor and do nothing but compute (genetic algorithms, neural nets, and other research). My issue is that I would like to have something like persistent terminal sessions. I've considered using Xvnc in a completely headless configuration (some useful documentation here, here, here, and here). However, for most of my uses, this is overkill. Total waste of memory and compute time. However, if I decided to run FPGA synthesis software under WINE, this will become necessary. Unfortunately, I can't quite figure out how to get persistent X11 session where I'm automatically logged in (or can stay logged in), while maintaining enough security that I don't mind opening the VNC port on my firewall (with a changed port number, of course). I'm also going to check out Xpra, but I've only just heard about it and have no idea how to use it. For the short term, the main need is just terminals. I'd like to be able to connect and see how something is going. One option is to just run things with nohup and then login and 'tail -f' to watch the log file. I've also heard of screen, but I'm unfamiliar with it. Have other Slashdot users encountered this situation? What did you use? What's hard, what's easy, and what works well?"
Terminals mainly? (Score:3, Interesting)
Try conspy [freshmeat.net], very handy utility.
Re:How about NX/nomachine.com? (Score:1, Interesting)
Considering he seems to want number crunching (or at least applications that continue to work when he does not have the window open), does FreeNX's "suspend" allow the programs to continue running or are they all "paused" until you log in again (i.e. screen/vnc behavior or computer suspend/hibernate behavior)?
NX (Score:3, Interesting)
Try NX, http://www.nomachine.com/ [nomachine.com]
It's orders of magnitude faster than VNC or native X11, and supports persistent sessions as you describe...
It also runs over SSH, so it benefits from the inherent security of SSH.
I would never even consider using VNC, entirely pointless... slower than native X11.
nx* = PITA (Score:4, Interesting)
You think VNC is difficult to set up? Well NX is just absurdly complicated. That one time I managed to get it working, it was indeed vastly superior to VNC, but I just can't fucking understand why they have to install their own damn SSH server and keys. Why? WHY???
How come it's not been picked up by any major distribution? Probably because installing it by following the megabyte-long HOWTOs feels like an exercise in computer masochism.
Re:Screen works welll (Score:5, Interesting)
Why not just run it on the console, and connect a KVM with network access to that sucker?
Xvfb (Score:3, Interesting)
I use Xvfb to make a virtual screen on the number cruncher (comes with xorg). I don't need to see the display, it just has to be there for wine. If something goes wrong (error box pops up) and there is no progress I take a screen dump of the vortual screen to see it. This eliminates traffic on the network too.
Re:Yeah it makes sense (Score:3, Interesting)
That's true, but if he's talking about graphics things, there is a LOT that is emulated. Google "DIB engine wine" for a look.
Basically, unless you're using DirectX/OpenGL, windows makes assumptions about the graphics layer that can't be directly done in X. AFAIK (it's hard to understand), many of the earlier windows libraries give the program direct shared access to where they are rendering, but X11 has the program and the actualy framebuffer divided by the X11 layer. Emulating that blows in terms of performance.
If his program is using directX, there is also an emulation layer to convert the calls to opengl.
IANAWH (wine hacker) so I could be off.
Re:Screen works welll (Score:3, Interesting)
If all you are doing is establishing a persistent ssh connection, you may want to think about using dtach [sourceforge.net]. It's the equivalent of vi to emacs. Why use an operating system when all you need is a text editor?
Re:SSH Tunnel to protect VNC (Score:5, Interesting)
No need to open holes in your firewall except for SSH, which is pretty safe to do.
I would strongly disagree with this statement. Because ssh has the ability to do so much, it deserves special attention to security. The default implementation should be tweaked more than a little bit, including disabling password login, changing the port and, please don't forget, disabling ssh1. There are other, more subtle, cryptographic attacks, but even those few changes should make it more secure.
Re:Here is where microsoft nailed it - remote desk (Score:5, Interesting)
[quote]Microsoft's remote desktop simply works better than anything in the unix world[/quote]
Sadly, you're not wrong, even though many will refuse to admit it. There's a bit of NIH syndrome going on here and also a general lack of understanding why neither X nor VNC are as functional as Remote Desktop.
Sun's Secure Global Desktop (previously known as SCO Tarantella) actually compares really well in the Unix world, but it's payware even if you need just 1 or 2 seats - functionality that is included with the OS with Remote Desktop. Sun, do all of us, Unix and yourself a favor, and give this product away. Sell licenses to compete with Terminal Server and Citrix, not with Remote Desktop. Pretty please :)
Re:Sun Rays (Score:3, Interesting)
Uh, the original poster talked about persistent X11 sessions. The Sun Rays are perfect for this. The OP can even have one at home set up to connect to his Sun Ray server at work, detach from the session at the end of the day and reconnect to it from home.
Sun Rays are really one of the coolest technologies to come out of Sun in the last 20 years, but unfortunately, they are such a shift from the norm (and until recently needed Solaris on Sparc for the server) that most companies have no idea of their potential. Sun even has gateways to Citrix so that the same little desktop box can display Solaris, Linux, and Windows apps all at the same time.
Re:Screen works welll (Score:3, Interesting)
Of course you can, and its one of the more useful features of screen.
MultiUser sessions [ualberta.ca]
You configure ACL's per user, allowing you to give someone read access to your screen but not actually giving them control. This works really well for demonstrations.
It's also a very convenient way to demonstrate to another user on the system some sort of odd behavior you're experiencing, or get feedback on something.
As for the security of it, if security was a serious concern you shouldn't run things in a multiuser system let alone deal with permissions. I trust it, but I also trust every user on the machine. YMMV.
Re:SSH Tunnel to protect VNC (Score:2, Interesting)
I made it even more secure, and at the same time got rid of the worms trying to brute force my sshd 40 million times a day... Not that they were likely to succeed, but I dont want my hd to wear down in a year.
So I configured the linux firewall to drop all traffic to port 22. At same time I wrote a small php script that'll insert a firewall rule accepting packets to port 22 from the IP I'm at. Then I simply password protected the php script with .htaccess and voila...
Pretty damn safe ssh access for me when I need it... and no more worms banging on my door :)