Gentoo Wiki


This article is part of the HOWTO series.
Installation Kernel & Hardware Networks Portage Software System X Server Gaming Non-x86 Emulators Misc


What is FreeNX?

FreeNX allows you access an X11-Session over low-bandwidth Internet connections (starting from 40 KBit/s). It is based on X11 Forwarding software from NoMachine.

Installation (Version 1, easy and correct)

Currently, installation of nxserver-freenx on gentoo is very easy and the version 2 is generally outdated. Package is configured to use SSH and no additional configuration is required! For the installation I assume that your SSHD is working correctly and is set up on the 22 port. If SSHD is not installed then:

  I had to make the following changes to my sshd_config:
  AuthorizedKeysFile      .ssh/authorized_keys2
  PubkeyAuthentication yes
  AllowUsers      nx   <userid>

  I'm not sure if all 3 lines are needed, but it drove me up the wall, and now it's working.  So sharing what I learned with everyone else.
  (Note by someone else: Default config worked with just the AuthorizedKeysFile line, I didnt need the other two).

emerge openssh
/etc/init.d/sshd start

The first thing you need to do is to set up correct USE flags, actually only one. Add this line to your /etc/portage/package.use:

net-misc/nxserver-freenx nxclient

This flag is needed so that NoMachine client will work. It is important to notice that it is the _only_ working client. If the portage says that the package is masked you may need to add the following lines to /etc/portage/package.keywords (create the file if it does not exist):


Now emerge:

emerge -av nxserver-freenx

After the emerge process finishes you have two possibilities to configure freenx:

1. use default, pre-generated SSH key from NoMachine (less secure):

nxsetup --install --setup-nomachine-key --clean --purge

2. generate your own key (more secure):

nxsetup --install --clean --purge

The key in /var/lib/nxserver/home/.ssh/client.id_dsa.key then needs to be copied into the "Key..." under "Configure..." -> "General" in the NX !M client. Just open the key, copy all text and paste it. You could save the key on flash disk or your gmail account for future convenience!

If the freenx does not work and client says that auth failed try the following command (issue it after every nxsetup command execution):

passwd -d nx

Just to be sure re-start the SSHD daemon:

/etc/init.d/sshd restart

I also needed to add /usr/bin/nxserver to /etc/shells, as well as adjust some permissions on /var/lib/nxserver (chown'd it to nx) before I could login with the NX user though ssh.

Also note that Windows client version works great with the latest version of nxserver-freenx (if you run in any problems try using client version 1.5 from here [1]).

SSH running on a different port

If you have changed your sshd to run on a different port, you need to tell FreeNX as well.

For FreeNX >=0.5.0 you should adapt the configuration file, located in /usr/NX/etc/node.conf or /etc/nxserver/node.conf:

Change the line




Use NX authentication instead of SSH

This is not really recommended as SSH provides secure and reliable authentication mechanism but if you want you can try using the built-in one. To enable it open your config file and edit (/etc/nxserver/node.conf):


If you want you could disable all other authentication methods. Before you login it is necessary to add your user to the NX:

/usr/bin/nxserver --adduser <username>
/usr/bin/nxserver --passwd <username>

Enable logging

By default NX does not log anything, e.g. logging is not enabled. To turn this feature on just open the configuration file and locate logging section. Set the desired level and log name file:

NX_LOG_LEVEL=3 # change level accordingly to your needs

Now you can find and discover problems. It also might be a good idea to look into /var/log/messages to look at SSH logs as some problems might come from there.

The NX overlay

If you need more recent packages then you should access the nx gentoo overlay, however, portage is not far away... See [2]. You can add the nx overlay using layman:

emerge layman
layman -a nx
emerge -avt nxserver-freenx

Degraded performance over time

Over time, you can experience degraded performance, but it does not necessarily mean the nxclient is bugged or has a memory leak.

One of the criminals responsible for a sluggish response is Firefox. My guess is that it leaves too much cached images which end up taking up the nxclient cache, thus making it slower. I have experienced degraded performance even with 128MB of cache for the nxclient, since I use lots of tabs. So, if your connection starts to get slow, close Firefox. you will probably see the performance come back again all of a sudden. You can then open Firefox again and continue browsing happily.

Installation (Version 2, misleading and confusing)

The GPL'ed version of nxserver (FreeNX) is currently unstable and only available for x86 platform; Add the following to your /etc/portage/package.keywords file:

Note: You may need to create this file as it is not part of the base Gentoo install.

net-misc/nxserver-freenx ~x86
net-misc/nx ~x86

To install simply emerge the following packages: As always, check the list for appropriate USE flags.

 emerge -avt nxserver-freenx

 source /etc/profile

There was a change in directory structure since 0.5.0-r1; You need to issue the following copy command:

cp /usr/lib/NX/bin/nx* /usr/bin/

Now run the nxsetup command:

nxsetup --override --install

Make sure your ssh daemon is up and running:

 /etc/init.d/sshd status

That should do it.

Installation on amd64

There are masked packages which should work with amd64. I had no luck compiling nx-x11-1.5.0, but nx-x11-bin-1.5.0 works for me. The dependencies compile though...

You may also need to add "LDPATH=/usr/NX/lib" to /etc/env.d/50nxpaths and make sure that /usr/NX/lib points to /usr/NX/lib32 however this will only allow the server to run on the machine not the client.


Add a user (optional)

Now add the users who are to have access to your system using FreeNX. These user names must correspond to the "correct" user names on the system.

/usr/NX/bin/nxserver --adduser <username>
/usr/bin/nxserver --adduser <username> (nxserver-freenx-0.5.0-r1)

You set a per-user NX password using:

/usr/NX/bin/nxserver --passwd <username>
/usr/bin/nxserver --passwd <username> (nxserver-freenx-0.5.0-r1)

Authenticate with SSH

ssh authentication is enabled by default. You *must* be able to login using passwords to use ssh authentication. If your sshd is configured to not accept passwords and forces key only authentication NX cannot use ssh authentication. It is unnecessary to configure users via nxserver --adduser <username> when you use ssh authentication.

If your sshd.conf uses ~/.ssh/authorized_keys for storing publickeys, and if you don't like to share your keypair for authentication with all other users of nx, you should edit /usr/NX/bin/nxserver or /usr/bin/nxserver or /usr/bin/nxloadconfig:

File: /usr/NX/bin/nxserver or /usr/NX/bin/nxloadconfig or /usr/bin/nxserver or /usr/bin/nxloadconfig




rm /usr/NX/home/nx/.ssh/authorized_keys2

For FreeNX versions >=0.5.0 you need to add the following line to /usr/NX/etc/node.conf:

File: /usr/NX/etc/node.conf or /etc/nxserver/node.conf

make new keypair:

It is a good idea to have a different key pair for each user and remove the private key from the server once added to your client
ssh-keygen –d
--> into: /usr/NX/home/nx/id_dsa
--> no passphrase

put the one in authorized_keys:

cat /usr/NX/home/nx/ > /usr/NX/home/nx/.ssh/authorized_keys

or for nxserver-freenx-0.5.0-r1

mkdir /var/lib/nxserver/home/.ssh
cat /dir/to/ >> /var/lib/nxserver/home/.ssh/authorized_keys2
chown nx -R /var/lib/nxserver/db (nxclient will fail login if you don't do this step)

then copy (securely with sftp or anything similar) /usr/NX/home/nx/id_dsa to your client. Look for the folder share/keys (or just share) in the client's installation prefix and replace the key you find there. Last but not least, remove the id_dsa and files from the server.

Eventually you have to do this before authentication works at all (if you changed the line in nxserver after adding user):

cd /home/xxx/.ssh/
cat authorized_keys2 >> authorized_keys
rm authorized_keys2

Installing the NX server has installed the client automatically. You can start it with:



nxclient --wizard 

if you need more help with configuring the client to connect to a machine that has the freenx nxserver installed on it.

Windows Client

You can download the Windows Client from [3].

You can download version 1.5 at [4] as version 2 will not work with 1.5 server

Copy paste the id_dsa key in the advanced configuration dialog, tab "General", button "Key..."

If you get a "X local server error" try installing this older Windows client

There is also a more detailed HowTo in the Forums, hidden at page 13 of the major NX thread. I paste that link here because I always have to search that bl#*Qy post and I hope others find it useful, too.


ssh -X serverhost

If you get some error like localhost:10.0 broken, then check libX11 for server/client are compatible

If you get an error about an invalid MIT-MAGIC-COOKIE-1 key, run the following command on the server where <clienthost> is the client's hostname:

xhost +<clienthost>

This is the quick and easy but less secure way of allowing the remote user to display X programs on their local X11 server. Other methods are more secure but more complex to set up.

ssh -X serverhost
LD_LIBRARY_PATH=/usr/NX/lib /usr/NX/bin/nxagent :1000

You should see a blank X session start.

PATH="$PATH_BIN:$PATH" $PATH_BIN/nxagent $P $R -nolisten tcp -name "NX - $user@$SERVER_NAME:$display - $session (GPL Edition)" -option "$USER_FAKE_HOME/.nx/C-$sess_id/options" $K $G $B $FP $AGENT_EXTRA_OPTIONS_X :$display 2>&3 &

Afterwards you can open a shell in your NX session, add the remote host and run other X programs via ssh.

userA@nxserver ~ $ xhost otherServer
otherServer being added to access control list
userA@nxserver ~ $ ssh userB@otherServer "xterm -display nxserver:$DISPLAY"

Open Questions

Its best to upgrade to the latest stable 1.5 version

Retrieved from ""

Last modified: Tue, 02 Sep 2008 23:12:00 +0000 Hits: 72,082