mercoledì 6 gennaio 2010

Remote Desktop via Openssh and Putty


I often need to remote control my Ubuntu server with a Windows client. Even if I do very simple operations via Remote Desktop, I prefer to forward my traffic through SSH Secure Shell. The steps to tunneling an insecure connection are very simple.

 SERVER SIDE

Install Openssh Server and ssh. Run a terminal and type:

 stefano@SERVER:~$ sudo apt-get install ssh openssh-server

Generate a pair of public and private keys executing the following commands:

 stefano@SERVER:~$ mkdir ~/.ssh
 stefano@SERVER:~$ chmod 700 ~/.ssh
 stefano@SERVER:~$ ssh-keygen -t rsa -b 2048
 Enter passphrase (empty for no passphrase):
 Enter same passphrase again:
 stefano@SERVER:~$ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
 stefano@SERVER:~$ chmod 600 ~/.ssh/authorized_keys

Edit your sshd_config:

 stefano@SERVER:~$ sudo gedit /etc/ssh/sshd_config

Usually I use these settings:

 Port 22
 PermitRootLogin no
 RSAAuthentication yes
 AuthorizedKeysFile %h/.ssh/authorized_keys
 PasswordAuthentication no
 AllowUsers names_of_allowed_users

Copy ~/.ssh/id_rsa to your Windows client.
Enable Remote Desktop clicking on System --> Preferences --> Remote Desktop:


Now let's configure the router. We need to setup port forwarding on your router. To do that, your pc has to have a static IP. For example, you could use 192.168.1.2. Now redirect your browser here, choose your router, then select SSH and follow all steps. At the end you should have something like this:



WINDOWS CLIENT

Download PuTTy and PuTTYgen
PuTTYgen can import the private key generated on the server and save it in a format PuTTy-readable. Run PuTTYgen, then click Conversions --> Import Key:


Now click "Save private key"
Run PuTTy and follow next steps:



HINT: You have to enter 192.168.1.1 if you're in your home/office lan. If you wanna control a remote pc outside your lan, you have to enter an internet IP address. If your remote computer has a dynamic IP, you can evaluate the possibility to create a hostname that points to your IP address.



Now go back to "Session" and save this setup, then click "Open". Log in with your username and enter the password you have chosen for your private key.

Last thing to do: you need to download a VNC viewer to controll your remote desktop. I really like TightVNC.  Download Viewer executable only and run it:


Insert 127.0.0.1 as VNC Server and click "Connect"

 Enter the password you have choosen for your Remote Desktop

 

Voilà! You can control your remote computer. You can save the connection info not to repeat the last steps.


Click Yes, choose a path to store the informations and create a link on your desktop.

That's all!