Frank Cox wrote:
Normally I use VNC-over-SSH to provide a complete desktop to a remote user.
I'd recommend trying freenx on the server with the free (as in cost) NX client from http://www.nomachine.com (linux/windows/mac clients are available) on the client side. It's much nicer than vnc especially remotely and runs over ssh. It may be good enough to skip the rest of the questions.
Is there a way to provide a single application to a user instead of a complete desktop?
There may be a way to do this with NX but I haven't bothered.
In this case I am looking for a method to provide remote report-viewing access to LedgerSMB for a company's outside accountant. LedgerSMB runs through a web browser (i.e. http://localhost/ledgersmb) so he doesn't need or want remote access to anything other than one instance of Firefox.
In other words, normally the remote users crank up a VNC session and see their full desktop. For this instance I would like to have him see only a Firefox session.
A ssh session like "ssh -X user@remotehost firefox" works.
But it's painfully slow. On the other hand, VNC has a reasonable amount of snap.
The other approach would be to somehow do use some kind of ssh port-forwarding under Firefox so he could run Firefox locally on his own computer, and somehow access http://localhost/ledgersmb on the remote machine. Is there such a thing as a "remote localhost" that would work like that?
Sure, ssh -L80:localhost:80 user@remotehost will let you point your browser at localhost:80 and see remotehost:80 but you have to make sure there are no absolute links with the hostname embedded in the app. You might also run ssh -D 1080 user@remotehost, then configure the local firefox to use a socks proxy at localhost:1080 which will let you access anything the remote server could access (putty -D 1080 works too).
I don't want to open anything other than ssh on the application server to the big scary world.
Https with a client certificate requirement should be as secure, and the setup is a one-time thing.
To complicate things a bit more, the accountant runs Windows on his computer.
Maybe there is a simple way to accomplish this feat and I'm just not seeing it?
Try freenx/NX with an appropriately minimalistic user desktop. I'm not sure I'd use it just to be able to run firefox on windows, but if you have anything that needs native linux GUI access from a windows box it is great. Note that the commercial NX server uses the same default ssh key for the NX user that is included in the client where freenx generates a new key pair during the install, so you have to paste the key from /etc/nxserver/client.id_dsa.key into the client (push the 'key' button during the config setup). After that everything should work the way you expect.