Accessing a thick client from a thin client - - advice needed for a clamshell purchase

Drone4four · 12 December 2023 04:03

I was thinking of purchasing a thin client clamshell laptop with the intention of logging in remotely to use my thick client when I am not at home.

I have a number of questions. But I think it might be a good idea to share my current hardware specs and provide a background on my use case first.

Here I go - -

I have a Desktop PC (tower) with Manjaro installed natively. It’s an Intel i5-13600K CPU with 64 GB of RAM and AMD RX 6600 XT 8GB GPU with 6+ terabytes NVMe, SSD, and HD storage in total spread across my root fs, home directory, and back up data directories. It’s a terrific workhorse.

In terms of my use case for this hardware configuration, I am in a seemingly perpetual state of research, writing works of non-fiction and social science in Google Docs in Chrome (dozens of tabs) and searching and reading similar topics also in Chrome (hundreds tabs). So on the one hand while I do academic and literary research, I am additionally learning data science and algorithmic software design. For this I use VS Code and seem to accrue hundreds of Chrome tabs to support these endeavors as well. I furthermore interact with my peers on various communities on Discord and Slack. Having said all of that, with all of these Java heavy and electron/chromium based apps I rely on, this is how I justify the need for 64 GBs of RAM. My system monitors tell me that I usually hover around the 40%-60% range on a busy day.

Now for my line of questioning:

How realistic is it to remote into a thick client from a $400-500 thin client? Comments? What kind of user experience could I expect to run Gnome or Plasma on my home PC but through a secured ssh internet connection from a clamshell?
I’ve used ssh to login from my Desktop PC into virtual private servers in the cloud in the past. But in that case I had a static IP and was able to set up a DNS so that is why ssh worked so easily. I gather that my ISP is forever leasing and re-assigning unique IP addresses on rotation, so it is never static. This makes it difficult to set up a consistent ssh connection. I’d have to reconfigure it manually every 2 weeks or whenever my ISP arbitrarily decides to change my IP address. What might the solution be to this issue?
If I am able to establish a decent regular consistent ssh connection successfully, is it as easy as running startx from my shell to launch an X / Wayland wm session?
What alternatives might there be to ssh to remote in?

Some more rationale: Laptops with 64 GBs of RAM or even 32 GBs of RAM are prohibitively expensive. To me it doesn’t make sense to lug around a heavy ultra expensive laptop in a public place like the library where a thief and opportunist could take advantage of the situation and swipe it with all my data on it. While I could encrypt the storage, I’d rather be out $400 than $2,500+.

I don’t travel around the world so latency is not an issue.

soundofthunder · 12 December 2023 04:20

Regarding Question 2:

You might consider a Dynamic DNS service (typically inexpensive, if not free) to maintain a consistent IP address to your machine. Rather than attempt to give any guidelines here, I’ll simply link these two possibilities among many; they should also have all information needed to set it up:

I once used DynDNS myself to host a demo site from home, which allowed me to login (ssh) as needed, from wherever I happened to be.

The reconfiguration happened automatically, and transparently.

I hope this helps. Cheers.

linux-aarhus · 12 December 2023 05:38

Please see Hardware for options especially you may want to look at the StarLite option

Extending the suggestion by @soundofthunder by setting up your home system to use VNC over SSH - this gives you full access to your LAN having increased security using SSH.

Please note that some ISP doesn’t allow services on privileged ports (port numbers < 1000) so you should run your service at e.g. 33022

You can use the following topic as a reference for setting up secure SSH using public keypair.

[root tip] [How To] Set up your own SSH service

And this as a reference to setup your system to serve your desktop over VNC

[root tip] [How To] TigerVNC over SSH

You can use the following as reference for setting up DNS and router to serve your SSH service to the outside world.

[root tip] [How To] Sharing Pi NextCloud using domain name

zbe · 12 December 2023 07:46

You keep talking about ssh. Ssh is text based only, I hope you realize that. Sure you can use ssh tunnels, but just FYI.

No, this doesn’t work. You need an app: whateverVNC, NoMachine, rustdesk,…

For sshing from your desktop PC it makes no difference if you have static ip or not.

bedna · 12 December 2023 10:41

I do exactly this.

I have set up a VPN server on my lan I connect to from the outside. If your ip changes constantly, get a domain name, they are death cheap.

I use a raspeberry pi as VPN server (openVPN/piVPN), I call this SBC here (single board computer).

Connect to the VPN so all traffic is encrypted (SSH tunnels are great and all, but a pure vpn connection is better).

Then when connected to your vpn you just connect to your VNC server and use it.

I also wake my computer with wake on lan (via the same SBC, I haven’t figured out to get the magic packets to work when I am connected to my vpn so I use the same SBC that is running the VPN server for WOL):

~/.local/bin/wol.sh

#!/bin/bash

if [ $EUID != 0 ]; then
    echo 'This script must be run as root!'
    exit 1
fi

#etherwake -D D8:5E:D3:E4:B5:67 # -D = debug/verbose
wakeonlan -i 192.168.1.255 D8:5E:D3:E4:B5:67

exit 0

I use this method to set up my vpn server: [root tip] [How To] TigerVNC - LAN connection to SDDM at display :0
I do NOT KEEP THE SERVICE ACTIVE (just another security risk) but rather start it in ssh after I have woken the VNC server computer up with WOL.

I use this little script, have it active in my ssh client while I use VNC, then press any key on my ssh client and the service stops.

~/.local/bin/start-vnc.sh

#!/bin/bash
if [ $EUID != 0 ]; then
    echo 'This script must be run as root!'
    exit 1
fi

echo 'Starting VNC server...'
systemctl start x0vncserver.service
read -p 'Press any key to stop vnc'
systemctl stop x0vncserver.service
echo 'VNC server stopped...'

exit 0

Edit
As a bonus, you can also use the SBC as a pihole both for a little extra protection AND filter out ads.
If you install pihole before vpn on the raspberry pi, the vpn will ask if you want to use the pihole on connections through the vpn, ie, you are also protected when “out in the wild” if you just connect to your VPN. No need for tons of configuration, the installation does that for you.
I do this, I connect to my vpn the second I move away from my home wifi on my phone. Does not matter if you are on another wifi or just mobile network.
Downside is traffic might become slower because everything is going through your home network first.

The whole idea with a thin client is everything heavy is run on the server. So you can theoretically use something worth $1 or a ryzen9 system for $1500, you are running everything on the server so the speed is exactly the same.
The server is what has to be powerful. The more thin clients connected to it, the more power it needs.