[CentOS] vnc - single application or a "remote localhost" on Firefox

Wed Aug 12 19:48:42 UTC 2009
Les Mikesell <lesmikesell at gmail.com>

Frank Cox wrote:
> Normally I use VNC-over-SSH to provide a complete desktop to a remote user.

I'd recommend trying freenx on the server with the free (as in cost) NX 
client from http://www.nomachine.com (linux/windows/mac clients are 
available) on the client side.  It's much nicer than vnc especially 
remotely and runs over ssh.  It may be good enough to skip the rest of 
the questions.

> Is there a way to provide a single application to a user instead of a complete
> desktop?

There may be a way to do this with NX but I haven't bothered.

> In this case I am looking for a method to provide remote report-viewing access
> to LedgerSMB for a company's outside accountant.  LedgerSMB runs through a web
> browser (i.e. http://localhost/ledgersmb) so he doesn't need or want
> remote access to anything other than one instance of Firefox.
> 
> In other words, normally the remote users crank up a VNC session and see their
> full desktop.  For this instance I would like to have him see only a Firefox
> session.
> 
> A ssh session like "ssh -X user at remotehost firefox" works.
> 
> But it's painfully slow.  On the other hand, VNC has a reasonable amount of
> snap.
> 
> The other approach would be to somehow do use some kind of ssh port-forwarding
> under Firefox so he could run Firefox locally on his own computer, and somehow
> access http://localhost/ledgersmb on the remote machine.  Is there such a thing
> as a "remote localhost" that would work like that?

Sure, ssh -L80:localhost:80 user at remotehost will let you point your 
browser at localhost:80 and see remotehost:80 but you have to make sure 
there are no absolute links with the hostname embedded in the app.  You 
might also run ssh -D 1080 user at remotehost, then configure the local 
firefox to use a socks proxy at localhost:1080 which will let you access 
anything the remote server could access (putty -D 1080 works too).

> I don't want to open anything other than ssh on the application server to the
> big scary world.

Https with a client certificate requirement should be as secure, and the 
setup is a one-time thing.

> To complicate things a bit more, the accountant runs Windows on his computer.
> 
> Maybe there is a simple way to accomplish this feat and I'm just not seeing it?

Try freenx/NX with an appropriately minimalistic user desktop.  I'm not 
sure I'd use it just to be able to run firefox on windows, but if you 
have anything that needs native linux GUI access from a windows box it 
is great.  Note that the commercial NX server uses the same default ssh 
key for the NX user that is included in the client where freenx 
generates a new key pair during the install, so you have to paste the 
key from /etc/nxserver/client.id_dsa.key into the client (push the 'key' 
button during the config setup).  After that everything should work the 
way you expect.

-- 
    Les Mikesell
     lesmikesell at gmail.com