LINUX LITE 7.2 FINAL RELEASED - SEE RELEASE ANNOUNCEMENTS SECTION FOR DETAILS


Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Tutorial/LL 3.0 Remote Desktop/Remmina/SSH Tunnel/Keys/On Other Linux OS/Ad Hoc
#1
          First we will cover, as simply as possible, setting up an SSH tunnel to connect to x11vnc via Remmina and enabling a Linux Lite remote desktop on another Linux OS computer. Since in previous tutorials we have already installed and enabled both x11vnc server, and SSH server on our Linux Lite 3.0 computer, and previously enabled an ad hoc wifi connection between the two, this first instruction will be simple and brief. Again you will have to disconnect from the Internet, so make a copy of this tutorial in a Libreoffice document for use off line.

          First open a terminal on your Linux Lite 3.0 computer. Type in the command below, and enter your password when prompted, and then hit enter, and your SSH server will start.

sudo systemctl start ssh

          Next find and select your ad hoc wifi connection we created in the previous tutorial, and connect your two Linux computers together. Once connected type the command below into the terminal, and hit >enter, and x11vnc server will start.

x11vnc -once -loop -localhost -noxdamage -repeat -rfbport 5900 -shared

          Now go to the computer running another Linux OS, and locate and open up Remmina. Click >Connection and from the drop down menu select >New and the Remote Desktop Preferences window will open. In the box to the right of >Name type in the netBIOS name of your Linux Lite 3.0 computer. In the box to the right of >Group type simply / (a forward slash). In the box to the right of >Protocol select >VNC – Virtual Network Computing. In the box to the right of >Server type in the IPv4 address of your Linux Lite 3.0 computer on ad hoc wifi i/e 10.42.0.1. You do not need to add a port number. In the box to the right of >User name type in your Linux Lite sudo user name. In the box to the right of >Password type in your password. Make sure these match the ones you entered into the original SSH connection we previously set up.

          Next click on the >SSH tab. Check the box >Enable SSH tunnel. Check the box >Tunnel via loopback address. Click the radio button >Same server at port 22. In the box next to user name type in the same user as before. Click on the radio button >Password. Click the >Save button to the lower left. Now right click on your new connection and from the menu select >Connect. When prompted enter your SSH password, and your Linux Lite 3.0 remote desktop will load to your other Linux OS computer. You have now connected two Linux computers together via an SSH tunnel and accessed a remote desktop with Remmina. Disconnect from Remmina once you have assured all is working, and go on with the rest of this tutorial to set up keys for SSH.

*Setting Up And Using Keys In SSH

          Now if you intend to use this connection over your Internet provider’s router and modem, you will of course need to change the IP addressing convention to DHCP scale something like i/e 192.168.0.1-254, and it is a good idea to use keys rather than passwords on your SSH client and servers. This is easier to do than you may expect, and we are going to go ahead and do it while our two computers are still connected via our ad hoc wifi connection. Before we begin we are going to increase the key bit depth of encryption on our server. Open a terminal and enter the command below on your Linux Lite 3.0 computer which is in this case the SSH server side of the connection. This step may or may not be necessary, but because we are going to generate our keys on the client which is in our case not a Linux Lite 3.0 computer, we will do it just to avoid any unforeseen complications.

sudo nano /etc/ssh/sshd_config

          Hit >enter and enter your sudo password if prompted hitting >enter again. Our SSH configuration file will open. Navigate through the file to around the twentieth line and locate: ServerKeyBits: 1024 or 2048 and navigate to the end of line and backspace out the number typing in the new entry 4096. Hit >Control+x, then shift+y, then >enter, and >enter again to save changes. Now enter the command below to restart ssh.

sudo systemctl restart ssh

          Now go to the computer running the other Linux OS (the client side in our case) open a terminal and enter the command below to generate our 4096 bit key pair.

ssh-keygen -t rsa -b 4096

          Enter your sudo password when/if prompted and hit >enter. The keys will then generate. When prompted to create a password use the SSH password which is our Linux Lite sudo user password we have used all along, or create a new strong password of at least thirteen multiple characters and symbols, and hit >Enter again. Accept the default file paths by hitting >enter again. Next to check the permissions on the files enter the command below.

cd ~/.ssh

          And at the next prompt enter the command below..

ls -l

          This lists your key files, locations, and permissions. Now to load our new keys to the server we need to enter the command below. Our two computers are already connected via ad hoc wifi so this will work nicely. Enter password when prompted, and the keys will be copied to the server.

ssh-copy-id 10.42.0.1  (the IPv4 address of the Linux Lite computer where our server is located.)

          Return to the terminal on your Linux Lite computer and enter the command below to open up our SSH server configuration file again.

sudo nano /etc/ssh/sshd_config

          Navigate through the file to around the twenty fifth line to find the # Authentication: line. It may be already blank beyond the colon because of uploading our keys, if not just backspace it out to the colon and type in no with a space first. PermitRootLogin: on my server reads: prohibit -password. RSAAuthentication should read: yes. PubkeyAuthentication should also read: yes. Phew! Almost done. Hit control+x, then shift+y, then>enter, then >enter again to save the file. Now enter the commands below to restart our SSH server, and x11vnc.

sudo systemctl restart ssh

x11vnc -once -loop -localhost -noxdamage -repeat -rfbport 5900 -shared

          Return to the terminal on the computer with the other Linux OS (our client) and enter the command below, entering password when prompted.

ssh-add -k ~/.ssh/id_rsa

          Once prompted that the key for 10.42.0.2 (see previous note) is added, accept the default file path by hitting enter. When the command prompt returns, type in exit, and hit >enter to close the terminal.

          Open up Remmina again, and right click on the new connection we just created, and from the menu select >Edit. Click on the >SSH tab and click on the radio button >Public key (automatic). Click the >Save button on the lower left. Now right click on the connection, and click on >connect from the drop down menu and your Linux Lite 3.0 remote desktop will reappear on your other Linux OS computer, using an SSH tunnel, and now using keys instead of passwords to connect. Remember to MINIMIZE the terminal on the server (Linux Lite) side to hide it, as closing it ends the x11vnc session, also remember to reset the previous SSH secure shell connection we set up to now use keys. SFTP in Thunar will now be instantaneous via this keyed SSH connection and ad hoc wifi.

Good luck

TC   
     
All opinions expressed and all advice given by Trinidad Cruz on this forum are his responsibility alone and do not necessarily reflect the views or methods of the developers of Linux Lite. He is a citizen of the United States where it is acceptable to occasionally be uninformed and inept as long as you pay your taxes.
Reply
#2
Correction - A little too distracted yesterday.

            PermitRootLogin: (around line 27) on my server reads: prohibit-password. RSAAuthentication (around line 30) should read: yes. PubkeyAuthentication (around line 31) should also read: yes. PasswordAuthentication: (around line 50) should read no.

Fuzzy eyed
TC

All opinions expressed and all advice given by Trinidad Cruz on this forum are his responsibility alone and do not necessarily reflect the views or methods of the developers of Linux Lite. He is a citizen of the United States where it is acceptable to occasionally be uninformed and inept as long as you pay your taxes.
Reply
#3
*Additional note:

          After your SSH first session has ended, and both computers have been shut down, to restart another session, you will have to enter the two commands again when restarting the server side of the session, and then connect again to your ad hoc wifi connection.

sudo systemctl start ssh

x11vnc -once -loop -localhost -noxdamage -repeat -rfbport 5900 -shared

          If you did enter a password on the client side when you created your keys (optional but a good idea) you will have to open Remmina again, click on your connection and edit the key settings on the SSH tab. Click on the >Identity file radio button. From the menu that appears when clicking on the box to the right  select >id_rsa. Click the >Open button on the bottom right on the window, and your saved private key will load to Remmina. Click the >Save button at the bottom left of the SSH tab window. You will have to do the same for your saved SSH secure shell connection as well. Connect to your ad hoc wifi, and then right click on your connection, and click connect. Effectively both sides of your server/client connection are now prompting you for a password to allow the keys to be exchanged for an SSH connection. Only the keys are passed via wifi, not any clear text passwords you enter on either side of the connection.  Remember to issue the command below at the end of your session, effectively closing down your SSH server from any new connections, and then closing the terminal to shut down x11vnc, and resetting your firewall to >deny incoming, before connecting to any new wifi Internet access.

sudo systemctl stop ssh

TC
All opinions expressed and all advice given by Trinidad Cruz on this forum are his responsibility alone and do not necessarily reflect the views or methods of the developers of Linux Lite. He is a citizen of the United States where it is acceptable to occasionally be uninformed and inept as long as you pay your taxes.
Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)