Official website for Linux User & Developer
FOLLOW US ON:
Feb
15

PC remote maintenance tutorial

by Michael Reed

How you can add the ability to log back in and maintain a Linux system remotely

If you’ve set up a PC using a Linux distro for a non-expert user or family member to use, you’ve made the first step in providing them with a secure and well-featured computing platform. However, if the user in question needs a bit of hand-holding, it’s only a matter of time before you will need to carry out some maintenance that can’t be explained over the phone.

This project involves installing SSH for command-line access and for secure tunnelling, VNC for remote desktop access, and Webmin for overall system configuration. Note that once you have SSH terminal access up and running, you can carry out the rest of the tutorial remotely over the LAN. In fact, if you then skip ahead to the port forwarding section, you can do the other stages of the tutorial over the internet.

Initially, this tutorial will assume that you have both the client computer (your computer) and the remote computer (their computer) attached to your LAN. Ultimately, we will set up the router in the owner’s home and a dynamic DNS server so that we can find the remote machine on the internet.

Use VNC over SSH to gain remote desktop access
Use VNC over SSH to gain remote desktop access

Step-by-step

Step 01 Set up the network

This tutorial presumes that you have the remote computer and the client computer on your LAN. Make a note of the login username and password of the remote computer and its IP address (type ifconfig to find it).

Step 02 Install SSH

To enable remote terminal logins, install the SSH server by typing sudo apt-get install openssh-server(oryum -y install openssh- server on Red Hat). Open /etc/ssh/sshd_config in a text editor (as root) to begin configuring SSH.

Step 03 Configure SSH server

Alter the line PubkeyAuthentication so that it reads PubkeyAuthentication yes. Make sure that PasswordAuthentication is set to no. This is because we want to use encrypted keys rather than usernames and passwords to remotely log into the machine. Save the file and type sudo service ssh restart to restart the server.

Step 04 Generate keys

We need to generate both a public and private key so that we can log into SSH without using a password and a username. Type ssh- keygen -t dsa to begin. You can hit Enter to accept the defaults when prompted, but type in a password when asked.

Step 05 Copy key

Copy the pubic key over to the machine that will be used for remote maintenance. You carry this out by typing ssh-copy-id [remote login name]@[IP address of remote computer] on the client computer.

Step 06 Test SSH

SSH into the remote box from the client bytypingssh [remote username]@[remote IP address]. This should give you command line on the other machine without prompting you for a password. Try out a few commands to test it, and type Ctrl+D to end the session

Step 07 File copying (SSH)

You can place files on the remote computer or fetch files from it with the scp command. scp [remote user]@[remote IP]:[local file] [destination directory] to fetch the file(s) onto the remote machine and scp [local file] [remote user]@[remote IP]:[destination directory].

Step 08 Web proxy (SSH)

Let’s say that the user complains that they can’t access a specific website or the web in general. We can test the connection by using SSH tunnelling. Type ssh -D 8888 [username]@[IP address] to begin. This will establish a local proxy server that is actually accessing the web via the remote machine. You can then configure Firefox to access the web through this proxy by specifying Socks 5 proxy on localhost. If you can SSH to the other machine and access the problem site, it must be a software problem on the other machine, rather than a networking problem.

Step 09 Run X application (SSH)

You can use tunnelling to remotely run X applications. Just the thing to, for example, edit the configuration in a GUI application without using full desktop sharing. Type ssh -X [username]@[remote IP] to open the connection. You then start the application in the normal way from the command line. Type firefox & to start Firefox on the remote machine and interact with it on your local desktop. You can reduce things to a single command by typing ssh -f -T -X [username]@ [ip address] [name of application].

Step 10 Set up the VNC server

We’re going to install VNC for remote desktop access. In this case, we’re going to ignore the VNC server’s own security features and simply tunnel it over SSH instead. Begin by installing the VNC server on the remote machine by typing sudo apt-get install x11vnc (or yum install vnc-server on Red Hat).

Step 11 Set up VNC tunnelling and start server

Set up an SSH tunnel for VNC by typing ssh -L 5900:localhost:5900 [remote user]@ [remote IP]. As well as setting up the tunnel, this launches a terminal connection. In the terminal, type x11vnc -safer -localhost -nopw -once -display :0.

Step 12 Connect to VNC

There are a few VNC clients, but this example presumes that you have installed Vinagre. Use it to connect to the VNC server at localhost. Remember, we connect to localhost because we set up the SSH tunnel for all traffic to the remote computer on port 5900 in the previous step. You should now have remote desktop access to the remote computer. If there are any problems with the connection, examine the text output in the terminal for errors.

Step 13 Install Webmin

Proceed to the downloads section of the Webmin website (www.webmin.com) and download the package for your Linux architecture. In the case of Debian, install the .deb file by typing sudo dpkg -i [name of .deb you downloaded]. Follow this up by typing sudo apt-get -f install to satisfy the dependencies. In the case of Red Hat, type yum install [name of RPM].

Step 14 Test Webmin

Webmin runs in SSL mode by default, so access it by browsing to https://[IP address of remote computer]:10000. Accept the browser certificate that it offers. Use either the root username and password or regular username and password that can run sudo, in the case of Ubuntu. In the future, tunnel to Webmin for maximum security without having to open up an extra port on the router. We use the same technique as with VNC. Type ssh -L 10000:localhost:10000 [username]@[IP address] in order to set it up and then browse to https://localhost:10000.

Step 15 Set up the remote network

It’s time to return the computer that we have set up for remote maintenance to its home base. Once the computer is reconnected to the network, check that it can access the internet as usual.

Step 16

How you set up a static IP address varies from distribution to distribution. On an Ubuntu machine, click on the Network icon in the Control Panel and select Edit… and then select the IPv4 Settings tab. Select Manual from the Method: drop-down list. Now add an IP address that is part of the current subnet. For example, if typing ifconfig reveals that the current IP address is 192.168.0.5, choose something higher such as 192.168.0.100. You may have to manually add DNS server addresses for your ISP. Google for them. Accept the changes and reset the machine.

Step 17 Port forwarding

Set up port forwarding by making use of the documentation for your router (or Portforward). You need to forward port 22 to the static IP address that we set up.

Step 18 Locate remote IP address on the internet

You can ask the person who runs the remote system to simply visit whatismyip.com and email their current IP address to you, but setting up dynamic DNS is a more robust solution. Go to the No-IP website (www.noip.com) and set up a free account. Now install the ddclient package.

Step 19 Set up ddclient

Add/alter the following lines in /etc/ddclient.conf:

protocol=dyndns2
use=web, web=checkip.dyndns.com/, web-skip='IP Address' server=dynupdate.no-ip.com
login=user name
password='password'
[hostname].no-ip.biz
run_daemon=true

Now restart it by typing sudo service ddclient restart.

Tags: , ,
  • Tell a Friend
  • Follow our Twitter to find out about all the latest Linux news, reviews, previews, interviews, features and a whole more.
    • UbuntuRemoteSucks

      I really hate remote connection tutorials that are entirely based on this kind of LAN configuration, just like the one above… Most family members or people I have HELPED install Ubuntu Linux for are -not- NOT NOT NOT on my own LAN. If they were on my LAN, hey look I instead could walk into the bedroom or office den and then just update their computer much more quickly in-person.

      OMG I really am disappointed that everytime I look for a adequate way of remote supporting another users Ubuntu Linux system for the last four or five years dealing with Linux support, it is always assumed that they are the same LAN network. SSH/ VNC/. All of the ways I am instructed to configure a remote connection are entirely LAN based. Look my fellow geekdom, nobody, and I mean NOBODY I have ever supported (except for huge mega-mega office LAN networks using RPC windows connections) have I had to do remote LAN support with SSH or VNC on Ubuntu Linux OS. Ever! Period. Stop telling me how to do the same thing for the last 4-5 years that doesn’t help me with remote support on Ubuntu Linux OS!!!!

      Please for the love of god, assume that most of the people that are Ubuntu users which we are attempting to support remotely are NOT on the same LAN connection. If I need to use remote, and take the time to configure a remote SSH or VNC server or whatever, it is going to be needed ONLY on a computer that is not within 10 minutes walking distance to where I sleep/eat/live. It is easily to just knock on a door within 30 seconds and do it in-person. That is usually where you find a LAN network. When I think REMOTE.. I think miles away. Kilometers away from my own bedroom, office, etc. Thank you for another wonderful LAN tutorial for SSH that is completely useless for the rest of us that desperately need a free alternative to something like Teamviewer that works (sometimes, but not always).. Why doesn’t in the myriah of things on Ubuntu One, isn’t there a built-in remote support function like teamviewer by now? Please fix this problem with Ubuntu OS. Thank you.

    • DutchWolfie

      If you are in need for a good remote tool, then you realy should look into x2go,

      http://wiki.x2go.org/doku.php

    • http://www.hippocampus.sk Hippocampus Martin
    • Pingback: Links 21/2/2014: Instructionals | Techrights

    • mzs_47

      There is winswitch ..which has support for multiple protocols.
      And a skype like option in Jitsi which helps you to share your desktop.

      https://kgibran.wordpress.com/2013/08/16/remote-dektop-software-andor-alternatives-to-vncrdp/

    • http://www.unmusic.co.uk/ Michael Reed

      Steps 15 onwards explain how to access the box from the internet. As stated in the introduction, you can move the boxes apart once you have SSH set up.

    • http://www.ducktoes.com/ Ducktoes Computer Services

      this was a really nice and complete tutorial, excellent, thank you

    • stoutg

      I am stuck on Step 5. On Step 3 we configured OpenSSH to disallow password authentication. In Step 5 we use ssh-copy-id which according to its man page “password authentication should be enabled”.

      This is fine, I can temporarily enable password authentication to get everything set up. These means that every time I want to add another computers public key to the remote machine I need to turn on password authentication, copy over the key, then turn off password authentication.

      Is there any other way of handling this or is this the anticipated behavior?

    • Aliasgar Babat

      The above steps are quite complex. Instead, I prefer using an easy alternative: RHUB remote support servers. It is easy to use and it supports Linux, Unix, etc.

    • Paul Howard

      Did anybody actually get this working? I really struggled with this tutorial, because it wasn’t immediately obvious which steps were undertaken on the client computer, and which ones on the remote computer.

      I carried out step 2 on the remote
      step 3 on the remote
      but I have no idea which pc to perform steps 4 and 5 on. Being adventurous I’ve tried them on both and had various errors, including, no identities found, connection refused and permission denied (publickey).

      This looked like a perfect solution without resorting to proprietary software (Teamviewer), but I was left frustrated.