Running graphical applications using SSH and X tunneling

Some applications on our systems (e.g Matlab) have a graphical user interface. To be able to display windows from an application running on an NSC system on your own computer, you need two things:

  1. An X server software installed on your computer.
    • If you run Linux, this is already taken care of.
    • If you run MacOS, you might need to install and start which is included in MacOS but not always installed.
    • If you run Windows, you need to find a third-party X server software (e.g Xming), as this is not normally included in Windows. Ask your local system administrator.
  2. Enable X11 forwarding in your SSH client. This allows windows from the NSC system to be displayed on your local computer. If you use OpenSSH this is done using the -X option to ssh, e.g ssh -X

Note: For better performance when running graphical applications, we recommend using ThinLinc (See below) - a remote desktop/visualization software.

Running graphical applications using ThinLinc

Note: Thinlinc is only available on Tetralith, Sigma, Bi, Freja and Berzelius.

ThinLinc is a remote desktop solution from Cendio Systems. See the Cendio website for a complete description.

By running the X server on a server in the cluster (i.e closer to your application) and using an efficient method for delivering the image to your local computer (VNC-based), most graphical applications will run significantly better than when using X-forwarding tunneled through SSH.

ThinLinc can also make use of a graphics card in the ThinLinc server to provide hardware acceleration to OpenGL applications (e.g VMD, Maestro, Gaussview).

Why would you want to use ThinLinc?

Here are some use cases:

  1. Using accelerated OpenGL applications

    Perhaps you want to run a graphical user interface (GUI) that is using OpenGL (e.g VMD) to visualize data that is located at NSC. Rather than moving a large amount of data to your local computer and visualize it there, you can run the GUI directly on an NSC system and display the window on your computer with much better results (higher framerate etc) than using traditional X-windows tunneling through SSH.

  2. Modern GUIs that do not run well using X-forwarding

    Certain graphical user interfaces are implemented with no regard for performance when tunneled through SSH on a connection with high latency, and will be more or less unusable. Since ThinLinc presents a local X server to the application (with almost zero latency) and handles the transportation of the graphics data invisible to the application, it can perform much better for these types of applications.

Installing the ThinLinc client and connecting to Tetralith

The ThinLinc client can be downloaded for free from It is available for Windows, Mac OS X, Linux and Solaris.

To use ThinLinc to connect to Tetralith:

  1. Download the client matching your local computer (i.e Windows, Linux, MacOS X or Solaris) and install it.

  2. Start the client.

  3. Change the "Server" setting to "".

  4. Change the "Name" setting to your Tetralith username (e.g x_abcde).

  5. You do not need to change any other settings.

  6. Enter your cluster Tetralith password in the "Password" box.

  7. Press the "Connect" button.

  8. If you connect for the first time, you will see the "The server's host key is not cached ..." dialog. Verify that the fingerprint shown on your screen matches the one listed below! If it does not match, press Abort and then contact NSC Support!

After a few seconds, a window with a simple desktop session in it will appear. From the Applications menu, start a Terminal Window. You are now logged in to Tetralith and can submit jobs, start interactive sessions, start graphical interfaces as usual.

Please note that all Tetralith applications are available on the ThinLinc server, not just the ones listed in the Application menu.

To log out end end your session, click the green "running man" icon to the right of the Applications menu and select Logout.

The default session is a fullscreen session (will cover your entire screen). If this is not what you want, you can change it in the ThinLinc client settings. Click Options, select the Screen tab and deselect Full Screen Mode. You will then get a window with your Tetralith desktop inside it, which you can resize to whatever size you want.

In most cases you also want to disable the session option "send system keys". This option is on by default, and it means that "system keys" (e.g Alt-Tab, Cmd-Tab etc) are sent to the ThinLinc server and not to your local computer while the ThinLinc session is running.

Tetralith SSH server host key fingerprint: SHA256:jpV1uznj81W+4sVOEe5l6rJocIRrUVKc8+hKECIKcVY for key type ED25519

Connecting ThinLinc client to Sigma

Instructions are similar to Tetralith except you need to change the server setting to "" and use your Sigma account to login.

Sigma SSH server host key fingerprint: SHA256:QPHiQqJNsgfhZ7LtZWZ5bhtRRs1weuOzyPqp2PvIhAE for key type ED25519

Connecting ThinLinc client to Bi

Instructions are similar to Tetralith except you need to change the server setting to "" and use your Bi account to login.

Bi SSH server host key fingerprint: SHA256:YEO5H+kiL3yyYIKVNgCkOGWaBhWGSSHXHaDBSRllmAg for key type ED25519

Connecting ThinLinc client to Freja

Instructions are similar to Tetralith except you need to change the server setting to "" and use your Freja account to login.

Freja SSH server host key fingerprint: SHA256:8IN724PEgZPjMN6VYGl5xbyRw1GewUSkwWzE5QW4RdM for key type ED25519

Connecting ThinLinc client to Berzelius

Instructions are similar to Tetralith except you need to change the server setting to "" and use your Berzelius account to login.

Berzelius SSH server host key fingerprint: SHA256:iZLFlrmwW7YbMXsR7TQxlrDfHUbQnFg5tSfB4GNCtGQ for key type ED25519

Using SSH public key authentication instead of password

If you use SSH public key authentication to login to Tetralith you need to do this to use this method also for ThinLinc:

  1. Start the ThinLinc client

  2. Click "Options"

  3. In the "Security" tab, Change "Password" to "Public key"

  4. Press OK

  5. The "Password" box has now changed to "Key". Click the browse button to the right of the Key field and select your SSH private key file (or enter the path to your key directly)

  6. Press the "Connect" button.

  7. Enter the passphrase for your SSH private key (if you don't have one, you really should…)

Note: you will need to enter your SSH key passphrase each time you log in. This is due to the ThinLinc client not being integrated with the Linux ssh-agent.

Note for Windows users: the Thinlinc client expects your private key to be in the openssh format. E.g PuTTY may generate the key in another format. To convert the key to the openssh format, the PuTTY key generator can be used (export it in openssh format from the "conversions" menu).

Using ssh-agent with ThinLinc (unsupported)

If you want to use SSH keys loaded into ssh-agent to connect to ThinLinc, you can do that by modifying your ThinLinc client.

The method described below is unsupported by Cendio and NSC. Use it at your own risk. However, it's unlikely that anything can go wrong that you cannot fix by reinstalling the ThinLinc client.

This has been tested on Ubuntu Linux and MacOS Catalina and Big Sur running the ThinLinc client version 4.12, but it will probably work with other Linux distributions and ThinLinc client versions. Note: you will have to re-apply this fix every time you upgrade the ThinLinc client.

If you use this fix, the ThinLinc client will use any keys from your ssh-agent to log in regardless of whether you have specified password or public key login in the client settings. Recommendation: set client to use password and don't enter anything into the password box.

To apply the fix, download this script and run it as root on your laptop or desktop computer (e.g sudo bash

Running accelerated OpenGL applications

In order to make use of hardware-accelerated OpenGL, the application needs to be launched in a certain way.

Some applications have already been modified to do this automatically. The applications listed below will automatically be accelerated when run from ThinLinc, so you just need to start them manually.

  • GaussView (e.g "module add gaussview/5.0.9; gv")

  • VMD (e.g "module add vmd/1.9.1; vmd")

  • Maestro (e.g "module add schrodinger/2012u1-nsc; maestro")

  • VESTA (e.g "module add vesta/3.1.3; vesta")

All other OpenGL applications needs to be launched using "vglrun", e.g "vglrun SOME_OPENGL_APPLICATION".

Please note that in order to use accelerated OpenGL with ThinLinc we had to make changes that sometimes prevents using OpenGL applications over normal X-forwarding (using SSH).

If you login using SSH and cannot launch a graphical application, try using ThinLinc instead. You can also try LD_PRELOAD=/usr/lib64/ <application>, this will enable software emulated OpenGL which will allow the application to run but with reduced graphical performance.

Running demanding accelerated OpenGL applications (Tetralith only)

On Tetralith you can allocate a GPU node and run the OpenGL application there1. This is suitable if the graphics are very demanding or if the application makes heavy use of CPU (all CPU cores on the compute node are available for the interactive job).

Allocate a GPU node using the interactive.vgl command. It works very much like the normal interactive (you can use e.g the '-t' option to choose a time limit).

A few GPU nodes (as of 2020-11-17, 8 nodes, but this can change) are reserved for test and development. Jobs using these nodes can not be longer than 60 minutes. You can also not use more than two such nodes at any one time. To use these nodes, add --reservation=now to your interactive.vgl command and make sure to request a timelimit of less than 60 minutes (e.g -t 00:30:00).

Once the node has been allocated, run your application using vglrun as described above.


[kronberg@tetralith2 ~]$ module load MATLAB/R2020a-nsc1
[kronberg@tetralith2 ~]$ interactive.vgl -t 00:10:00
Enabling VirtualGL mode.
Adding --exclusive option. Note: your project will be charged for full nodes!
Adding --constraint=virtualgl to enable VirtualGL.
Adding --gres=gpu to allocate GPU to job.
Allocating one GPU for the interactive shell to allow accelerated graphics. Note: GPU will not be available from e.g srun
Remember to use "vglrun <application>" to enable accelerated graphics for <application>.
salloc: Granted job allocation 10293010
srun: Step created for job 10293010
[kronberg@n1297 ~]$ vglrun matlab -nosoftwareopengl
<GUI starts>

Thinlinc sessions

If you close your ThinLinc client or explicitly disconnect, your session on Tetralith will still be running, and you will automatically be reconnected to that session the next time you login to ThinLinc.

If you will not be using ThinLinc for a few days, we recommend logging out (using the green "running man" logout icon in the ThinLinc desktop).

NSC reserves the right to log out sessions that have been idle for a significant time. Also, if a login node is rebooted, all ThinLinc sessions on that node will be logged out.

If you have no current ThinLinc session, your next one will be on the login node with the lowest load. You can not control which server your next session will use. If you need to access the other login node, login to it using SSH (e.g "ssh tetralith2").

Using web browser

Web browsers are resource intensive and users are discouraged from using it for general internet browsing. The usage of web browser should be work related. Firefox web browser is installed with adblock and autoclose plugin to conserve resources. The adblock is self-explanatory while the autoclose plugin will close the browser if it has been idle for 1 hour.

Common problems

  • If you have problems with the Thinlinc desktop, maybe it looks strange or disconnects immediatly when you login - you should first make sure you get a fresh session: on the Thinlinc Client login window, select the "End existing session" option (you might have to click the Advanced button to see this option).

  • Thinlinc is unfortunately sensitive to Python versions. If you load a Python module automatically on login (e.g from .bashrc) and Thinlinc is not working correctly, try commenting out those lines from .bashrc. If that helps, load Python when you need it instead of always doing it on login. If that does not help, contact NSC Support as you would normally do.

  • Thinlinc can also be sensitive to other changes you have made to your shell initialization files (.bashrc, .bash_profile, etc.). If you have done any changes recently and have problems with Thinlinc, revert those changes. If you need a fresh copy of these files, look in /etc/skel on the login node.

  • As of 2021-01-08, the latest version of the Thinlinc client (4.12) does not work on MacOS Big Sur (the latest version). This is a known a known bug and Cendio has a fix: install the latest nightly build from their download page.

  1. the software used to achieve this is VirtualGL

User Area

User support

Guides, documentation and FAQ.

Getting access

Applying for projects and login accounts.

System status

Everything OK!

No reported problems


NSC Express