The production SLAC FastX service is available at: https://fastx.slac.stanford.edu:3443
FastX is a modern solution for displaying remote Linux applications (X Clients) on your desktop or laptop. FastX gives you the option of using any standard web browser to connect to your remote Linux sessions. Additional information can be found on the StarNet web page: https://www.starnet.com/fastx/ .
FastX works well with Wide Area Network connections from offsite (non-SLAC networks), and it can also be used on SLAC Local Area Networks.
The SLAC FastX production service is implemented on a cluster of VMs for redundancy, performance, and horizontal scale-out capability.
Connecting to FastX using your Web Browser
The easiest way to use FastX is through your Web browser. All modern browsers are supported, including Firefox, Safari, Chrome, and IE 10+ (or your smart phone).
- Go to the SLAC FastX web login page: https://fastx.slac.stanford.edu:3443
- Log in with your SLAC Unix username and password.
Do not check the Public Key Authentication option – that will not work well since it will not give you an AFS token.
To start a new session, click on the plus box:
Inside the command box, you can start an xterm window and connect to a SLAC interactive login pool machine like this
(You can replace rhel6-64 with the hostname of your own group's interactive login machine if you have one):$ xterm -e ssh rhel6-64.slac.stanford.edu
When your xterm session starts, you may wish to start a lightweight window manager so you can resize and move windows around inside your browser window.
Starting a lightweight window manager is not required, but it's necessary if you want to move and resize your X Clients inside your browser window.
To do that, type these two commands inside your xterm window (the xsetroot command just makes your desktop background a more pleasing color):$ twm &
$ xsetroot -solid greyOther lightweight window managers include fvwm2 and fluxbox. If these are not installed, you can ask unix-admin to install them (they are part of the EPEL repository).
A future update of FastX will include "Multiple window mode" for the web browser client, and when that's available, it means the FastX browswer client will have a built-in window manager.
Now you can start your Linux X applications by typing the commands inside your xterm window. For example:
$ gimp &
$ firefox &
$ /afs/slac/package/anaconda/anaconda3/bin/spyder &As always, your SLAC Unix AFS token needs to be renewed every 25 hours. If your AFS token expires, then you will not be able to write files into your AFS home directory. When you reconnect to your session later, the 'qtoken' command will quickly tell you if you have a current AFS token or not. If your AFS token as expired, then use the 'kinit' command to get a new Kerberos ticket and AFS token.
$ /usr/local/bin/qtoken
$ /usr/local/bin/kinit
Using the Client application
- Go to this URL: https://fastx.slac.stanford.edu:3443
- Click on the link that says: "Looking for the desktop client?"
- After you download and start the desktop client, click the + (plus) icon to configure a new connection.
- Next, select either Web (https port 3443) or SSH (ssh port 22) when given the choices of Web or SSH. Both are encrypted and secure, and either choice should work well.
- Enter these values if you create a new SSH connection: (replace 'ksa' with your username):
- Enter these values if you create a new Web client connection: (replace 'ksa' with your username):
- Click the Save button.
- Double click on your new saved connection.
- You can start a new session using the same instructions the the above session for "Connecting to FastX" – click the + (plus) icon.
- When you start a new session using the desktop client, you have a choice for Window mode: Multiple or Single. If you choose single window mode, all of your Linux X applications will be run inside one resizable single window (as opposed to the multiple seamless floating windows you get if you choose multiple mode).
You can reconnect to one of your already running sessions by double clicking on it under the Name column. It could take several seconds for your saved session to appear.
You should also see any sessions you already have running that you may have started in a browser connection to FastX.
fastx-l mailing list
SLAC has a fastx-l mailing list for users of the FastX service to communicate. This is good venue to ask questions and discuss anything related to using the FastX service. SLAC users of the FastX service may be able to quickly answer or help solve your problem. When you have a FastX question or problem, there are several option you can use to get help:
Subscribe to fastx-l by using this command:
echo subscribe fastx-l | mail listserv@slac.stanford.edu
Send your question or problem to the fastx-l mailing list. You will reach other SLAC users of the service, and they may have already researched and solved your problem. After you subscribe, you can view the list archives here: https://listserv.slac.stanford.edu/cgi-bin/wa?A0=FASTX-L
Send your question or problem to ithelp@slac.stanford.edu . SLAC Desktop support provides support of the FastX service, and can help with desktop, laptop, and browser related questions about using FastX at SLAC. They are familiar with supporting the FastX service, and may have already helped another user solve the problem you have.
If ithelp@slac.stanford.edu determines they need Unix or server configuration support to help answer your question, they will work with unix-admin to solve the problem. unix-admin can open a support cases with FastX, and utilize our site-wide vendor license for engineering support. FastX support engineers are eager to hear about problems and bugs, and they have already worked with unix-admin to modify configuration options and apply patches in our test cluster. If we can reproduce a bug, then they gather information from our environment and release a bug fix with the next standard release of the FastX server and clients.
Protecting your SLAC AFS ~/.fastx_server/ directory
Your SLAC AFS ~/.fastx_server/ directory contains sensitive information which could expose your FastX X11 connections to others. This could lead to a compromise of your account, and/or unauthorized keystroke monitoring. Keystoke monitoring can capture other passwords you type, such as sudo, ssh password authentication to remote sites, or information entered in browser windows, even for https sites since the keystrokes are captured before SSL encryption is done.
Therefore, please take care in protecting access to this directory. Since this directory is in AFS space, you need to use AFS Access Control Lists (ACLs) to lock down the directory (regular Unix file modes using chmod do not work inside AFS space). The Scientific Computing Services (SCS) tool "system ranger" will automatically detect and fix any ~/.fastx_server/ directories in AFS space which are too permissive, and you will get an information email just letting you know it was fixed. If you get this email, it is only for your information, and no action is required. If necessary, the system ranger protects your ~/.fastx_server/ directory by removing the following entries from the AFS Access Control List:
system:anyuser rl
system:slac rl
system:authuser rl
Frequently Asked Questions
| Question | Answer |
|---|---|
| How do I copy/paste when using an xterm with the desktop client? | Copy and paste work just like any other program. On linux xterm, copy is highlight. Paste is middle mouse click (Command-click on a Mac laptop). Paste can also be shift+insert If you use a Mac, the usual ⌘-c for copy will not work in an xterm FastX window. |
| What makes FastX fast? | https://www.starnet.com/xwin32kb/what-makes-fastx-fast/ |
| What is the latest version of FastX? Where are the release notes? | https://www.starnet.com/xwin32kb/fastx-release-notes/ |
| How do I connect to SLAC's FastX service? | http://fastx.slac.stanford.edu:3000 or https://fastx.slac.stanford.edu:3443 You can use FastX from any browser, or you can download the client application by going to either one of those URLs and click on 'Looking for the desktop client?' |
| I get 'Permission Denied' when trying to reconnect to a session | Please report this problem to unix-admin if you see it. This problem has been seen in the past, and reported to FastX. It should be fixed in the latest versions of FastX server and clients. There are a couple of things you can try if you get this error: Connect to the specific server where your session is, instead of the load balanced name. You can do that by using one of these URLs: https://fastx-srv01.slac.stanford.edu:3443 https://fastx-srv02.slac.stanford.edu:3443 If you can connect using this method, then do a 'kinit' in your FastX xterm window to renew your AFS token. Now you should be able to use the load balanced fastx.slac.stanford.edu URL once again. |
I get a strange error message when I try to log into the browser client (or the desktop client with a Web connection) I see some output from my .cshrc in the error, and then it does not allow me to log in. | You have to protect any echo commands in your ~/.cshrc file by testing for an interactive shell. fastx uses a non-interactive ssh connection for authentication, and any echo commands will cause it to fail. This is the same issue for scp or sftp – if you put echo commands in your .cshrc that do not test for a prompt, then scp or sftp will fail to work. The fix it to put any echo commands inside a test like this: if( ${?prompt} ) thenYou can verify you found all your non-protected echo commands by testing with a non-interactive ssh command, like this: $ ssh iris.slac.stanford.edu date If you see any echo command output, you need to either remove those echo commands, or put them inside a test for a prompt as shown above. |