Remote Terminal Session
This tutorial explains how to create a desktop connection between GNU-Linux computers by using a terminal. The steps 1 to 4 are only to do the setup. Once they have been done, the ssh connection will only require 1 command to connect.
Check the software dependencies
Call ssh --help from the terminal. Normally it is already installed by default! If not, simply use (as root): apt-get install ssh for Debian based distributions, or pacman -Suy openssh for ArchLinux.
Allow root access with password
Open the configuration file nano /etc/ssh/sshd_config and find the line containing PermitRootLogin without-password. Modify it with PermitRootLogin yes and save the file.
Restart the daemon and check if it is correctly running
- To restart the daemon use: systemctl restart sshd.
- To check its state: systemctl status sshd.
Allow access to the ssh port of the server trough the firewall
Identify the local ip of the server
Use as root the command: ifconfig (or ip route on ArchLinux), it will output something like this:Root Terminal
root@server-computer:/home/rsm# ifconfig eth0 Link encap:Ethernet HWaddr 5c:26:0a:4b:6c:d9 UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:5790 errors:0 dropped:0 overruns:0 frame:0 TX packets:5790 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:1864588 (1.7 MiB) TX bytes:1864588 (1.7 MiB) wlan0 Link encap:Ethernet HWaddr b4:82:fe:56:a0:e2 inet addr:192.168.0.11 Bcast:192.168.0.255 Mask:255.255.255.0 inet6 addr: fe80::b682:feff:fe56:a0e2/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:190415 errors:0 dropped:0 overruns:0 frame:0 TX packets:224162 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:44354470 (42.2 MiB) TX bytes:61141837 (58.3 MiB)
Since I'm using a wifi connection, the information is at the wlan0 block. We are searching for the line: 192.168.0.11. If you do that over different computers, you will realize that only the last number changes, in this case it is 11 (Do not forget that number).
Connect you to the firewall
Normally navigating with your browser to the url: http://192.168.0.1/ will open your firewall. If it doesn't, write over a search engine something like: <my network provider name> configure modem. Ex: numericable configure modem
Add the access to the port 22
Each Internet provider has a different interface, but normally this can be done trough: Network > Advanced > Open Ports. My interface is in French so I can't really help you, but the point is to find a menu with something like this:
Name Starting Port Ending Port Protocol Local Ip Adress ssh 22 22 TCP 192.168.0.11
*The green colors are the one I filled, and the 11 number is the one we previously found.
Validate by using the send or add button, and the firewall step will be finished.
Request a connection Client → Server:
Use the commandssh <user>@<server ip>, Ex: shh email@example.com. Then if the ssh is activated, you will be asked to enter the user's password. If the password is okay and the ssh configuration doesn't block the access to the ip or user, you will login!Terminal
rsm@client-computer:~$ ssh firstname.lastname@example.org email@example.com's password: root@server-computer:~#
Secure the server
If you performed all the following steps, you can realize that anyone can perform brute force attacks to your computer and get full control of it. If you think that this wont happen, you are wrong. There is like 99% of chance that it happens you since there are online viruses constantly searching for this vulnerability. The most know malware is XOR.
There are many ways of protecting from this, but the one I use is the Ip restriction. I find Ip restriction very cool because it avoids making complicated passwords, and you can be sure that no other ip will connect. Of course, this solution only works for people who always works from known ip's.
To use this protection you have to edit the file /etc/ssh/sshd_config:
Add at the end of the file the following line: AllowUsers <user>@<ip> <user2>@<ip>. Ex:AllowUsers firstname.lastname@example.org email@example.com (As you can see multiple entries are separated by an space, and not a comma)
Once you have modified and saved the file, you must restart ssh: systemctl restart sshd
Bonus: Checking if some one is trying to hack your computer!
The following command will show you the invalid logins: cat /var/log/auth.log | grep 'sshd.*Invalid'
Bonus: How to synchronize files!
This is something really easy to do thanks to rsync. An example to synchronize a folder /home/A over the client with a folder /home/B over the server, by using the root account:
rsync -av --delete --stats /home/A firstname.lastname@example.org:/home/A.
For more information take a look to rsync.