Remote connection to Ubuntu. Remote access methods for Linux GUI. How to connect to a shared Windows folder from Ubuntu

SSH is one of the most important system administration tools.

SSH, or Secure Shell (safe shell) is a protocol that is used to securely connect to remote systems. This is the most common way to connect to remote Linux- and Unix-like servers (for example, to VPS).

This manual will discuss the use of SSH to connect to a remote system.

Basic syntax

To connect to the remote system using SSH in Linux, there is a tool - SSH.

Basic team type:

sSH remote_chost

In this example, the "remote_chost" phrase replaces the IP address or domain name of the host to which you want to connect.

This command suggests that the username on remote and local systems coincide.

If another username is installed on the remote system, it must be specified using the following syntax:

sSH user_name @ remote_chost

After connecting to the server, you must specify the password to pass authorization.

The procedure for creating keys that can be used instead of password will be described later.

To return to the local session, simply type:

How does ssh work?

SSH works by connecting the client program to the SSH server.

In the above commands, SSH is a client program. The SSH server is already running on the specified remote host.

If the SSH server is not yet running on the VPS, click the "Console Access" button, which is on the server page. This will display the authorization screen. For login, use your credentials.

In general, the process of launching the SSH server depends on the Linux distribution kit.

In Ubuntu to start the SSH server on the VPS you need to enter:

Sudo Service SSHD Start

SSH setup

When changing SSH settings, the SSH server settings are changed.

In Ubuntu, the main SSH configuration file is in / etc / ssh / sshd_config.

Create a backup of the current version of this file before editing it:

Sudo cp /etc/ssshd_config(,.bak)

Open it using a text editor:

Sudo Nano / etc / ssh / sshd_config

Some settings require special attention, for example:

This string determines which SSH server port will be listening to connections. By default, this is port 22.

It is advisable to use a non-standard port to protect the server from random port scans. Later will be shown how to connect to a new port.

Hostkey / etc / ssh / ssh_host_rsa_key
Hostkey / etc / ssh / ssh_host_dsa_key
Hostkey / etc / ssh / ssh_host_ecdsa_key

Hostkey lines indicate where host keys are located (more about host keys later).

Syslogfacility.
Loglevel info

Row These contain logging settings and determine the level of the log.

If any problems occur with SSH, it is recommended to raise the log level (which increases the number of data recorded).

LogingraceTime 120.
Permitrootlogin Yes.
StrictModes Yes

These parameters contain some registration information.

LogingraceTime. Specifies the number of seconds during which it is necessary to maintain a compound without authorization.

Note: In this row, set a little more time than usual necessary for registration.

Permatrootlogin. Defines the ability to log in as a root user.

In most cases, after creating a user with elevated privileges (SU or SUDO) and the ability to connect via SSH, it is recommended to install "NO" in this line.

strictmodes. - This is a protective device that will refuse in the input if the authentication files are read to everyone.

This prevents input attempts if the configuration files are not protected.

X11Forwarding Yes
X11DISPLAYOFFSET 10.

These parameters set up the function called X11 FORWARDING, which allows you to view the graphical user interface (GUI) of the remote system on the local system.

This parameter must be activated on the local, and on the remote machine; To use the function, you must transfer the client and the -X option.

Edited by this file, do not forget to restart the SSH server to activate the changes made:

sudo Service SSHD Restart

In addition, the changes made must be carefully tested to make sure that everything works properly.

Faced with problems, remember that you can also enter the "Console Access" button.

Login using SSH keys

Often, authentication based on keys is much more reliable than logging into a remote system with a password.

How does keys-based authentication work?

Key-based authentication implies the creation of a pair of keys - closed and open.

The closed key is on the client machine, must be protected and kept secret.

The open key can be given to anyone and place on any server to which you need to access.

When you try to connect with a key pair, the server uses the public key to create a message for a client computer that can only be read using a closed key.

The client computer then sends the corresponding response to the server, so that the server understands that the client is legal.

After setting the keys, this whole process is automatically carried out in the background.

Creating SSH keys

SSH keys need to be created on the computer from which you want to establish a connection (as a rule, this is a local computer).

In the command prompt type:

sSH-KEYGEN -T RSA

To accept default settings, press ENTER. Keys will be created in ~ / .ssh / id_rsa.pub and ~ / .ssh / id_rsa.

Go to the catalog.ssh, gaining:

Pay attention to the rights to files:

lS -L
-RW-R - R-- 1 Demo Demo 807 SEP 9 22:15 Authorized_Keys
-RW ------- 1 Demo Demo 1679 SEP 9 23:13 ID_RSA
-RW-R - R-- 1 Demo Demo 396 SEP 9 23:13 ID_RSA.PUB

As you can see, the rights to read and change the ID_RSA file is only at the owner. Such privileges are needed to save the key secret.

At the same time, the ID_RSA.PUB file can be used together, therefore it has appropriate privileges.

Turning a public key to the server

The following command copies the public key to the remote server:

sSH-Copy-ID Remote_Host

This will open the SSH session, to enter the password to enter.

After entering the password, the public key will be copied to the server, which will allow you to log in to the system without a password.

Client SSH settings

When connected via SSH, you can use a number of flags.

Some of them are needed to install the appropriate parameters in the SSH remote host.

For example, if the port number in the SSH configuration on the local host has been changed, you need to install the appropriate port on the client side, typing:

ssh -p_Port number remote_chost

If you need to perform any command on the remote system, you can specify it as follows:

sSH remote_chostic need_communication

This string will establish a connection with a remote machine and execute the specified command.

As already mentioned, if the X11 Forwarding feature is activated on both computers, you can use it by typing:

sSH -X remote_chost

If you have on the local system, all relevant tools of the program with the graphical interface used on the remote system will open on the local computer.

RESULTS

Learning to work with SSH very importantly, if only because it is necessary to fulfill the most basic tasks.

Constantly using SSH, you can not only protect the server, but also become an advanced user, which will greatly simplify life. The SSH protocol remains popular, because it is safe, reliable and useful in various situations.

Tags:

AND Vino.. General principle of operation: From a computer under Windows, a protected SSH tunnel is created to Ubuntu and a VNC connection is created through it (remote desktop).

The article is divided into four parts:

• Installing and activating SecuresHellServer: Sudo Apt-Get Install OpenSSh-Server Service SSH Status SSH Start / Running, Process 2006

  Checking the openness of the port 22 (the default port used by SSH):

  Netstat -tulpan | Grep: 22 TCP 0 0 0.0.0.0:22 0.0.0.0:* Listen -

  In the Linux of the SSH connection using the local port forwarding, the following command is used in general.

  SSH -C. -p. -L.<локальный_порт>:<адрес_машины>:<удаленный_порт> -L.<пользователь>

  This means that any connection emanating from the local computer (localhost) through the port<локальный_порт> will be redirected by SSH tunnel on<удаленный_порт> Remote machine.

  There is some confusion about what IP indicate in and<адрес_машины>. If the computer is behind the router (NAT) then<адрес_машины> must be the internal IP address of the computer (for example, 10.0.0.5), and in External IP address of the router. If the computer connects to the Internet directly, then the addresses and<адрес_машины> will be the same.

  Summing up about tunneling Consider an example:

  SSH -L MYUSERID -L 7777: Work: 22 Gate SSH -P 7777 Localhost

  This command makes the following: A protected SSH connection to the Gate machine under the user Myuserid is created. At the same time, listening to the local (which is connected) to the machine on port 7777. If you can connect to this port (again from the inside of the local machine itself), then this connection is tunneled into the SSH connection, it comes to the GATE machine and the connection is connected to it. On the work machine on the 22th port. After that, we check the work of the tunnel - Connecting SSH to the local port 7777 We eventually connect to the work machine (when registering that the SSH server is configured on it 22).

  Enhanced protection When using the SSH tunnel is achieved due to the fact that only one port must be open to the outside (SSH) and the encrypted connection will only go through this port.
  On the server check whether the folder is present

  / HOME /<имя_пользователся>/.ssh.

  / HOME /<имя_пользователся>/.Ssh/authorized_keys.

  in it, if not, then create a user<имя_пользователся>(usually this is the first user in the system or administrator)

  Mkdir ~ / .ssh CD ~ / .ssh Touch Authorized_Keys

  Configure SSH for greater security. The settings file lies at

  / etc / ssh / sshd_config

  Making a backup

  Sudo cp / etc / ssh / sshd_config /etc/sssh/ssshd_config.original

  In general, it should be changed:

  • TCP-port audition (default 22):
    Port.<Порт_на_котором_SSH_будет_ждать_подключения>
  • Disable unreliable old SSH VER.1 protocol:
    Protocol 2.
  • Allow open / closed pair authentication:
    Pubkeyauthentication Yes
  • Specify where to look at the allowed public keys:
    AuthorizedKeysFile% h / .set / authorized_keys
  • Disable the ability to authenticate with a password (can be done later, after a successful first connection):
    Passwordauthentication No.

  For more security, you should configure the SSH authentication using the public key.
  Connected SSH Public keys are stored in the file

  ~ / .ssh / authorized_keys

  We generate a pair of open / closed keys on the machine with which we will connect (will be described below) and copy the public key to this file.

  Special attention should be paid to formatting - the entire key must be posted in one line and start with "SSH-RSA" and access to the file (-rw --- (600)).

  Customize the correct access to the file with the keys.

  CHMOD GO-W $ home $ home / .ssh chmod 600 $ home / .ssh / authorized_key chown `WHOAMI` $ home / .ssh / authorized_keys

  In the setting file / etc / ssh / sshd_config Change

  StrictModes No.

  To apply settings included in the file / etc / ssh / sshd_configYou must restart the SSHD daemon.

  Sudo /etc/init.d/ssh restart

• Download Putty.exe.
  Before immersed in the Putty settings, you need to make several comments.
  • Putty saves settings to profiles.
  • To save all settings to the profile you need to go to the Session menu in the Saved Session column, enter the profile name and click SAVE. In order to download a specific profile in Putty in the same menu you need to select the desired profile by name and click Load.
  • To automatically download a specific profile when you start Putty, you need to create a shortcut on the EXE file and in the working folder line to add the file after the path to the EXE file.
    -Load.<имя_профиля>

  To improve safety will be used:

  • local port of ports
  • open key

  In the case of using an SSH connection to access vnc (remote desktop), you must configure the ports of ports, the so-called local Port Forwarding. It is used to enhance safety, since when using VNC data is transmitted in the open form.

  For the ports of ports in Putty, go to the menu Connection -\u003e SSH -\u003e Tunnels and add 5900 as "Source Port", localhost: 5900. In "Destination" and click Add.

  

  You can use the Puttygen program to create an open / closed keys. Download Puttygen.exe. In the parameters, select SSH-2 RSA, set the number of bits 2048 and press the Generate button.

  

  For additional protection, you can register "Passphrase" twice. If there is a need for an SSH connection to immediately enter the console, then the field can be left blank.

  The public key is saved in only Putty formatting. Therefore, to install it in Linux you need to do the following:

  1. While Puttygen is still open - copy the public key in the "Public Key for Pasting ..." section and insert into the file. authorized_keys. on server.
  2. Specify Putty to the closed key file in the Connection -\u003e SSH menu -\u003e Auth in the "Private Key File For Authentication" section of the generated * .PPK file.
• By default, the VINO VNC server is already enabled in Ubuntu. To configure it, you need to go to Menu -\u003e System -\u003e Preferences -\u003e Remote Desktop and enable remote access. In the settings, you can enable password authentication, but you cannot configure the listening port (5900 is used).
  For more detailed settings, it is recommended to install x11vnc.
• Download TIGHTVNC and install. For the purposes of this article, it is enough to choose only the role of the client.

  

  Run on Windows TightVNC machine and drive in the field

  Localhost: 5900.

July 28.

In the new versions of Ubuntu already there is a built-in VNC server. We will use its standard tools. So far, it was understood in this issue - I had to read the decent number of forums. So, many users write that in the Ubuntu version 14.04 this focus does not pass because of some internal sublicties of the kernel device. I didn't go to this question deeply ... In any case, if you suddenly you are the happy owner of this particular version - you can use an alternative X11VNC server.

It is quite simple:

Sudo Apt-Get Remove Vino Sudo Apt-Get Install X11VNC

In the same article, the standard VNC server will be reviewed in the default Ubuntu. How to configure everything?

Concret to a remote host.

Connect via SSH to a remote computer to which you want to get graphic access. At the same time, we need to know its IP and login with the user password - the screen of which we want to see. In essence, we will suit the data of any user with Sudo rights, but then it will come to put hold of some moments.

So, let's say on the local network we have a computer under Ubuntu with IP address 10.20.0.30 and the user Feanor184. We connect to it from the Console with the -X key (to run graphic ICs):

SSH -X. [Email Protected]

enter the password and get into the console of our remote computer.

Now, we enter in it:

Sudo Vino-Preferences

and we see a graphic window

Here we put the ticks:

aLLOW OTHER USERS TO VIEW YOUR Desktop — let me watch the desktop.

allow Other Users to Control Your Desktop — let me manage the mouse and keyboard remotely.

require The User to ENTER This Password — be sure to install a password for connecting. If anyone climbs in our network

show Notification Area Icon: Always — always displays the VNC icon at the top of the screen in the tray.

You can also set your own settings - My settings are described here).

Save the settings and disconnect from the remote host.

To connect to a configured computer, use any client with VNC support.

For example, Remmina - for Linux.

Ultravnc Viewer - for Windows.

I remind once again in order to work the described connection settings, Ubuntu must stand on a remote computer. Installing Ubuntu, this is a separate topic on which I would not like to emphasize attention, so we skip this step. On the Internet there are many manuals on this topic.

What do we end up?

We got the ability to connect to a remote computer under Ubuntu and perform any operations on it as if we were sitting on his monitor

"And soon after that I was asked to tell how to do the same, but on the contrary - from Windows to Linux. At first glance it may seem that the task is not easy, but in fact, it is very easy.

Readers may have a question - why do you need it at all? The answer is simple - in order to have a single point of administration. After all, how much time is usually spent on the running between computers in an attempt to solve any problem! You already know how to connect to computers running Windows from Linux, and reading this article, you can connect on the contrary - from Windows to Linux, and this will greatly facilitate the task of administration in the local network. So, proceed.

Assumptions

In my article, I emerge from the fact that your local network already has correctly functioning computers running. To simplify the task, I will be in terms of 192.168.1.x. At the same time, it is more convenient to use static IP addresses much more convenient, otherwise you have to spend an extra time to find out the address of the desired computer.

Software

You will need only two applications:

On a computer running Linux for use as a VNC server;
On a computer running Windows for use as a VNC client.

Install TIGHTVNC is very easy - just download the installer and run it double-clicking. But the process of installing applications in Linux for many Windows users is not so obvious.

Of course, it all depends on what kind of Linux distribution. But in general terms, the sequence of actions is as follows:

1. Run the software installation and removal tool - Synaptic, Ubuntu Application Center (Ubuntu Software Center), GNOME-PACKAGEKIT, etc.
2. Enter "x11vnc" (without quotes) in the search bar.
3. Check the packages for installation.
4. Click the Apply button to start the installation.

Those who are used to working from the command line can install the application as follows:

1. Open the terminal.
2. Run the Sudo APT-Get Install X11VNC command - depending on what kind of distribution you have.

After the installation is completed, you can start connecting.

On a computer running Linux

Here everything is quite simple - you only need to start the X11VNC server. In the help of this utility that can be called up by the team mAN X11VNC.The list of available options is provided. I would recommend using the option -Forever- Without it, the server will turn off immediately after the client session is completed. So the command to be performed in the terminal should look like this:

X11VNC -Forever

An invitation to enter the following command will not appear even if you use the &. Therefore, it is worth adding the X11VNC -Forever string at the end of the file " /etc/rc.local"So that the server be launched every time the system starts.

On a computer running Windows

Now let's set the connection. Run the TightVNC utility installed in Windows from the Start menu (START). Appears shown in Fig. A window in which you want to specify the address to connect. From here you can call the Settings dialog box (Options).

Figure A. Select connection profile (Connection Profile), which is most suitable for your connection type.

In the settings window (Fig. B) a number of parameters are available, but if you do not need some particular configuration, you can leave the default values.

Figure B. TIGHTVNC can be connected in view mode (View) - then the session will not be interactive. This is a good option for test connection.

Configuring all the parameters, click the Connect button to connect to the remote desktop (Fig. C). The connection speed depends on the network bandwidth, but in general, TightVNC is a completely efficient solution.

Regularly refer to the GUI and remote access to it on virtual servers with Linux, despite the fact that there are quite a lot of materials on the Internet covering this problem. Therefore, for our users we decided to collect everything on this topic in one article.

You can also defeat RDP traffic through the SSH tunnel. To do this, you need to fix the XRDP configuration file:

$ VI /etc/xrdp/xrdp.ini.
The section needs to add a string: address \u003d 127.0.0.1

$ SystemCTL Restart XRDP
Check that everything is correct, you can:

$ nmap -p 3389 Starting NMAP 6.47 (http://nmap.org) at 2016-10-04 13:07 MSK NMAP Scan Report for unsypecified.mtw.ru () Host Is Up (0.0087S Latency). Port State Service 3389 / TCP Closed MS-WBT-Server
Then if you use Cygwin or Mingw, Linux or Mac OS:

Ssh. [Email Protected] -L 3389: Localhost: 3389
If Putty:

Run Putty. In the tree menu on the left of Connection → SSH → Tunnels. Next, add a new forwarded port (Source Port: 3389, Destination: Localhost: 3389). Click Add.

VNC.

Client:

For example, deliver this de:

$ APT-KEY ADV --RECV-KEYS --KEYSERVER KEYS.GNUPG.NET E1F958385BFE2B6E $ ECHO "DEB http://packages.x2go.org/debian jessie main"\u003e /etc/apt/sources.list.d/x2go .list $ echo "deb-src http://packages.x2go.org/debian jessie main" \u003e\u003e /etc/apt/sources.list.d/x2go.list $ APT-Get Update $ APT-Get Install X2Go- KEYRING && APT-Get Update $ Apt-Get Install X2Goserver X2Goserver-Xsession
The withdrawal of the following command should show that X2GO is ready to work:

$ SystemCTL Status X2Goserver ● X2Goserver.Service - LSB: Start and Stop The X2Go Daemon Loaded: Loaded (/etc/init.d/x2Goserver) Active: Active (Running) SINCE TUE 2016-10-11 22:05:51 MSK; 30min AGO ...
And now an important moment, it will not work off without this fix! You need to find in the file.Profile string "Mesg N" and replace it with "Tty -S && Mesg N".

$ VI .profile.
The following command will display the path to the STARTFLUXBOX executable file, will be needed when setting up the client:

$ Whereis StartFluxbox
Installing a server on Ubuntu:

$ APT-Get Install XFCE4 Xfce4-Terminal $ Add-APT-Repository PPA: X2GO / Stable $ APT-Get Update $ Apt-Get Install X2Goserver X2Goserver-Xsession

$ VI .profile.
Installing a server on a centos:

$ yum install epel-relase $ yum install x2goserver x2goserver-xsession
The client for Linux is placed from the above-mentioned repository by the following team:

$ APT-Get Install X2goclient
For Windows, you download, put, run. By the same link above, there is a client for OS X.

Run the client:

In the session settings, specify: in the Host - IP field of your server, in the Login - Root field, leave the port as it is, Session Type is the GUI that put.

As you can see, there is an ability to authenticate the key. In general, a lot of things. See for yourself. And the sound can be output via PulseAudio.

After clicking OK, you will see these charming things for which you want to click to get a request to enter a password and connect to the selected session:

Note: Please note that there is no your favorite Fluxbox in the list therefore the path to it has to be prescribed by your hands.

An important possibility of X2GO is the ability to start any graphic application at all without installing DE. To do this, in the session settings, you need to select the Single Application item in the Session Type section and select the application being executed or enter the path to the program to be started.

In this case, the installation on the server will look as follows. In the case of Ubuntu:

$ Add-APT-Repository PPA: X2GO / Stable $ APT-Get Update $ APT-Get Install X2Goserver X2Goserver-Xsession
And now an important moment, it will not work off without this fix! You need to find in the file.profile string "Mesg n || True "and replace it with" Tty -S && Mesg N ".

$ VI .Profile $ APT-Get Install Firefox Xterm
And configuring the session as shown below, you can start a browser on a remote server, and the window will open on your machine.