Setting up SSH remote access with public key authentication

  1. Install openssh-server
  2. Edit /etc/ssh/sshd_config, uncomment the line set Password authentication to no.

  3. Import any SSH public keys you want to authorize and put them in .ssh/authorized_keys, one by line
  4. Restart the SSH service:<br>sudo /etc/init.d/ssh restart

The SSH service can also be controlled via System > Admonostration > Services

Closing ports from outside access, opening only SSH

  1. Install ufw (package: ufw)

  2. sudo enable ufw
  3. sudo ufw allow ssh

Setting up secure Remote Desktop access (VNC)

  1. Enable Remote Desktop access in System > Preferences > Remote Desktop

  2. In the "Advanced" tab, mark "Require encryption"
  3. sudo ufw allow from 192.168.0.0/16 port 5900

Accessing a server with SSH PKA set

From an Ubuntu client:

  1. Install openssh-client
  2. Export your SSH public key to a file
  3. ...

Setting up a tunnel

Using gstm

  1. Create a new tunnel
  2. File all basic information, click Add to add a port redirection
  3. Use the following information:
    • Type: local (as this will be a tunnel originating in a local connection)
    • Port: 5959 (or any local port different from other ports in use at the client)
    • To host: localhost (or the IP address of your remote host as set within its LAN)
    • To port: 5900 (or your remote host's VNC port)

Using putty

Putty for Ubuntu can be installed using Synaptic. It includes the CLI-only puttygen utility.

Putty for Windows and puttygen.exe can be obtained from the projects' website.

Windows: Generate your keypair, copy the public key

  1. Launch putty
  2. Optionally increase number of bits or type of key
  3. Click on Key > Generate Keypair". Key generation will begin, remember to move the mouse

Once generated, the keypair must be saved to a known location for future use. That is accomplished by clicking "Save private key".

Within the resulting window, click to select and copy the "Public key for pasting into OpenSSH authorized_keys file". This will be needed on the server side.

Setting up the tunnel

  1. Launch putty
  2. In "Session", input the remote system's host name or IP address, change the port is remote host is setup to other than 22.
  3. Enter a name under "Saved sessions", click "Save"
  4. On the list of options to the left, choose "SSH"
  5. Mark bot "Don't start a shell or command at all" and "Enable compression"
  6. On the list of options to the left, click on the "+" sign just in front of the "SSH" word to expand options under it
  7. Click on "Tunnels" from the list of expanded options
  8. Mark "Local ports accept connections from other hosts"
  9. Under "Add forwarded ports" set:
    • Source port: 5959 (or any local port different from other ports in use at the client)
    • Destination: localhost:5900 (or the IP address of your remote host as set within its LAN, followed by your remote host's VNC port)
    • Make sure "Local" is checked
    • Click "Add"
  10. On the list of options to the left, click on the "Sessions" word, click "Save" to keep the tunnels setup in your session

FabiánRodríguez/VNCtunneling (last edited 2009-02-25 18:04:08 by modemcable178)