NX through proxy (“tunnel”)
by cs
Say you want to connect to an NX server that is behind a firewall, and some corporate VPN client doesn’t work on your OS.
You have your ssh connections neatly set up to connect through a proxy that is outside the firewall (mine is called “myproxy”). That proxy has netcat (nc) installed. For example, your .ssh/config looks something like this:
Host *
EscapeChar none
ForwardX11 yes
ForwardAgent yes
Host myproxy
HostName myproxy.corporate.com
Host nxcorp1
HostName nxcorp1.corporate.com
ProxyCommand ssh user@myproxy nc %h %p
Host nxcorp2
HostName nxcorp2.corporate.com
ProxyCommand ssh user@myproxy nc %h %p
Host nxcorp3
HostName nxcorp3.corporate.com
ProxyCommand ssh user@myproxy nc %h %p
Now the issue with OpenNX and NoMachine’s own NX client is that they call nxssh in a way that makes it ignore your .ssh/config. So I found this little recipe hidden away in a pdf in the most obscure corner of the internet that forces nxssh to acknowledge .ssh/config. Here’s a summary of that pdf:
If you’re on OS X, the path to nxssh (NXBINPATH) will be /Library/OpenNX/bin. On Linux it’s typically /usr/NX/bin.
First, rename the nxssh binary:
$ cd ${NXBINPATH}
$ sudo mv nxssh nxssh.bin
Then, as sudo create a file called nxssh.csh in that directory with the following contents:
#!/bin/csh -f
set params = ( )
@ i = 0
while ( $i < $#argv )
@ i++
if ( "$argv[$i]:q" == "-E" ) continue
set params = ( $params:q $argv[$i]:q )
end
exec $0:h/nxssh.bin $params:q
Finally, make it executable and create a symbolic link to that file:
$ cd ${NXBINPATH}
$ sudo chmod a+x nxssh.csh
$ sudo ln -s nxssh.csh nxssh
Now in your NX client configuration, use your ssh hostname as defined in .ssh/config for the address:
Setting up a passwordless ssh chain all the way to your NX server will make life much easier.