Amazon Web Services Tips


Remote Desktop to an Amazon EC2 Instance

by Jeff Hunter, Sr. Database Administrator



In most cases, the Linux servers I setup as Amazon EC2 instances are used to host the Oracle database software and only require use of the operating system Command-Line Interface (CLI). This is beneficial because I only need register an Amazon Machine Image (AMI) with a Minimal or Basic Server OS installation and can add only those required Linux packages needed to support the database. However, there are situations where I need to access a graphical desktop in order to install or run certain Graphical User Interface (GUI) applications.

This guide provides the steps needed to add the GNOME Desktop to a Red Hat Enterprise Linux 6.2 AMI where the OS was installed without the X Window System. Although there are several options to enable a remote desktop on an EC2 instance, I prefer to use NX Free Edition (FreeNX).

FreeNX is a program which allows users to run remote X11 sessions from clients running on Windows, Linux, Mac OS X and Solaris platforms to servers running, at present, on Linux or Solaris.

This guide assumes you have an Amazon Web Services account and know how to create new EC2 instances from an AMI, key-pairs and security groups within the AWS Management Console.

Add GNOME Desktop and X Window System

The Red Hat Enterprise Linux 6.2 AMI, like most community AMIs, does not include the GNOME Desktop or X Window System software. In this section, the required GUI packages will be installed to the running instance using yum.

Install Desktop Packages

# yum -y groupinstall "Desktop" "Desktop Platform" "X Window System" "Fonts"

You can also install the following optional GUI packages.

# yum -y groupinstall "Graphical Administration Tools" # yum -y groupinstall "Internet Browser" # yum -y groupinstall "General Purpose Desktop" # yum -y groupinstall "Office Suite and Productivity" # yum -y groupinstall "Graphics Creation Tools"

When using yum groupinstall, the groupinstall option only installs default and mandatory packages from the group. There are times when you also want to include optional packages within a group. I have not figured out (yet) how to control which package types to install (group package "policy") from the command-line using yum. The only method I know of to also include optional packages is to edit the /etc/yum.conf file and add the following to the [main] section:

group_package_types=default mandatory optional

The reason I mention this is because I wanted to install "Terminal emulator for the X Window System" (xterm) which is under the group "Legacy X Window System compatibility". xterm happens to be an optional package and did not get installed until I added group_package_types=default mandatory optional to /etc/yum.conf.

# yum -y groupinstall "Legacy X Window System compatibility"

I did find a plug-in for yum that allows users to specify which package types within a package group should be installed when using yum groupinstall.

Enable GNOME

Since the server was previously running on CLI mode, we need to change the initialization process for the machine to boot up in GUI mode.

Open /etc/inittab using a text editor and change following line:




After making the change, reboot the machine.

# init 6

Install NX Free Edition for Linux to Amazon EC2 Instance

In this section, NX Free Edition for Linux - x86_64 will be installed on the EC2 instance.

RHEL EC2 Instance

Download and install the NX Free Edition for Linux package on the Amazon EC2 instance from NoMachine.


Installation of NX Server for Linux requires the download and installation of three packages: client, node and server. The client is needed because it ships libraries used by the node. The node is needed because it ships tools needed by the server. Furthermore, the SSH server daemon (SSHD) needs to be up and running on each of the NX Node machines since NX relies on the mechanism provided by the SSH subsystem for handling user authentication.

# rpm -i nxclient-3.5.0-7.x86_64.rpm # rpm -i nxnode-3.5.0-9.x86_64.rpm # rpm -i nxserver-3.5.0-11.x86_64.rpm


If you intend to support printing from the NX session, you need to set proper permissions on your IPP backend for "IPP CUPS" printing.

# chmod 755 /usr/lib/cups/backend/ipp

The NX service can be controlled by the command /usr/NX/bin/nxserver --status|--start|--stop|--restart. For example,

[root@ip-10-29-162-247 ~]# /usr/NX/bin/nxserver --status NX> 900 Connecting to server ... NX> 110 NX Server is running. NX> 999 Bye.

Additional commands are available to configure the server. Try /usr/NX/bin/nxserver --help for more options. To learn more, download and read the NX Server Administrator's Guide.

Start by navigating to the /usr/NX/etc directory and making a backup of the server.cfg file.

# cd /usr/NX/etc # cp server.cfg server.cfg.backup2

Edit the server.cfg file to enable EnablePasswordDB = "1".

# EnablePasswordDB = "0" EnablePasswordDB = "1"

Modify the /etc/ssh/sshd_config file and sure the following entries are set.

... PasswordAuthentication yes ...

After modifying the SSH configuration, restart the SSHD and NX services.

# service sshd restart # /usr/NX/bin/nxserver --restart

Setup SSH key.

# /usr/NX/bin/nxserver --install --setup-nomachine-key NX> 701 Updating: server at: Sun Jun 10 18:36:10 2012. NX> 701 Autodetected system: redhat. NX> 701 Update log is: /usr/NX/var/log/update. NX> 701 Checking NX server configuration using /usr/NX/etc/server.cfg file. NX> 701 Running: chkconfig to remove init script. NX> 701 Verifying that all init scripts have been removed. NX> 723 Cannot start NX statistics: NX> 709 NX statistics are disabled for this server. NX> 701 Version '3.5.0-11' update completed. NX> 701 Bye.

Create a new user on the RHEL EC2 instance that will be used to log in through remote desktop.

# useradd -m -d /home/jhunter -s /bin/bash jhunter # passwd jhunter

Using nxserver, add the user that you just created and set the password (this is the user the NX client will log in with).

# /usr/NX/bin/nxserver --useradd jhunter NX> 900 Setting password for user: jhunter. NX> 102 Password: xxxxxxxxx NX> 102 Confirm password: xxxxxxxxx NX> 110 Password for user: jhunter added to the NX password DB. NX> 900 Adding public key for user: jhunter to the authorized keys file. NX> 900 Verifying public key authentication for NX user: jhunter. NX> 900 Public key authentication succeeded. NX> 301 User: jhunter enabled in the NX user DB. NX> 999 Bye.

CentOS EC2 Instance

When using CentOS, a version of FreeNX is available from the CentOS Extras repository which is typically shipped with CentOS and enabled by default. If are using a CentOS AMI then there is no need to download the FreeNX software from the NoMachine website.

# yum -y install nx freenx

Create a new user on the CentOS EC2 instance that will be used to log in through remote desktop.

Start by navigating to the /etc/nxserver directory and making a backup of the node.conf file.

# cd /etc/nxserver # cp node.conf node.conf.backup

Edit the node.conf file to enable ENABLE_PASSDB_AUTHENTICATION="1" and ENABLE_SOURCE_BASH_PROFILE="1".

# This adds the passdb to the possible authentication methods #ENABLE_PASSDB_AUTHENTICATION="0" ENABLE_PASSDB_AUTHENTICATION="1" ... # FreeNX with ENABLE_SOURCE_BASH_PROFILE="1" will source the users ~/.bash_profile # before application startup as we are kind of a login shell. # # With this key this behaviour can be enabled (default) or disabled. # ENABLE_SOURCE_BASH_PROFILE="1"

Modify the /etc/ssh/sshd_config file and sure the following entries are set.

... PasswordAuthentication yes ...

After modifying the SSH configuration, restart the SSHD and NX services.

# service sshd restart # nxserver --restart

Create a new user on CentOS and set the password that will be logging in via remote desktop.

# useradd -m -d /home/jhunter -s /bin/bash jhunter # passwd jhunter

Using nxserver, add the user that you just created and set the password (this is the user the NX client will log in with).

# nxserver --adduser jhunter NX> 100 NXSERVER - Version 3.2.0-74-SVN OS (GPL, using backend: not detected) NX> 1000 NXNODE - Version 3.2.0-74-SVN OS (GPL, using backend: not detected) NX> 716 Public key added to: /home/jhunter/.ssh/authorized_keys2 NX> 1001 Bye. NX> 999 Bye # nxserver --passwd jhunter NX> 100 NXSERVER - Version 3.2.0-74-SVN OS (GPL, using backend: not detected) New password: Password changed. NX> 999 Bye

Install NX Client on Your Local Machine

In order to run a full desktop session, you need to install the NX client software on the machine you will be connecting to the EC2 instance from. Download the free NX Client software from NoMachine for you client platform.

NX Client for Windows Install

C:\Software> nxclient-3.5.0-9.exe

Figure 1: NX Client for Windows - Welcome Screen

Figure 2: NX Client for Windows - Select Destination Location

Figure 3: NX Client for Windows - Select Start Menu Folder

Figure 4: NX Client for Windows - Select Additional Tasks

Figure 5: NX Client for Windows - Ready to Install

Figure 6: NX Client for Windows - Installation Complete

Log In to Remote Graphical Desktop using NX

To setup a new remote desktop connection from the client machine, start the NX Connection Wizard using Start > All Programs > NX Client for Windows > NX Connection Wizard.

Figure 7: NX Connection Wizard - Welcome Screen

Fill in the values as shown below. Make sure that you put in your server address in the host field which is the address of your launched instance.

Figure 8: NX Connection Wizard - Session Name

Provide the desktop type appropriate for your environment (i.e. GNOME).

Figure 9: NX Connection Wizard - Select Remote Desktop

Click [Finish] to complete the wizard.

Figure 10: NX Connection Wizard - Wizard Completed

CentOS EC2 Users

In order for freeNX to function securely we need to copy the ssh key from the remote server system to the local machines NoMachine client session.

Log in to the EC2 instance using a terminal session and display the SSH key.

# cat /var/lib/nxserver/home/.ssh/client.id_dsa.key -----BEGIN DSA PRIVATE KEY----- MIIBuwIBAAKBgQD3ReoqSxOnuVli7Acx8hX3VmXWyA/x4/yOLFctqVkJhx2uBLXc ioXHoAAyn8PZKw2Py4253VtQjKiHy8RLkZXRWJ/oLdAngVbNRkilczBSMb/icSYs PETNqTVWrixf72UXsZjBg/e+kXdZpmDzmakv3tT9JljuYANmNOQwOgl2iwIVAISF PbtKi9uBcQMSqECFbm583NkFAoGBAIzXCOFlCU5XfZrtmL7kjRJyW5FAwLiVs62i OC/QHo32XgOQyeoA73SbxymKt7Ls9eeVyBSpuQh1/bVNBDWeNortkgVo/9O/R2re 3Zh0dPPHIkF/Fpowk8+GerDsMv/GUTeGxVosCQnADU6hIeGurH5y9A1JsVR/W99I dRUxk623AoGAB0xHB3PCYNpEQ0gX5cINiru8zJSfTvXPg0rcId/K7q8j20LbJu6O 0QiPg5N8rE7dfORwfqMAkBj2GmsBHFrjlMXZWw7CKAYpbycTUgnt03YTITSjmFtQ dD1Jd67feG8/PG6hZhind6T3euqEzoIRW/vcgKQAMVOjOSzv2DKyBp4CFCXovg9/ Roei4IdnypiuW56+JW/x -----END DSA PRIVATE KEY-----

Open the NX Client for Windows software using Start > All Programs > NX Client for Windows > NX Client for Windows. Select the correct session in the Session pull-down and click the [Configure] button.

Figure 11: NX Client - Edit Session

Under the General tab, click the [Key] button. Clear the previous contents and Paste the contents from the remote system /var/lib/nxserver/home/.ssh/client.id_dsa.key.

Figure 12: NX Client - Paste SSH Key

RHEL and CentOS EC2 Users

Log in to the EC2 instance using the NX Client.

Figure 13: NX Client - Login Dialog

You should now be able to access the GNOME remote desktop.


Figure 14: GNOME Remote Desktop

How to use NX Keyboard Shortcuts

If you want to switch back from a fullscreen session to your native OS desktop, you can click on the 'magic pixel' on the upper right edge of your screen.

Keystrokes Available in NX 3.x

About the Author

Jeffrey Hunter is an Oracle Certified Professional, Java Development Certified Professional, Author, and an Oracle ACE. Jeff currently works as a Senior Database Administrator for The DBA Zone, Inc. located in Pittsburgh, Pennsylvania. His work includes advanced performance tuning, Java and PL/SQL programming, developing high availability solutions, capacity planning, database security, and physical / logical database design in a UNIX / Linux server environment. Jeff's other interests include mathematical encryption theory, tutoring advanced mathematics, programming language processors (compilers and interpreters) in Java and C, LDAP, writing web-based database administration tools, and of course Linux. He has been a Sr. Database Administrator and Software Engineer for over 20 years and maintains his own website site at: Jeff graduated from Stanislaus State University in Turlock, California, with a Bachelor's degree in Computer Science and Mathematics.

Copyright (c) 1998-2017 Jeffrey M. Hunter. All rights reserved.

All articles, scripts and material located at the Internet address of is the copyright of Jeffrey M. Hunter and is protected under copyright laws of the United States. This document may not be hosted on any other site without my express, prior, written permission. Application to host any of the material elsewhere can be made by contacting me at

I have made every effort and taken great care in making sure that the material included on my web site is technically accurate, but I disclaim any and all responsibility for any loss, damage or destruction of data or any other property which may arise from relying on it. I will in no case be liable for any monetary damages arising from such loss, damage or destruction.

Last modified on
Friday, 24-Apr-2015 01:19:12 EDT
Page Count: 104329