PC remote maintenance tutorial
How you can add the ability to log back in and maintain a Linux system remotely
If you’ve set up a PC using a Linux distro for a non-expert user or family member to use, you’ve made the first step in providing them with a secure and well-featured computing platform. However, if the user in question needs a bit of hand-holding, it’s only a matter of time before you will need to carry out some maintenance that can’t be explained over the phone.
This project involves installing SSH for command-line access and for secure tunnelling, VNC for remote desktop access, and Webmin for overall system configuration. Note that once you have SSH terminal access up and running, you can carry out the rest of the tutorial remotely over the LAN. In fact, if you then skip ahead to the port forwarding section, you can do the other stages of the tutorial over the internet.
Initially, this tutorial will assume that you have both the client computer (your computer) and the remote computer (their computer) attached to your LAN. Ultimately, we will set up the router in the owner’s home and a dynamic DNS server so that we can find the remote machine on the internet.
Step 01 Set up the network
This tutorial presumes that you have the remote computer and the client computer on your LAN. Make a note of the login username and password of the remote computer and its IP address (type ifconfig to find it).
Step 02 Install SSH
To enable remote terminal logins, install the SSH server by typing sudo apt-get install openssh-server(oryum -y install openssh- server on Red Hat). Open /etc/ssh/sshd_config in a text editor (as root) to begin configuring SSH.
Step 03 Configure SSH server
Alter the line PubkeyAuthentication so that it reads PubkeyAuthentication yes. Make sure that PasswordAuthentication is set to no. This is because we want to use encrypted keys rather than usernames and passwords to remotely log into the machine. Save the file and type sudo service ssh restart to restart the server.
Step 04 Generate keys
We need to generate both a public and private key so that we can log into SSH without using a password and a username. Type ssh- keygen -t dsa to begin. You can hit Enter to accept the defaults when prompted, but type in a password when asked.
Step 05 Copy key
Copy the pubic key over to the machine that will be used for remote maintenance. You carry this out by typing ssh-copy-id [remote login name]@[IP address of remote computer] on the client computer.
Step 06 Test SSH
SSH into the remote box from the client bytypingssh [remote username]@[remote IP address]. This should give you command line on the other machine without prompting you for a password. Try out a few commands to test it, and type Ctrl+D to end the session
Step 07 File copying (SSH)
You can place files on the remote computer or fetch files from it with the scp command. scp [remote user]@[remote IP]:[local file] [destination directory] to fetch the file(s) onto the remote machine and scp [local file] [remote user]@[remote IP]:[destination directory].
Step 08 Web proxy (SSH)
Let’s say that the user complains that they can’t access a specific website or the web in general. We can test the connection by using SSH tunnelling. Type ssh -D 8888 [username]@[IP address] to begin. This will establish a local proxy server that is actually accessing the web via the remote machine. You can then configure Firefox to access the web through this proxy by specifying Socks 5 proxy on localhost. If you can SSH to the other machine and access the problem site, it must be a software problem on the other machine, rather than a networking problem.
Step 09 Run X application (SSH)
You can use tunnelling to remotely run X applications. Just the thing to, for example, edit the configuration in a GUI application without using full desktop sharing. Type ssh -X [username]@[remote IP] to open the connection. You then start the application in the normal way from the command line. Type firefox & to start Firefox on the remote machine and interact with it on your local desktop. You can reduce things to a single command by typing ssh -f -T -X [username]@ [ip address] [name of application].
Step 10 Set up the VNC server
We’re going to install VNC for remote desktop access. In this case, we’re going to ignore the VNC server’s own security features and simply tunnel it over SSH instead. Begin by installing the VNC server on the remote machine by typing sudo apt-get install x11vnc (or yum install vnc-server on Red Hat).
Step 11 Set up VNC tunnelling and start server
Set up an SSH tunnel for VNC by typing ssh -L 5900:localhost:5900 [remote user]@ [remote IP]. As well as setting up the tunnel, this launches a terminal connection. In the terminal, type x11vnc -safer -localhost -nopw -once -display :0.
Step 12 Connect to VNC
There are a few VNC clients, but this example presumes that you have installed Vinagre. Use it to connect to the VNC server at localhost. Remember, we connect to localhost because we set up the SSH tunnel for all traffic to the remote computer on port 5900 in the previous step. You should now have remote desktop access to the remote computer. If there are any problems with the connection, examine the text output in the terminal for errors.
Step 13 Install Webmin
Proceed to the downloads section of the Webmin website (www.webmin.com) and download the package for your Linux architecture. In the case of Debian, install the .deb file by typing sudo dpkg -i [name of .deb you downloaded]. Follow this up by typing sudo apt-get -f install to satisfy the dependencies. In the case of Red Hat, type yum install [name of RPM].
Step 14 Test Webmin
Webmin runs in SSL mode by default, so access it by browsing to https://[IP address of remote computer]:10000. Accept the browser certificate that it offers. Use either the root username and password or regular username and password that can run sudo, in the case of Ubuntu. In the future, tunnel to Webmin for maximum security without having to open up an extra port on the router. We use the same technique as with VNC. Type ssh -L 10000:localhost:10000 [username]@[IP address] in order to set it up and then browse to https://localhost:10000.
Step 15 Set up the remote network
It’s time to return the computer that we have set up for remote maintenance to its home base. Once the computer is reconnected to the network, check that it can access the internet as usual.
How you set up a static IP address varies from distribution to distribution. On an Ubuntu machine, click on the Network icon in the Control Panel and select Edit… and then select the IPv4 Settings tab. Select Manual from the Method: drop-down list. Now add an IP address that is part of the current subnet. For example, if typing ifconfig reveals that the current IP address is 192.168.0.5, choose something higher such as 192.168.0.100. You may have to manually add DNS server addresses for your ISP. Google for them. Accept the changes and reset the machine.
Step 17 Port forwarding
Set up port forwarding by making use of the documentation for your router (or Portforward). You need to forward port 22 to the static IP address that we set up.
Step 18 Locate remote IP address on the internet
You can ask the person who runs the remote system to simply visit whatismyip.com and email their current IP address to you, but setting up dynamic DNS is a more robust solution. Go to the No-IP website (www.noip.com) and set up a free account. Now install the ddclient package.
Step 19 Set up ddclient
Add/alter the following lines in /etc/ddclient.conf:
protocol=dyndns2 use=web, web=checkip.dyndns.com/, web-skip='IP Address' server=dynupdate.no-ip.com login=user name password='password' [hostname].no-ip.biz run_daemon=true
Now restart it by typing sudo service ddclient restart.