Which software to use to get easy access to your Linux Remote Desktop?
Image Source: Pexels
With the rapidly changing workflows and remote work becoming a staple, companies look for solutions to provide their employees and partners a decent work infrastructure while they are working remotely, while maintaining a centralized IT crew that can attend to the users at a fast pace, with minimum downtime.
Global Workplace Analytics forecasts that 56% of jobs in the United States will have various aspects of remote work in the upcoming years. It is expensive to buy equipment and to provide support to every remote worker. The BYOD philosophy may help to cut down some costs, but security issues, hardware, and software incompatibility, and other problems may arise from this practice. Besides, imagine you are investigating how to troubleshoot multiple issues for the IT team.
Linux remote desktop with third-party software help can greatly assist in centralizing your IT crew while providing a standard desktop experience for all your employees and partners. Even if your employees are not working remotely, a centralized remote desktop server could ensure you fewer maintenance costs because you could use simple computers as clients to access powerful centralized servers. For those reasons, you should consider remote desktop software instead of only providing standalone devices that may be difficult to manage when they are being used remotely.
Let’s explore the concept of remote access in more detail and find the best ways to seamlessly access your Linux remote desktop.
What does it mean to connect remotely to Linux, and what does it mean Linux remote desktop client?
Image source: Freepik
The basic definition of remotely connecting to Linux is that the machine running Linux is accessed through a network, either an internal network or via the internet. Simply put, a Linux remote desktop is all about a user having a complete desktop session experience that is running remotely on a Linux machine.
A remote desktop connection can be established through a particular software. It offers access to a remote device along with all its aspects as if the user is sitting right in front of the remote machine. From now on, we are going to refer to the remote machine being accessed as a “server” and the machine that is used to connect to the server is the “client”.
Remember, the “server” doesn’t necessarily have to be a brand powerful new supercomputer, it may be a simple desktop computer running the server application that allows the remote connection. The hardware requirements will depend on which applications will be used and how many people will use it simultaneously.
When you are interactively connecting to a server Linux machine, there are two basic methods that will let you interact with it:
CUI stands for Character User Interface, also known as CLI (Command-Line Interface) and more commonly known as the “command line”, “shell” or “prompt”. It is fully text-based.
GUI is an abbreviation for Graphical User Interface, which allows the visualization of graphical elements, such as application interfaces and desktops.
Accessing a remote Linux machine through CUI (Character User Interface)
SSH (Secure Shell) is a straightforward alternative for accessing Linux remotely. An SSH connection can easily be established directly from the Linux terminal shell or through an SSH client. SSH is a widely known open-source protocol. It is widely used because of both its simplicity and security.
The “server” (remote machine which we are going to connect to) should run an application such as “OpenSSH Server” and the “client” (the machine that is in front of the user) should run an application such as “OpenSSH Client”, “Putty”, “Tunnelier”, etc.
Connecting to a remote Linux machine that provides a GUI (Graphical User Interface)
Some applications allow users to get graphical software running remotely. Some will provide a single app window that is being executed on the server while its GUI window that interacts and is displayed on the client computer. Moreover, some allow for a full desktop session experience.
Unlike SSH, which is a widely adopted protocol to connect to Linux machines remotely through CLI, there are a lot of different protocols and software for accessing a Linux server and getting a GUI, each one of them with pros and cons. To name a few, we have the SSH itself (also capable of forwarding graphics through X11 forwarding), ThinLinc, VNC, Moonlight/Sunshine, Spice, NoMachine, MeshCentral, XFreeRDP, X2Go, NiceDCV, etc.
What is a Linux Remote Desktop Server then?
For this article, we refer to Linux Remote Desktop software as a solution that allows the provision of Linux Desktops remotely to users. Some of them will even allow multiple users at the same time. This specific type of software not only provides GUI access to the end-users but brings session management capabilities, allowing faster and easy deployments and some of them can also provide sound through the network, peripheral redirection, etc…
So, what should you be looking for when you’re searching for a Linux Remote Desktop solution? Here are a few key features that are important on the remote desktop solutions:
- Security: You don’t want unauthorized people eavesdropping your connection. Encryption and other security measures are essential for your company and your users.
- Flexibility: You should expect the most different scenarios coming from your remote users, such as different computers, different OS, different user skills, different connection quality… Providing a standard experience for all those different scenarios is crucial for your team productivity.
- Availability: Since you are providing a centralized standard experience for everyone, you need to keep your server’s uptime and minimize problems for your remote users.
- Easy deployment: When your solution is simple to deploy, you save maintenance costs, you have less downtime, and you have your team working on what is important to your company needs.
- Usability: Your Linux remote desktop solution needs to provide good image quality and responsiveness. You don’t want a solution that provides your users a bad experience.
If you are looking for a tool that has all the above key features, look no more, ThinLinc is the answer.
1. Linux Remote Desktop with ThinLinc
Image source: ThinLinc
ThinLinc is one fine example of a Linux Remote Desktop Server solution. ThinLinc is developed by Cendio in Sweden, one of the oldest Linux-centric companies in the world. ThinLinc can be categorized under the VNCs; however, ThinLinc is not limited to VNC, as it provides much more. The main differences are sound; image quality and responsiveness; security; easy configuration, redundancy, load balance, and high availability. Here you find a comparison of ThinLinc and VNC.
ThinLinc packages well-known open-source components and orchestrates them in a way that makes it easy for the sysadmins to provide access to Linux systems remotely.
Under the hood, ThinLinc is based on the following well known open-source projects:
- Pulse Audio
- and others…
All the key features are met by ThinLinc:
- Security: All ThinLinc connections are encrypted, and you can configure different methods of authentication according to your needs. Each remote connection is unique, and your clients won’t have anyone interacting or observing their remote session.
- Flexibility: ThinLinc Server application is compatible with the main Linux distributions. Here you find platform-specific notes for Red Hat and Fedora, Ubuntu, Mint and Debian, SUSE and openSUSE and General. The ThinLinc’s Remote desktop clients are available for Windows, macOS, Linux, ARM-based Linux, and web browsers. Learn more about the Anatomy of a ThinLinc Session. You can connect to a ThinLinc server using a simple Raspberry Pi 2 or a high-end computer and have the same remote desktop experience. The ThinLinc client is simple to set up, and you can also use any of the most common web browsers to connect to a ThinLinc Session.
- Availability: ThinLinc has built-in redundancy, load-balancing and high-availability. Just configure your servers, and your users won’t experience maintenance downtime or server failures.
- Easy deployment: You can set up ThinLinc Server in a matter of minutes since it doesn’t need any complex configurations or infrastructure changes since ThinLinc’s server connection will be running on top of the SSH port: if you already have SSH server up and running, you won’t need to open additional firewall ports for your clients. The ThinLinc client is very straight-forward to install and configure: it doesn’t require special IT skills to install.
- Usability: ThinLinc will also detect your connection quality and will give you the best image and responsiveness as possible. If your connection quality suddenly changes, it will adapt on-the-fly to keep your responsiveness as fast as possible. If you get disconnected for some reason, you can resume your session from anywhere you want and continue exactly from where you left.
ThinLinc is a tool currently used by universities, high-tech, and manufacturing industries. The use cases aim to provide a seamless experience with a Linux remote desktop.
You can start deploying your ThinLinc Server using one of these three options:
Following one of the above will get your ThinLinc Remote Desktop Server up and running
Using ThinLinc for remote access grants a range of benefits:
- Easy software installation and deployment;
- Works with up to several thousand of users;
- Native support of audio redirection;
- High image quality and responsiveness;
- Top-grade security;
- Load balancing and high availability feature;
- Support from qualified engineers certified on ThinLinc;
- Free for up to 10 concurrent users. Not a trial. For more concurrent users, the licensing model is cost-effective and fair compared to other solutions;
- Compatible with OpenGL hardware accelerated applications through VirtualGL;
These features make ThinLinc perfect for both enterprise, startup-level and also enthusiast or home-grade clients.
Even though ThinLinc is a perfect solution for enterprises, there are still some aspects to consider:
- ThinLinc is made aiming for the best image quality and responsiveness. For this reason, you may experience some frame skips on applications that have a high frame rate such as games;
- Although the ThinLinc’s Client runs on Windows, Mac, Linux or via web browser, The ThinLinc’s Server is for Linux machines only. You may run it on a Virtual Linux Machine running under Windows or Mac. If you compare available ways for remote desktop applications for Windows or Mac, you’ll see that Linux offers a superior multi-user remote desktop environment;
- ThinLinc is not a tool built for remote assistance/support. It is built for allowing multiple users to connect to a server infrastructure and get either a single app window or an entire desktop session running on the remote server. If you need to see or interact with a Local user session for support/assistance, you may encounter some problems;
- Some applications may not run under a ThinLinc session for example, applications installed from snapstore don’t work over remote desktop sessions. Also, games that need Vulkan hardware acceleration also won’t work on ThinLinc.
Thinking of the abovementioned elements, ThinLinc is focused on providing a great remote session desktop experience for its users.
So, we learned about ThinLinc features, pros, and cons. Can we talk a little about the alternatives? Sure! Let’s discuss some of them!
2. Windows Remote Desktop Protocol (RDP)
Let’s start talking about the Windows Remote Desktop Protocol, also known as RDP. This native Windows protocol allows users to remotely access a Windows Machine and have a remote desktop session experience. It is pretty similar to what ThinLinc does on Linux, but has a crucial limitation by Microsoft: Windows only allows for one user connected at a time on Pro versions of Windows!
It means that if someone else is logged in, you have to ask for permission to connect to it. A message will be displayed to the other user asking whether he/she allows or denies your access. If allowed, his/her session will be locked, and you will gain access and will be prompted to decide for every new attempt of connection on that machine.
The only way to have multiple users simultaneously is to install Windows Server and buy CALs, which costs a lot. As an alternative, you may get an RDP server running on a Linux Machine by using XRDP, but then, you’ll not be providing access to a Windows desktop, but to a Linux desktop instead.
- RDP is the native solution for accessing a Windows Pro machine;
- Has sound redirection;
- Every Windows version has a built-in client for RDP;
- Can be accessed from Linux using xfreerdp, for example;
- Remote desktop sessions will be visible only to the remote user;
- Session can be resumed from some other machine;
- XRDP can let Linux work as a free RDP server (but will provide a Linux session, not a Windows session);
- Focused on providing image quality and responsiveness.
- Only one user at a time on Windows Pro versions;
- Expensive and confusing CALs licensing model;
- Does not have 3D acceleration from the host;
- You may get frame skips on high frame rate applications;
- Plenty of vulnerabilities found over the years;
- Target of exploitation: If you expose your RDP port to the world, people will keep trying to hack into your machine.
3. Linux remote desktop over Secure Shell (SSH) with graphics
Image source: Freepik
Remote access can be established through SSH, commonly for text-based access. But there’s a feature that SSH you can turn on that allows SSH to forward an X11 window over an SSH connection, by using -X or -Y arguments: called the X11 Forwarding. It is simple and reliable for opening a single graphical window running remotely over SSH, but it is not very well optimized and will suffer if you don’t have enough bandwidth or low latency.
- Simple to deploy: just make sure that X11 Forwarding is enabled on your SSH Server configuration;
- Encrypted using the SSH connection;
- Multiple users simultaneously.
- Not well optimized for low bandwidth/high latency/unstable connections;
- Will not provide a full remote session desktop.
4. Remotely access Linux remote desktop via Virtual Network Computing (VNC)
Image source: Freepik
Virtual Network Computing (VNC) is a protocol that enables clients to connect to a particular server with a further option of interacting with the remote machine desktop. As an open-source instrument, VNC based Server and Client applications are available to Linux, Windows, and Mac.
VNC may be configured in two distinct ways: one that mirrors the local output of the remote machine’s screen, and another method that allows the user to get a virtual remote desktop session.
On the first method, the client will get to see the remote machine’s local screen, sharing the keyboard and mouse inputs.
The second method is more similar to ThinLinc’s behavior. By default, the VNC connection is established on TCP port 5900. But in the “virtual remote desktop session” mode each new user will have to connect to port 5900+N, where N is the number of the user connecting, example: 5901, 5902… So, a VNC server providing virtual desktops running behind a firewall will need to have many ports open and listening, one for each user.
But don’t make a mistake: VNC is the name of the protocol. To use it, you need to get an application such as TurboVNC, TigerVNC, among others.
Cendio, the company behind ThinLinc maintains two well-known FOSS VNC applications: TigerVNC and noVNC. Notably, ThinLinc uses TigerVNC as one of its major components and serves as maintenance of this open-source tool.
- VNC is a well established open-source protocol that is present on various client/server applications;
- Flexibility to be configured as an independent user session or to view and interact with the local session from the remote machine;
- Works on Windows, Linux, Mac and other systems;
- Some VNC server applications provide a web based VNC Client, such as noVNC.
- Many vulnerabilities have been found on the protocol over the years. Applications based on VNC have been patching those issues, but it is advisable to harden the security and not expose the VNC server on unsecure networks;
- VNC protocol does not have sound redirection. You may get sound redirection by using other tools such as PulseAudio;
- For virtual remote desktop configuration, each connected user will need a dedicated port listening on the server;
- It may be hard to configure;
- If you get disconnected, your session is ended;
- Doesn’t have an adaptive image quality based on bandwidth/latency. If your network is not stable, lag may occur and the system responsiveness may be compromised;
- On narrow bandwidth/high latency connections, you will need to set a poor image quality to restore responsiveness.
5. Linux remote desktop using X2Go
X2Go is a FOSS remote desktop software based on the 3.x version of NX libraries. The NX Technology is the base of the NoMachine remote desktop solution and the versions prior to release 4.0 have been released under GNU General Public License. X2Go is then based on these libraries and provides either a full virtual remote desktop session with sound or a single app window running remotely. Similar to ThinLinc, it does have sound forwarded to the client and the connection is also through the SSH port.
- FOSS software: Free to use, open-source and unlimited number of connections;
- Encrypted connection using the same SSH port;
- Audio forwarding;
- Different levels of image quality, so, you can use it on different networks;
- Can be resumed from another client;
- Has a feature that allows you to configure a jump host, in case that you need an SSH tunnel to reach a machine under NAT.
- You have to set up the image quality before connecting to the server… if your network connection is unstable, you may experience some lag; If you set a low-quality image, you may find it unusable not because of responsiveness, but because of the low image quality itself;
- Some software may refuse to open because of some incompatibility with X2Go’s virtual session “graphics card”.
6. Linux remote desktop using AnyDesk
And starting with AnyDesk, we enter another class of Remote Desktop software. AnyDesk (and TeamViewer, Mesh Central, etc.) are software examples that only provide a way to mirror the local screen and interact with a local running session of the remote machine.
This kind of software works very similar to VNC configured for sharing a local session instead of providing an independent full desktop session. They are more oriented to support, help desk or remote control computers responsible for displaying information on remote places.
With AnyDesk (as similar to TeamViewer), the client/server structure is changed for a single application that is both capable of sharing the local session or accessing a remote machine. Each machine running AnyDesk has a unique ID that you may use to access it from another machine running AnyDesk.
- Simplified way to access a remote machine: You won’t need to configure DNS, port forwarding or firewall in most situations. You will only need to provide the unique ID of the remote machine;
- If a program runs locally, you may run it remotely because it is mirroring the local screen;
- Great for remote support for users or accessing a machine working as an information display.
- You can’t have multiple sessions: The only option is to mirror the local screen;
- You need to create an account to be able to access the remote machines because it has to be connected to AnyDesk servers to provide this easy route from the ” client” to the remote machine;
- Image quality will suffer under unstable networks;
- You need a monitor attached to the remote machine;
- Everything you do will be displayed on the remote machine’s monitor. You need to pay attention to security breaches such as typing clear text passwords on the screen;
- Has a “home user” limited free version and paid enterprise versions billed annually.
7. Mesh Central for Linux remote desktop
Mesh Central is another class of remote desktop software. It is a centralized server that connects to the remote machines through an agent installed on them. A remote machine running the agent will allow the Mesh Central server to send commands or files in the background and also share its screen to let a Mesh Central user to interact with the local screen of the remote machine, similar to AnyDesk or TeamViewer.
The main difference is that there is no client for Mesh Central to connect to a remote machine. Instead, a user should connect to the Mesh Central server using a web browser and inside the website, the user is allowed to choose a remote machine and control it, similar to Apache Guacamole. The difference between Mesh Central and Apache Guacamole is that Mesh Central uses its agent and Apache Guacamole can use different protocols to connect to remote machines.
- Mesh Central is FOSS: you don’t need subscriptions, neither it is limited or “a trial” version;
- Access and control multiple hosts from a single server accessing it using a web browser;
- You can create multiple credentials and allow different types of access to each user.
- Just like TeamViewer and AnyDesk, It will just mirror the remote screen: You won’t be able to get a private remote desktop session;
- You need to install your Mesh Central server: although you may install the Mesh Central server on any machine, you’ll likely want to install it on a dedicated 24/7 server. It doesn’t need a lot of hardware resources, but if you want multiple users to be able to connect to the Mesh Central, maybe an always-on machine will be better to act as a server. The public free server works, but may prove as a security risk if someone gets access to your account. Moreover, it has less bandwidth available, resulting in more lag and poor image quality.
8. Linux remote desktop and Steam Link
Steam Link is not oriented for “Remote Desktop” usage, but for gaming. Anyway, it is possible to use Steam Link as a Remote Desktop software, just by minimizing the Steam Client and you will get to see the Desktop Session.
It will act by letting you interact with a remote screen running on the remote machine. And another class of remote connection software arises: Software products oriented for responsiveness and faster frames that allow remote gameplay. To provide better FPS to the client, image quality may suffer from artifacts or low-quality samples just to keep high FPS.
- High FPS allows remote gaming.
- Mirrors remote screen, so, it allows hardware acceleration on the remote machine.
- It is capable of also receiving controller input instead of only traditional mouse/keyboard interaction.
- You just need to know your username and password, you don’t need to know anything about the network’s connection.
- Free to use, just needs a Steam Account.
- You can connect only to a machine running Steam, logged into your account.
- You can’t have independent desktop sessions, it just mirrors the local screen.
- Image quality is not priority: You get faster FPS rates, but may see artifacts on the screen and reduced image quality.
- Steam needs to be running on the remote machine for you to be able to connect to it.
Since Steam Link is focused on gaming capabilities instead of being a remote desktop solution, you can combine it with ThinLinc to achieve faster FPS and gaming capabilities from inside a ThinLinc remote session.
Conclusion about Linux remote desktop alternatives:
As you can see, there are different ways of connecting to a remote machine running Linux. Different solutions also imply different features. We can put the remote desktop solutions in two main categories:
- the ones that allow multiple users to have independent remote sessions on a single machine;
- the ones that allow a user to connect to and interact with a session already running locally on a remote machine;
The first category focuses on allowing the IT crew to provide users a standard and centralized desktop session experience from remote clients, as if the clients were sitting in front of the remote machine.
The second category is more oriented for remote user support or remote operation of machines. Since you’re going to view and interact with a session already running on the remote machine or remote controlling it, no multi-session is possible.