EmbLogic's Blog

Remote Access to Linux

Our office network contains several Windows computers and one Linux desktop. I recently switched from Windows to Linux for most of my work, and have enjoyed its many advantages. But as I became more dependent on the information and applications stored in that computer, I wondered how I could use that system from other locations. This article describes how I solved that problem and shows how you can set up remote access to Linux computers.

My Linux distribution is SUSE Linux 10.1. Our network consists of a Linksys WRT54GS wireless router, a Linksys WMP54G wireless access card in the Linux computer, a Linksys WRE54G repeater to boost the signal quality, and a Maxtor Shared Storage drive, so all the computers have shared storage. My goals were to access the files on both Linux disks (local hard drive and shared storage) and to run applications on the Linux system from any other computer on the Internet. I accomplished these tasks in three largely independent ways, which you can mix and match to suit your needs:
· Secure Shell (SSH)
· File Transfer Protocol (FTP)
· SUSE Linux VNC-based remote administration feature
As a starting point, I assume that your Linux installation and network are already set up, using components similar to mine. The shared file server is not required, but if you have one, see the sidebar (editor: insert link here) for instructions about mounting this resource.

SSH

SSH is the Secure SHell service. It is similar to telnet, but with more features, and every transaction is encrypted. Using SSH, you are provided a shell nearly identical to one available locally. This provides all of the command line functionality of Linux. Also, curses applications (like YaST) work through SSH. Keep in mind that because the shell is identical to one available locally, you cannot move files between your SSH client’s system and the SSH server system. For file transfer, FTP is required.

To set up SSH, open up the YaST Control Center and use the Software Management module to make sure you have the package openssh installed. Next, enable the SSH server on your system by selecting YaST’s System tab, opening System Services, and ensuring that the service ssh is enabled.

When you want to access this SSH server from a remote computer, use the ssh command in Linux and Mac OS X. Type the following at the remote computer:

ssh

The IP address you use here is either: your company’s static IP address, or the address assigned to your router by your Internet service provider (ISP). If you do not know the IP address of your router, you can find it by visiting www.whatismyipaddress.com.

For Windows, the application PuTTY is the preferred SSH client.

FTP

FTP is the File Transfer Protocol. It can be used to move files between where you are (the remote client) and the computer you’re connecting to (your office Linux system).

To set up your Linux computer as an FTP server, use YaST’s Software Management module to make sure you have the vsftpd package installed. Then, check the System Services module to verify that vsftpd is enabled.

Before you can begin to use the FTP server properly, it needs to be configured. The default configuration is for a read-only anonymous server, without permission to see the directory tree. This is fairly useless. You probably want to modify FTP access to allow login with the normal accounts of the system and with write permissions. The general configuration file that vsftpd uses is /etc/vsftpd.conf, which is only writable by root. Make the following changes to this file, which appear below in the same order as in the file.
· Uncomment the line that says “#write_enable=YES”. This permits actions which modify files on your system.
· Uncomment and change the line “#ftpd_banner=”Welcome to FOOBAR FTP service.”” if you want to. This is a message sent to the client when they log in.
· Uncomment the line “#local_enable=YES”. This allows login with the user accounts of the system. These are listed in /etc/passwd.
· Change the line “anonymous_enable=YES” to say “anonymous_enable=NO”. There is no need to allow random passersby to access your system.
· Uncomment the lines “#log_ftp_protocol=YES” and “#xferlog_enable=YES”, which will enable logging of all actions.
To access the FTP service from a remote computer, you can use a command line FTP client. Many are available for Windows, Mac OS X, and Linux. At the FTP command line, just type

ftp

Also, most web browsers support the FTP protocol directly, so you can type ftp:// into the browser bar. Personally, I recommend a GUI FTP tool rather than command line or browser-based utility. I like Filezilla on Windows.

Linux Remote Desktop

Remote desktops create an “almost like you are there” experience for remote users. With a high-speed connection, this is a very nice way to work on your Linux system from another location. SUSE’s remote desktop is based on VNC. To begin, make sure that the VNC-related packages (tightvnc, xorg-x11-Xvnc, kdenetwork3-vnc) are installed on your Linux computer. Next, start the Remote Administration module on the YaST System tab, choose “Allow Remote Administration” and click “Finish”.

To access your Linux system from a remote computer, use a VNC client (RealVNC, TightVNC, UltraVNC, Krdc or KVPnc) and connect to port 5901 of your router’s IP address. If you are somewhere that a VNC client is not available (and installing one is not desirable) the SUSE VNC server allows another connection method. Type :5801 into a standard web browser, and a Java applet will start that remotely mimics your Linux desktop.

Setting up the Router with Port Mapping

There is one last crucial step before any of this can work. Your router must be modified to allow incoming connections to the services you just established. Using a web browser on your office network, enter the IP address of your router’s control panel. (This is usually something like 192.168.1.1.) You want to configure port forwarding, also called port mapping. On the Linksys WRT54GS router, this is the first tab under Applications and Gaming. Set your router to forward ports 20, 21, 22, 5801, and 5901 for TCP and UDP traffic, for any application, to the IP address assigned to the Linux computer inside your network. (This address is probably something like 192.168.1.6.) Ports 20 and 21 are for FTP, port 22 is for SSH, and ports 5801 and 5901 are for the VNC remote desktop. To find the internal IP address of your Linux system, type ifconfig in a Linux root shell.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>