Remote Access in PCLinuxOS

Back to Advanced Topics

THIS PAGE BEING MOVED TO http://docs.mypclinuxos.com/Remoteaccess∞

Also check out http://jrandomhacker.info/PCLinuxOS/remote_work∞ for Sy's step-by-step notes.

There are four common ways to get remote access to your Linux system:

• SSHd/SSH (command line secure access)
• VNC (gui insecure access)
• Tunneling applications through SSH.
• Special Programs based off of VNC or SSH.

Make sure to check the troubleshooting section at the end of this page if you are having problems.

SSH on PCLinuxOS

SSH is the secure replacement for telnet. It offers robust commandline remote access, and be considered very secure.

The configuration file is stored at /etc/ssh/sshd_config. In general, you should not edit this file unless you want to change the default listening port (which is 22). Authentication attempts are logged in /var/log/messages.

To start the ssh service on your PCLinuxOS machine, use the command service sshd start and to get the service to start at boot chkconfig --levels 35 sshd on.

To connect to your PCLinuxOS SSH server, you will need to open the port (22) ssh is using on your firewall, and forward the port from your router (if applicable). Also you will need client software running on the PC you want to connect from. Linux and Windows can use the program putty∞ athough Linux distros usually include that SSH program by default.

Once you connect to your PCLinuxOS machine with SSH (self-explanatory with Putty, ssh <IP> -l <user> for the Linux/Unix commandline client, you will have secure and robust commandline remote access to your PC!

SSHd can utilize TCP wrappers for access control independently of iptables. See this manual∞ for details.

VNC on PCLinuxOS

VNC is a way to gain GUI remote access to your PCLinuxOS machine. Before running VNC you need to be aware of the following:

1. VNC encrypts your initial password, other than that, everything is sent in plain text. If its viewable on your screen, anyone on the LAN or Internet can also see this image and everything in it.
2. The VNC server generally assigns ports based upon how many instances youhave running (the first instance is called remote X desktop #1 and is run on port 5901, the second is port #2 and is run on port 5902 and so on).

To start up a VNC server, use the command vncserver. Pay careful attention to the output - it should look like New 'X' desktop is localhost:1 which means the VNC server is running on port 5901.

On the machine you are connecting from, you will need a VNC client. On Linux you can use the Krdc that comes with KDE-Network and on Windows you can use TightVNC∞.

Your router will need to do port forwarding and your firewall will need the appropriate ports open. This can be challenging, or insecure, given the number of ports that need opened. A great solution to both of these problems is to tunnelVNC through SSH.

When done using vnc you can issue the command vncserver -kill :1 where :1 corresponds to port 5901.

Tunneling VNC through SSH

To overcome the problems with VNC (security and too many ports that need forwarded), it can be tunneled through SSH.

To tunnel a VNC server through SSH, you need the following:

• SSHd running and accessible on a port (usually 22)
• VNC running, but not accessible remotely (no port forwarding).
• Both an SSH and VNC client on the remote PC.

To install the VNC server, log into it and type

su
apt-get install tightvnc-server
vncserver

To connect to your machine from a Linux of Unix terminal, issue the command
ssh -L 5901:127.0.0.1:5901 -p 22 <IP of home machine or router>
then use your VNC viewer to connect to 127.0.0.1::5901 or 127.0.0.1:1 - remember to note that port 5901=display 1, 5902=display 2, etc.

To connect to your machine from a Windows terminal follow the instructions here∞ replacing 5900 and 5903 with 5901.

In either case you are telling traffic going to 127.0.0.1 on port 5901 to be re-directed down the SSH tunnel and on the other end to connect to 127.0.0.1 port 5901. The result is that SSH wraps VNC in strong encryption.

This example can be easily extended to various network applications. What if you wanted to get to other Linux machines on your network? Change ssh -L 5901:127.0.0.1:5901 -p 22 <IP of home machine or router> to ssh -L 5901:<IP of other Machine on LAN>:5901 -p 22 <IP of home machine or router> - now your tunnel will let you connect to a second machine running VNC.

Another example would be securing WinXP's remote desktop. Windows does not have an SSH server built in, although you can purchase one from ssh.com. If you were running psylos-frontline∞ as your firewall/router, you could use the following putty configuration from your remote PC - ssh to <IP of PCLoS frontline - port # - enabled SSH tuneling - port 3389 local - <IP of Windows machine>:3389 remote and connect. This example is explained in greater detail here.∞

Special Programs

Here are a brief list of programs that allow remote access to your PC for a specific purpose. Typically, they are based off of SSH, although one uses VNC.

WinSCP∞ - Win32 application - Securely transfer files through an SSH tunnel. The interface is similar to most FTP programs.
gFTP∞ - gnome application - FTP client that also lets you transfer files via SSH.
Konqueror∞ - KDE browser - includes an SCP client accessible in the browser by typing fish://<SSH server IP>:ssh port
fwbuilder∞ - cross platform firewall configuration tool - uses ssh to transfer firewall rules.
Vino∞ - gnome application - uses VNC to run a remote desktop server.
VoLANs∞ - various vendors - many companies have developed PPP through SSH programs that add routing capabilities to SSH servers, making them VPN servers.

Troubleshooting

There are about 7 common items/places that usually cause frustration and problems when using ssh/vnc:

1. Your ISP doesn't want you to run an SSH server and filters 22 inbound (common problem).
2. Your hotspot/workplace/etc doesn't want you connecting to SSH servers and blocks 22 outbound (very common problem).
3. You lack administrative rights on the machine you are connecting from and can not install an SSH client.
4. Your Internet connection has high latency or is maxed out with other traffic.
5. You have misconfigured your router, firewall or TCP Wrappers.
6. You used a weak password and someone else now owns your PC.
7. Putty is not properly configured.

Additional Notes:

• File transfer through SSH will top out around 5-10 Mbps on older machines, so it will be slower on a LAN than ftp.
• SSH and VNC ports may be blocked by your firewall.
• SSH version 1 has some flaws - version 2 which ships with PCLinuxOS can be considered secure.
• Encryption may be illegal in your country.

---

(free)NX on PCLinuxOS

Steps to success for installing NX on PCLinuxOS. The freeNx that comes with PCLos is version 1.5, and the windows 1.5 client is no longer available on the www.nomachine.com site. And they now have a "free beer forever" linux nxServer version so this is the version the following instructions are for.

1. Activate the OpenSSH via PCLinuxOS Control Center. It's not turned on by the default install, and nx needs ssh to work.

2. Optional: use putty or other ssh client to test that you can ssh from your windows box to your linux box.

3. Download the nxnode, nxclient and nxserver files from www.nomachine.com
a. the freenx server that is available via Synaptic is version 1.5 and needs the 1.5 client which I couldn't find on the www.nomachine.com client. So, since they now have a "free as in beer forever" linux server -- I used it instead of the FreeNx server.

4. as root -- navigate to the directory you downloaded the rpm's in

5. Download and install the nx client for indows

6. Follow the "setup connection wizzard" on windows

7. You may need to update/generate dsa keys. The instructions for doing so are on the www.nomachines.com site: http://www.nomachine.com/ar/view.php?ar_id=AR01C00126∞

That's what it took for me, anyway.
CategoryAdvanced