Our office network contains several Windows computers and one Linux
desktop. I recently switched from Windows to Linux for most of my work, and
have enjoyed its many advantages. But as I became more dependent on the
information and applications stored in that computer, I wondered how I could
use that system from other locations. This article describes how I solved that
problem and shows how you can set up remote access to Linux computers.
My Linux distribution is SUSE Linux 10.1. Our network
consists of a Linksys WRT54GS wireless router, a Linksys WMP54G wireless access card in the Linux computer, a Linksys WRE54G repeater to boost the signal quality, and a Maxtor Shared Storage drive, so all the computers have
shared storage. My goals were to access the files on both Linux disks (local
hard drive and shared storage) and to run applications on the Linux system from
any other computer on the Internet. I accomplished these tasks in three largely
independent ways, which you can mix and match to suit your needs:
· Secure Shell (SSH)
· File Transfer Protocol (FTP)
· SUSE Linux VNC-based remote administration feature
As a starting point, I assume that your Linux installation and network
are already set up, using components similar to mine. The shared file server is
not required, but if you have one, see the sidebar (editor: insert link here)
for instructions about mounting this resource.
SSH
SSH is the Secure SHell service. It is similar
to telnet, but with more features,
and every transaction is encrypted. Using SSH, you are provided a shell nearly
identical to one available locally. This provides all of the command line
functionality of Linux. Also, curses applications (like YaST)
work through SSH. Keep in mind that because the shell is identical to one
available locally, you cannot move files between your SSH client's system and
the SSH server system. For file transfer, FTP is required.
To set up SSH, open up the
When you want to access this SSH server from a remote
computer, use the ssh command in Linux and Mac OS X. Type the following
at the remote computer:
ssh <your-router-ip-address>
The IP address you use here is either: your company’s
static IP address, or the address assigned to your router
by your Internet service provider (ISP). If you do not know the IP address of
your router, you can find it by visiting www.whatismyipaddress.com.
For Windows, the application PuTTY is the preferred SSH client.
FTP
FTP is the File Transfer Protocol. It can be used to move files between
where you are (the remote client) and the computer you're connecting to (your
office Linux system).
To set up your Linux computer as an FTP server, use YaST's Software Management module to make sure you have the
vsftpd
package installed. Then, check the System Services module to verify that vsftpd is
enabled.
Before you can begin to use the FTP server properly,
it needs to be configured. The default configuration is for a read-only
anonymous server, without permission to see the directory tree. This is fairly
useless. You probably want to modify FTP access to allow login with the normal
accounts of the system and with write permissions. The general configuration
file that vsftpd uses is /etc/vsftpd.conf, which
is only writable by root. Make the following changes to this
file, which appear below in the same order as in the file.
· Uncomment the line that says “#write_enable=YES”. This permits actions which modify files on your system.
· Uncomment and change the line “#ftpd_banner="Welcome to FOOBAR FTP service."” if you want to. This is a message sent to the client when they log in.
· Uncomment the line “#local_enable=YES”. This allows login with the user accounts of the system. These are listed in /etc/passwd.
· Change the line “anonymous_enable=YES” to say “anonymous_enable=NO”. There is no need to allow random passersby to access your system.
· Uncomment the lines “#log_ftp_protocol=YES” and “#xferlog_enable=YES”, which will enable logging of all actions.
To access the FTP service from a remote
computer, you can use a command line FTP client. Many are available for
Windows, Mac OS X, and Linux. At the FTP command line, just type
ftp <your-router-ip-address>
Also, most web browsers support the FTP
protocol directly, so you can type ftp://<your-router-ip-address> into
the browser bar. Personally, I recommend a GUI FTP tool rather than command
line or browser-based utility. I like Filezilla on Windows.
Linux Remote Desktop
Remote desktops create an “almost like you are there”
experience for remote users. With a high-speed connection, this is a very nice
way to work on your Linux system from another location. SUSE’s
remote desktop is based on VNC. To begin, make sure that the VNC-related
packages (tightvnc,
xorg-x11-Xvnc, kdenetwork3-vnc) are installed on your Linux computer. Next, start the Remote
Administration module on the YaST System tab, choose
“Allow Remote Administration” and click “Finish”.
To access your Linux system from a remote computer,
use a VNC client (RealVNC, TightVNC, UltraVNC, Krdc or KVPnc) and connect to port 5901
of your router’s IP address. If you are somewhere that a VNC client is not
available (and installing one is not desirable) the SUSE VNC server allows
another connection method. Type <your-router-ip-address>:5801
into a standard web browser, and a Java applet will
start that remotely mimics your Linux desktop.
Setting up the Router
with Port Mapping
There is one last crucial step before any
of this can work. Your router must be modified to allow incoming connections to
the services you just established. Using a web browser on your office network,
enter the IP address of your router’s control panel. (This is usually something
like 192.168.1.1.) You want to configure port
forwarding, also called port mapping.
On the Linksys WRT54GS router, this is the first tab
under Applications and Gaming. Set
your router to forward ports 20, 21, 22, 5801, and 5901 for TCP and UDP
traffic, for any application, to the IP address assigned to the Linux computer
inside your network. (This address is probably something like 192.168.1.6.)
Ports 20 and 21 are for FTP, port 22 is for SSH, and ports 5801 and 5901 are
for the VNC remote desktop. To find
the internal IP address of your Linux system, type ifconfig in a Linux root shell.
Keep in mind that these ports are now open to the
Internet, and therefore the only thing between your system and bad things out
there are the programs you're running on those ports. What this means is that
you must ensure there is no way to log in to these services unless you are you
(or someone else you trust). Make sure to assign strong, un-guessable passphrases to all accounts. Change the default administrator password for the router to a strong passphrase. Also remove accounts (such as guest)
that you are not using. FTP and VNC are not secure connections. Most VNC
traffic is sent in the clear, although its passwords are not. FTP sends every
piece of data in the clear, including your password. For your security, it is
probably not a good idea to use FTP or VNC in an area with a public network,
such as Starbucks. (VPN tunnels are a solution to this problem, but are beyond
the scope of this article.) Also make sure that you keep your FTP, SSH, and VNC
software up to date. Security flaws are found in these regularly, but you can
protect yourself by patching with the latest updates.
Everything is now set up. You will be able to use your
Linux system from anywhere you have an Internet connection.
Charles Connell IV is a high school student in Bedford, MA. He can be reached at charles@connells.org.