The ability to access a computer remotely is vital for system administrators, IT support teams, developers and other professionals who manage servers and desktops. It enhances collaboration, allows supporting machines located anywhere, and enables working from home securely.

While proprietary operating systems usually have built-in options, enabling remote connectivity in Linux requires using dedicated software and tools. In this detailed guide, we explore various methods to set up robust remote access on Manjaro Linux desktops and servers.

Overview of Remote Access Capabilities

Remote access refers to connecting to a computer from an offsite location to perform management, troubleshooting or other tasks. The main capabilities it offers are:

1. Command Line Access

Obtain only a terminal interface to the remote host. Allows running shell commands and scripts but not a full desktop environment. SSH is commonly used for command line access.

2. Graphical Access

Gain a full graphical interface to view and control the remote desktop. Allows opening GUI apps and accessing audio/video capabilities. Done through software like VNC, RDP or custom protocols.

3. File Transfer

Transfer files to and from the remote system easily through the file manager. Supported by certain software solutions like AnyDesk and Chrome Remote Desktop.

4. Printing

Allows the ability to print documents remotely through networked or local printers on the offsite system.

With these key features, users can harness the power of remote access for administration, assistance, working remotely and more. But first, it needs to be configured properly for best security and performance.

Benefits and Business Use Cases of Remote Access

Some key advantages and usage scenarios of remote access in an organization are:

  • Business Continuity: Employees can seamlessly work from home in events like storms, strikes or health hazards when onsite access is risky or disrupted.

  • Reduced Downtime: IT staff can promptly troubleshoot issues on critical servers remotely to minimize downtime.

  • Better Collaboration: Staff and external teams can collaborate by accessing a common system simultaneously.

  • Support Cost Savings: Technicians can provide software support and fixes remotely without onsite visits.

  • Secure Access: Data and apps can be stored only on central servers and accessed securely from authorized thin clients.

  • Flexible Working Setup: The workforce can work flexibly from home, satellite offices or on the move by accessing central systems remotely.

Considering these significant benefits, implementing remote access becomes extremely valuable for modern businesses. It unlocks additional capability and resilience at a reasonably low cost.

SSH: Enabling Remote Command Line Access

The SSH or Secure Shell protocol allows accessing the command line interface of a remote host securely across networks. Traffic is encrypted using public-private key pairs to prevent eavesdropping and attacks.

SSH is usually enabled by default on Linux distributions like Manjaro. If not, the openssh package can be installed manually. SSH has two components:

SSH Server: Runs on the remote host machine and listens for incoming connections.

SSH Client: Used to connect to the server from the accessing machine.

To begin, install openssh on the server if missing:

$ sudo pacman -S openssh

Next, start the sshd service and enable auto-startup on boot:

$ sudo systemctl start sshd
$ sudo systemctl enable sshd

On the client system, utilize the ssh command with username and server IP: 

$ ssh user@server_ip_address

When prompted, authenticate using the account password or SSH keys. The key-based method is more secure as it avoids transmitting plain password over the network.

You‘ll now get terminal access to run commands and scripts on the server itself, instead of locally on the client machine.

SSH Connection Optimization

There are several tweaks possible to make SSH faster and more resilient on unreliable networks:

  1. Compression: Set Compression yes in /etc/ssh/sshd_config to reduce traffic over slow links.

  2. KeepAlive Messages: Configures ClientAliveInterval and ClientAliveCountMax directives to prevent broken connections from terminating sessions.

  3. Multiplexing: Enable ControlMaster in ssh_config to multiplex sessions over a single TCP connection.

  4. Ciphers: Prioritize fast ciphers like AES-CTR over slower ones.

These SSH optimization tips can significantly boost stability and speed over remote connections.

Securing SSH Access

Some measures to further lock down SSH security include:

  • Use SSH keys instead of password authentication
  • Disable root login and allow only authorized users
  • Run SSH on a non-default port for obscurity
  • Restrict source IP addresses permitted to connect
  • Use fail2ban to block hosts making repeated failed attempts
  • Enable log monitoring to detect attacks

Following these best practices is vital for preventing SSH brute force attacks.

For graphical remote access, SSH cannot help directly. Other dedicated solutions that offer full desktop environment access need to be examined.

VNC Protocol and TigerVNC Software

The VNC protocol allows a client device to graphically interface with the desktop environment on a remote system. The client takes control of an entire virtual session, with support for view-only or interactive access.

The open-source TigerVNC software implements VNC on Linux systems like Manjaro. It has these components:

VNC Server: Installed on the remote host machine to start a session for access.

VNC Viewer: Client software to connect to the server.

To establish a TigerVNC connection:

  1. Install tigervnc server on the Manjaro or other Linux remote host.
  2. On the accessing device, install a VNC client like vinagre.
  3. Run command vncserver :1 on Manjaro host to begin session 1.
  4. Connect using viewer with remote_ip:1.

By default, there is no encryption in VNC. For security, consider enabling TLS 1.2 encryption available in TigerVNC along with the verification of certificates. Alternatively SSH port forwarding can add an encryption layer.

TigerVNC has providing an efficient remote desktop experience for years. But modern solutions are offering tighter integrations.

Chrome Remote Desktop: Browser-based Access

Chrome Remote Desktop is a proprietary Google solution allowing remote access to a computer through the Chrome browser, with client apps available for all major platforms.

It has these main components:

Remote Desktop Extension: Installed in Chrome browser on host system to enable access.

Remote Desktop Client: App that runs on accessing device to control host.

Relay Server: Router in Google Cloud that brokers the client-host connection.

Chromoting Protocol: Custom Google protocol for transmitting data.

To begin, install extensions on both machines. On the host, share a one-time PIN which when entered in client, connects to the remote desktop after identity verification via Google.

Benefits of Chrome Remote Desktop:

  • Simple setup without needing to adjust firewall or NAT settings.
  • No public IP required on host as traffic tunnels through Google.
  • Strong encryption in transit and rest using TLS.
  • Good performance tuned by Google.
  • Easy connections from desktops as well as mobile clients.

For personal use, Chrome Remote Desktop is freely available. But monitoring by Google servers could raise privacy issues for businesses.

X2Go – NX-based Linux Remote Desktop

X2Go is one of the best performing options for graphically accessing Linux machines remotely. It implements the NX protocol created by NoMachine with modifications.

NX leverages SSH for security while optimizing the X11 display protocol for much better speeds over varied connections. X2Go improves upon NX with additional enhancements.

To connect using X2Go:

  1. Install x2goserver package on Manjaro Linux remote host.
  2. On the client, install x2goclient.
  3. Create a session using the remote host IP address and login credentials.
  4. Launch the session to get graphical access.

X2Go also offers extensive configuration options to control session parameters like resolution, sound redirection etc. Making it great choice for customized Linux remote access.

NoMachine – Commercial NX Implementation

NoMachine is the inventors of NX technology protocol, which they commercially license and support for enterprise use. Their custom implementation called NoMachine comes with these components:

  • NoMachine Enterprise Server
  • NoMachine Workstation/Laptop Client
  • NoMachine Cloud Server
  • NoMachine ALP Client for mobile devices

The NoMachine commercial package focuses on strong security, delivery over unreliable connections and load balancing for large-scale deployments. Benefits include:

  • Powerful NX performance and compression tuning options
  • Support for accessing over 25 OS platform variants
  • Advanced security features
  • Granular access control management features
  • Multi-session handling for 1000s of concurrent users
  • Graphical clients for mobile and thin terminals

For businesses that manage a multi-OS environment with numerous users across different sites, NoMachine Enterprise delivers one of the most scalable and feature-rich remote access solutions.

AnyDesk – Closed Source Alternative

AnyDesk Software GmbH develops one of the most popular proprietary remote desktop systems targeted at the commercial space. Core features:

  • DeskRT display protocol tuned for remote sessions
  • Encrypted TLS 1.2 data transmission
  • Address book for saved connections
  • File manager allows easy transfer
  • Recording sessions
  • VPN tunneling
  • Mobile apps

AnyDesk provides remote access between Windows, macOS, Linux and FreeBSD machines. It has an easy-to-use interface that allows quickly configuring ad-hoc connections.

However, being closed source may inhibit some conservative corporations. But for small teams, AnyDesk‘s well-rounded capabilities make it an excellent remote desktop choice.

Key Evaluation Criteria Between Solutions

The following table summarizes how the various solutions stack up across some key remote access criteria:

Software Open Source Protocol Security Connection Reliability Scalability Customization
SSH Yes Encrypted Moderate, needs tweaking High Low
TigerVNC Yes Weak, needs SSL/SSH tunnel Unreliable Low, manual load balancing High
Chrome Remote Desktop No Encrypted Good High with Google infrastructure Low
X2Go Yes Encrypted Excellent even on poor networks Medium based on server OS High
NoMachine No Enterprise grade encryption Optimized for any network Massive scale support Granular
AnyDesk No Encrypted Good Medium Medium

This comparison shows that while SSH is great for command line access, graphical remote desktops need dedicated software. X2Go leads in being open source while providing high reliability, security and customizations.

Chrome Remote Desktop wins in simplicity by building on Google‘s infrastructure. For large deployments, NoMachine tops the enterprise space with comprehensive features. AnyDesk hits a nice mix in the middle.

Securing Remote Desktop Connections

While the protocols encrypt data in transit, additional steps help minimize attack risks:

Firewall Rules: Restrict source IP ranges permitted to establish incoming desktop connections. Fail2ban helps auto block any malicious activity.

User Access Controls: Have a thorough access management policy with granting privileges only on a need basis. Multi-factor authentication adds an additional layer of identity verification.

Application Restrictions: Limit accessibility to only the tools required for the remote task using containers or app whitelisting. This reduces risks from malware.

Session Controls: Auto terminate idle sessions after some inactivity period. Constantly monitor established connections using audit capabilities offered in the software.

Client Devices Security: Ensure devices that access company resources remotely also follow strong patching, configuration hardening and data protection policies.

Network Segmentation: Establish a separate remote access subnet with managed controls. Limit connectivity allowed with operational subnets.

A defense-in-depth approach across access protocols, accounts, apps, devices and network helps keep remote connections secure.

Optimizing Remote Sessions For Speed

Delivering a responsive desktop experience over remote networks calls for tuning protocols using these techniques:

Caching: Reuse GUI elements like fonts or bitmaps wherever possible by storing them locally on first load. Greatly speeds up rendering.

Compression: Apply algorithms like LZ4 or ZRLE encoding to graphical data before sending it to reduce bandwidth usage. SSH offers network compression as well.

Resolution: Transmit output at lower resolutions that still meet visibility needs. Scale down to save on processing and bandwidth overheads.

Limit Colors: Use lower bit depths with fewer color variations, but visually indistinguishable.

Focus Visible Regions: Actively push updates only for the actively visible portion of remote desktop instead of the full screen area.

Multi-level Prioritization: Split desktop elements into categories like video, images, text etc. and assign transport priorities based on importance to responsiveness.

Tuning protocols requires deep expertise. Fortunately solutions like X2Go, NoMachine and AnyDesk apply numerous optimization tricks that ensure an optimal experience out of the box.

Remote Access From Mobile Devices

Accessing desktops remotely from mobile phones and tablets require client apps tuned for the form factor. Some options available:

JuiceSSH – Open source SSH app for Android and iOS. Supports SSH with encryption along with customizable gestures.

Chrome Remote Desktop – Available as mobile client apps for both platforms. Links into a Google account allowing access from mobile or desktop browser seamlessly.

Apache Guacamole – Open source gateway supporting VNC, RDP and SSH over HTML5 browsers without plugins needed. Good mobile experience.

X2Go Client – Official client for Android allows connecting to Linux servers running X2Go server daemon over NX protocol.

AnyDesk – Fully featured mobile client apps that allow controlling various desktop systems like Windows, Linux and macOS remotely.

These mobile apps allow securely connecting from mobile devices to leverage remote desktops and servers from anywhere with reliability.

Conclusion

Remote access unlocks several advantages like resilient access, secure collaboration and lower TCO to enterprises adopting it in their infrastructure. While command line SSH suits simple text-based access, graphical solutions utilize custom protocols like VNC, NX or DeskRT tuned for speed and responsiveness across connectivity challenges.

Open source options like TigerVNC and X2Go offer good capability at modest licensing cost but may demand expertise to deploy and customize. Mature commercial solutions like NoMachine and AnyDesk incorporate the latest remoting techniques that enhance reliability. Chrome Remote Desktop provides surprising capability tied into Google accounts with effortless web access.

For enjoying responsiveness, security and centralized access from a range of devices, robust remote connectivity is vital for any modern digital workspace.

Related posts:

  1. Installing Java on Manjaro Linux: A Guide for Developers
  2. Installing Xfce on Manjaro Linux – An Expert Guide
  3. Unlocking Manjaro‘s Powerhouse Hardware Tool
  4. How to Install and Configure Cinnamon Desktop on Manjaro Linux: A Developer‘s Guide
  5. How to Change Kernel Version in Manjaro
  6. Getting Started with Manjaro Linux and Using MHWD
  7. How to Install Spotify on Manjaro Linux
  8. A Step-by-Step Guide to Installing Manjaro Linux

Similar Posts