OpenVistA EHR


Jump to: navigation, search


OpenVistA EHR

These instructions are adapted from the Ultimate Server with OpenVistA EHR and are oriented towards that framework. However, the instructions should be applicable (without installing the entire server platform) on all versions of Ubuntu/Kubuntu. Settings listed in italics are meant to be customized for your system. Always use secure unique IDs and passwords.

  • OpenVistA can also be installed using the Medsphere repositories. (Use karmic, jaunty, or maverick repositories instead of lucid if using one of those versions.)
wget -q -O - | sudo apt-key add -
echo "deb lucid main" | sudo tee /etc/apt/sources.list.d/openvistaehr.list
sudo apt-get update
sudo apt-get install openvista-utils

Install pre-requisites

  • Although the OpenVistA server can be installed and run on an Ubuntu server without a GUI desktop, I don't recommend it. It is a GUI-based system and it is difficult to troubleshoot it if no GUI desktop is installed. Therefore, make sure you have a ubuntu-desktop (or kubuntu-desktop) installed on your Ubuntu server.
  • Apache2 is required. It can be installed individually (sudo apt-get install apache2) or as part of a LAMP (Linux, Apache2, MySQL, PHP) installation:
sudo apt-get install tasksel
sudo tasksel install lamp-server
sudo apt-get install tasksel
sudo tasksel install openssh-server
  • VistA is made for a 32-bit operating system. If you are using a 64-bit Ubuntu operating system, then also install ia32-libs:
sudo apt-get ia32-libs

Set networking parameters

sudo gedit /etc/network/interfaces
and edit the lines to resemble:
# iface eth0 inet dhcp
iface eth0 inet static
and restart networking:
sudo /etc/init.d/networking restart

Adjust SSH for remote connections

  • If the OpenSSH server was not installed on your server at initial installation, it can be installed now.
sudo tasksel install openssh-server
  • The default SSH port is 22, but this may conflict with other SSH servers on your network. Change the SSH port to a custom port. Also disallow password-based logins, for now, to prevent unauthorized logins. See this tutorial.
sudo gedit /etc/ssh/sshd_config
change the listening port:
Port 22199
and disallow Password-based authentication by changing the line::
#PasswordAuthentication yes
PasswordAuthentication no
  • Make sure the OpenSSH server knows that it must look for the authorized_keys file. Uncomment the line:
#AuthorizedKeysFile %h/.ssh/authorized_keys

so that it resembles:

AuthorizedKeysFile %h/.ssh/authorized_keys
then restart the OpenSSH server:
sudo /etc/init.d/ssh restart
  • Make sure the router forwards the selected listening port (e.g. 22199) to the IP address (e.g. of the server.
  • Install X11VNC:
sudo apt-get install x11vnc
Add an X11VNC Server menu item with the command:
x11vnc --forever
-> Place in system tray (ticked)
  • Create an SSH keypair for automated login:
  • Generate a key pair (by default, a 2048-bit RSA key pair is created):
  • Accept the default location for the key file ( /home/user/.ssh/id_rsa ).
  • Leave the passphrase empty
  • Make sure the directory /home/serveruser/.ssh exists; if not, create one using:
mkdir ~/.ssh
(In this instance, user = serveruser = lucidadmin00, so the folder /home/lucidadmin00/.ssh ought to already exist).

Make sure that a file named authorized_keys (with write privileges) is in that folder. If not, create such a file (using the touch command to create an empty file) while logged into the server as serveruser (i.e. lucidadmin00):

cd ~/.ssh
touch authorized_keys
Concatenate the newly-generated key to the authorized_keys file:
cd ~/.ssh
cat authorized_keys >> authorized_keys
  • Create a test connection:
  • Start the X11VNC Server (as above)
  • Connect VNC through the SSH tunnel with the commands:
ssh -l lucidadmin00 -L 5900: -p 22199
vinagre vnc://

or with a single-line command (which can be placed in a Menu item / shortcut):

ssh -f -l lucidadmin00 -L 5900: -p 22199 sleep 5; vinagre vnc://

Note: vinagre -- fullscreen vnc:// will start the VNC connection in fullscreen mode (but should only be used when connecting from other computers).

Install an EHR (Electronic Health Record) system

  • Although these instructions are for OpenVistA EHR, other VistA EHR derivatives can be installed in a somewhat similar fashion.
  • The OpenSSH server was set to listen on port 22199. Make sure the router forwards port 22199 to this computer's LAN IP address. The OpenSSH server will be reached by tunneling to using port 22199.

Install OpenVistA server

sudo apt-get install xinetd update-inetd whois apache2-suexec
  • Note: The Astronaut installer checks for an open port 9260 and it will not proceed if it is closed. Re-enable the firewall (i.e. ok to close port 9260 again) after installation is complete.
  • A package can be installed directly from the Astronaut VistA repositories (replace lucid with karmic if using Karmic Koala 9.10) by adding the repository:
sudo echo "deb lucid main" >> /etc/apt/sources.list.d/lucid-partner.list
sudo apt-get update
then installing the Astronaut version of the OpenVistA server:
sudo apt-get install astronaut-ov-server-beta
Note: During the VistA server installation, you may wish to save (as a text file) the installation notes that are displayed for future reference.
  • Change the passwords for the server login IDs.
sudo passwd text9260
[sudo] password for jauntyadmin00: jauntyword00
Enter new UNIX password: vista!456
Retype new UNIX password: vista!456
sudo passwd client9260
[sudo] password for jauntyadmin00: jauntyword00
Enter new UNIX password: vista!456
Retype new UNIX password: vista!456
sudo passwd openvistaEHR
[sudo] password for jauntyadmin00: jauntyword00
Enter new UNIX password: vista!456
Retype new UNIX password: vista!456
  • Create a Menu Item / Shortcut for text 9260:
su text9260
Name this Menu Item: VistA Server Admin (text9260). Make sure to set Advanced -> Run in terminal (ticked).
The password set in the previous step (for text9260) will be required upon logging in.
  • Create a Menu Item / shortcut for VistA Commander:
Name this Menu Item: VistA Commander Server Admin. Make sure to set Advanced -> Run in terminal (ticked).

Install OpenVistA-CIS Linux client

sudo apt-get install mono-runtime libmono-corlib2.0-cil libgtk2.0-cil libglade2.0-cil libmono-cairo2.0-cil libmono-winforms2.0-cil libmono-system-runtime2.0-cil
  • Create directories then download and unzip the OpenVistA-CIS binaries into them:
sudo mkdir /etc/openvistacisclient
cd /etc/openvistacisclient
sudo wget
sudo unzip


sudo mkdir /etc/openvistacisvitals
cd /etc/openvistacisvitals
sudo wget
sudo unzip
  • Create Menu shortcuts:
Menu Editor -> New item
-> General -> Name: OpenVistA-CIS Client (localhost connection)
-> Command: mono OpenVistaCIS.exe --server= --port=9260
-> Advanced -> Work path: /etc/openvistacisclient


Menu Editor -> New item
-> General -> Name: OpenVistA-CIS Vitals (localhost connection)
-> Command: mono OpenVistaVitals.exe --server= --port=9260
-> Advanced -> Work path: /etc/openvistacisvitals

Note: When running from a menu item shortcut, make sure you set the directory as the workpath. I place the menu items in a separate submenu named EHR. Although the OpenVistA-CIS client uses port 9201 by default, the Astronaut OpenVistA server uses port 9260 by default.

Note: If you wish to connect directly through the network (without using an SSH tunnel), merely replace --server= with and make sure the LAN's router forwards port 9260 to the LAN IP address of the server (and make sure that all firewalls allow port 9260 to be open).

  • Use your Access Code / Verify Code as the LoginID / Password ( default at installation for Astronaut systems is sys.admin / vista!123 ). This should be changed at the initial connection, e.g. to vista!456.

Connecting through an SSH tunnel

This method is necessary to connect remote clients to the server through a secure, encrypted tunnel. It is worthwhile to test this connection method by setting it up on the server, as well. Make sure your router is forwarding (to your server) the SSH port you selected (in these examples port 22199).

  • In order to maintain the Astronaut structure, copy the (previously created) SSH authorized_keys file to the .ssh folders for client9260 and text9260 (where serveruser = jauntyadmin00 on this server):
sudo mkdir /home/client9260
sudo mkdir /home/client9260/.ssh
sudo cp /home/serveruser/.ssh/authorized_keys /home/client9260/.ssh/
sudo chown -R client9260 /home/client9260


sudo mkdir /home/text9260
sudo mkdir /home/text9260/.ssh
sudo cp /home/serveruser/.ssh/authorized_keys /home/text9260/.ssh/
sudo chown -R text9260 /home/text9260
  • Restart the OpenSSH server:
sudo /etc/init.d/ssh restart
ssh -l client9260 -L 9201: -p 22199
  • Create Menu shortcuts for use when connecting through the SSH tunnel:
Menu Editor -> New item
-> General -> Name: OpenVistA-CIS Client
-> Command: mono OpenVistaCIS.exe --server= --port=9201
-> Advanced -> Work path: /etc/openvistacisclient


Menu Editor -> New item
-> General -> Name: OpenVistA-CIS Vitals
-> Command: mono OpenVistaVitals.exe --server= --port=9201
-> Advanced -> Work path: /etc/openvistacisvitals
  • Create a Menu Item / Shortcut with the command:
ssh -f -l client9260 -L 9201: -p 22199 sleep 5; mono OpenVistaCIS.exe --server= --port=9201
but with Advanced -> Work path: /etc/openvistacisclient configured in the Menu Item / Shortcut settings. It is not necessary to have the Advanced -> Run in terminal box ticked.
  • It is also possible to use the command:
ssh -f -l client9260 -L 9201: -p 22199 sleep 5; mono /etc/openvistacisclient/OpenVistaCIS.exe --server= --port=9201
  • Create Menu shortcuts for the Text9260 Server Admin client (a text-based SSH tunnel). This will be the method used to logon (in text mode) directly to the OpenVistA Server for administrative functions:
Menu Editor -> New item
-> General -> Name: OpenVistA Server (localhost)
-> Command: ssh -l text9260 -L 9201: -p 22199
-> Advanced -> Run in terminal: (ticked)


Menu Editor -> New item
-> General -> Name: OpenVistA Server (network)
-> Command: ssh -l text9260 -L 9201: -p 22199
-> Advanced -> Run in terminal: (ticked)

When logging on, the ACCESS CODE / VERIFY CODE are the same as at the initial logon (sys.admin and vista!123 (or vista!456 if changed as in the above section)). The exit key for the OpenVistA server functions is ^ .

For more info about the OpenVistA Server functions, see here.

Note: While the text9260 SSH tunnel is open, it is also possible to simultaneously run the OpenVistA-CIS Client (using the menu shortcut created above which contains the command: mono OpenVistaCIS.exe --server= --port=9201).

  • To access the OpenVistA Server from a Windows machine, use the Astronaut Clients (and the Windows OpenVistA-CIS clients). See here and here.

Adjust Login Manager IDs

  • The two IDs text9260 and client9260 are meant to act as interfaces to the GT.M (MUMPS) database and not as login IDs for the GUI desktop. In fact, a user that logs into them can alter their settings accidentally. It is therefore better to exclude these two IDs from the Login Manager. It is also not necessary to have the openvistaEHR login ID enabled (although there is no harm in logging into this account).
Menu -> System -> System Settings -> Advanced -> Login Manager -> Users -> Excluded users -> client9260 (ticked) -> text9260 (ticked) -> openvistaEHR (ticked)
The accounts will remain active but will not show up on the Login screen.

VistA Server functions

The VistA server functions are generally configured from a text interface. The VistA server is very flexible and powerful, and therefore can seem complex to customize and daunting for new users.

Accessing the interface is possible in several ways:

  • While logged on the server (using any login ID) by starting VistA Commander from a command-line interface Terminal:
  • Logging in directly to the server using the provided Linux login (openvistaEHR or worldvistaEHR) and opening a (Konsole) Terminal. This loads the VistA Commander interface automatically. (On Astronaut systems, the default initial password is vista!123.)
  • Using the Text Client, VistA Config, or VistA Server Admin (text9260) (with or without SSH) if installed on your system as part of a client package.
  • Using the built-in VistA Server Text Client menu items/shortcuts in the Ubuntu-Med system.

Then see

Adding new SSH users

  • On the server, create a second user account (that guest users can use for SSH purposes) with a password dissimilar to any other passwords (such as mylucidguestpassword):
sudo useradd -m mylucid00guest
sudo passwd mylucid00guest
sudo mkdir /home/mylucid00guest/.ssh
sudo chmod 777 /home/mylucid00guest/.ssh
  • Allow OpenSSH Password Authentication temporarily. Edit the OpenSSH configuration file:
sudo gedit /etc/ssh/sshd_config
and temporarily allow Password-based Authentication by changing the line:
PasswordAuthentication no
PasswordAuthentication yes
then restart the OpenSSH server:
sudo /etc/init.d/ssh restart

From the new Linux user's client computer:

scp -P 22199 ~/.ssh/
When prompted, of course, the guest password, mylucidguestpassword, should be entered.
  • Back on the server (logged in as the administrator lucidadmin00), turn off the OpenSSH Password Authentication again:
sudo gedit /etc/ssh/sshd_config

Change the line:

PasswordAuthentication yes
PasswordAuthentication no
then restart the OpenSSH server:
sudo /etc/init.d/ssh restart

It is then usually best (for security reasons) to now change the guest password to something completely different:

sudo passwd mylucid00guest
  • Copy the new key to the mylucid00admin folder and concatenate it to the authorized_keys file there:
sudo cp /home/mylucid00guest/.ssh/ /home/lucidadmin00/.ssh/
sudo chown -R lucidadmin00 /home/lucidadmin00
cd ~/.ssh
cat authorized_keys >> authorized_keys

Note: this new /home/lucidadmin00/.ssh/authorized_keys file should also be copied to /home/client9260/.ssh/authorized_keys and /home/text9260/.ssh/authorized_keys as detailed in the subsequent OpenVistA EHR section.

  • If Windows-based PuTTY SSH users are to be added to the system, then see this tutorial. The SSH keys must be tweaked to be used with OpenSSH, copied to the server, and then concatenated to the authorized_keys file in a similar fashion.

Other resources

  • Ubuntu-Med FAQ -- a robust server package that includes a pre-configured installation of OpenVistA
  • Astronaut VistA -- maintains the Astronaut installation packages for VistA
  • Medsphere -- the corporate sponsor of OpenVistA
  • Vistapedia -- a wiki for several publicly available versions of VistA
  • VistA -- the Wikipedia article on VistA
  • Ubuntu Doctors Guild's original installation instructions for OpenVistA
  • Kubuntuguide
  • Ubuntuguide
  • Vincent Mazzarella, MD is a surgeon in Northern California, USA. He is a creator of Ubuntu-Med and an editor of Ubuntu Doctors Guild, Ubuntuguide, and Kubuntuguide.
Personal tools