Setting up SSH remote access with public key authentication
- Install openssh-server
Edit /etc/ssh/sshd_config, uncomment the line set Password authentication to no.
- Import any SSH public keys you want to authorize and put them in .ssh/authorized_keys, one by line
Restart the SSH service:<br>sudo /etc/init.d/ssh restart
The SSH service can also be controlled via System > Admonostration > Services
Closing ports from outside access, opening only SSH
Install ufw (package: ufw)
- sudo enable ufw
- sudo ufw allow ssh
Setting up secure Remote Desktop access (VNC)
Enable Remote Desktop access in System > Preferences > Remote Desktop
- In the "Advanced" tab, mark "Require encryption"
- sudo ufw allow from 192.168.0.0/16 port 5900
Accessing a server with SSH PKA set
From an Ubuntu client:
- Install openssh-client
- Export your SSH public key to a file
- ...
Setting up a tunnel
Using gstm
- Create a new tunnel
- File all basic information, click Add to add a port redirection
- Use the following information:
- Type: local (as this will be a tunnel originating in a local connection)
- Port: 5959 (or any local port different from other ports in use at the client)
- To host: localhost (or the IP address of your remote host as set within its LAN)
- To port: 5900 (or your remote host's VNC port)
Using putty
Putty for Ubuntu can be installed using Synaptic. It includes the CLI-only puttygen utility.
Putty for Windows and puttygen.exe can be obtained from the projects' website.
Windows: Generate your keypair, copy the public key
- Launch putty
- Optionally increase number of bits or type of key
Click on Key > Generate Keypair". Key generation will begin, remember to move the mouse
Once generated, the keypair must be saved to a known location for future use. That is accomplished by clicking "Save private key".
Within the resulting window, click to select and copy the "Public key for pasting into OpenSSH authorized_keys file". This will be needed on the server side.
Setting up the tunnel
- Launch putty
- In "Session", input the remote system's host name or IP address, change the port is remote host is setup to other than 22.
- Enter a name under "Saved sessions", click "Save"
- On the list of options to the left, choose "SSH"
- Mark bot "Don't start a shell or command at all" and "Enable compression"
- On the list of options to the left, click on the "+" sign just in front of the "SSH" word to expand options under it
- Click on "Tunnels" from the list of expanded options
- Mark "Local ports accept connections from other hosts"
- Under "Add forwarded ports" set:
- Source port: 5959 (or any local port different from other ports in use at the client)
- Destination: localhost:5900 (or the IP address of your remote host as set within its LAN, followed by your remote host's VNC port)
- Make sure "Local" is checked
- Click "Add"
- On the list of options to the left, click on the "Sessions" word, click "Save" to keep the tunnels setup in your session