Remote Terminal Session

This tutorial explains how to create a desktop connection between GNU-Linux computers by using a terminal. The steps 1 to 4 are only to do the setup. Once they have been done, the ssh connection will only require 1 command to connect.

  1. Check the software dependencies

    Call ssh --help from the terminal. Normally it is already installed by default! If not, simply use (as root): apt-get install ssh for Debian based distributions, or pacman -Suy openssh for ArchLinux.

  2. Allow root access with password

    Open the configuration file nano /etc/ssh/sshd_config and find the line containing PermitRootLogin without-password. Modify it with PermitRootLogin yes and save the file.

  3. Restart the daemon and check if it is correctly running

    • To restart the daemon use: systemctl restart sshd.
    • To check its state: systemctl status sshd.
  4. Allow access to the ssh port of the server trough the firewall

    1. Identify the local ip of the server

      Use as root the command: ifconfig (or ip route on ArchLinux), it will output something like this:

      Root Terminal
      
      root@server-computer:/home/rsm# ifconfig
      eth0      Link encap:Ethernet  HWaddr 5c:26:0a:4b:6c:d9  
                UP BROADCAST MULTICAST  MTU:1500  Metric:1
                RX packets:0 errors:0 dropped:0 overruns:0 frame:0
                TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
                collisions:0 txqueuelen:1000 
                RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
      
      lo        Link encap:Local Loopback  
                inet addr:127.0.0.1  Mask:255.0.0.0
                inet6 addr: ::1/128 Scope:Host
                UP LOOPBACK RUNNING  MTU:65536  Metric:1
                RX packets:5790 errors:0 dropped:0 overruns:0 frame:0
                TX packets:5790 errors:0 dropped:0 overruns:0 carrier:0
                collisions:0 txqueuelen:0 
                RX bytes:1864588 (1.7 MiB)  TX bytes:1864588 (1.7 MiB)
      
      wlan0     Link encap:Ethernet  HWaddr b4:82:fe:56:a0:e2  
                inet addr:192.168.0.11  Bcast:192.168.0.255  Mask:255.255.255.0
                inet6 addr: fe80::b682:feff:fe56:a0e2/64 Scope:Link
                UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
                RX packets:190415 errors:0 dropped:0 overruns:0 frame:0
                TX packets:224162 errors:0 dropped:0 overruns:0 carrier:0
                collisions:0 txqueuelen:1000 
                RX bytes:44354470 (42.2 MiB)  TX bytes:61141837 (58.3 MiB)				 
      	                        

      Since I'm using a wifi connection, the information is at the wlan0 block. We are searching for the line: 192.168.0.11. If you do that over different computers, you will realize that only the last number changes, in this case it is 11 (Do not forget that number).

    2. Connect you to the firewall

      Normally navigating with your browser to the url: http://192.168.0.1/ will open your firewall. If it doesn't, write over a search engine something like: <my network provider name> configure modem. Ex: numericable configure modem

    3. Add the access to the port 22

      Each Internet provider has a different interface, but normally this can be done trough: Network > Advanced > Open Ports. My interface is in French so I can't really help you, but the point is to find a menu with something like this:

      NameStarting PortEnding PortProtocolLocal Ip Adress
      ssh2222TCP192.168.0.11

      *The green colors are the one I filled, and the 11 number is the one we previously found.

      Validate by using the send or add button, and the firewall step will be finished.

  5. Request a connection Client → Server:

    Use the commandssh <user>@<server ip>, Ex: shh root@82.215.80.120. Then if the ssh is activated, you will be asked to enter the user's password. If the password is okay and the ssh configuration doesn't block the access to the ip or user, you will login!

    Terminal
    
    rsm@client-computer:~$ ssh root@82.215.80.120
    root@82.215.80.120's password: 
    root@server-computer:~#
    	    			
  6. Secure the server

    If you performed all the following steps, you can realize that anyone can perform brute force attacks to your computer and get full control of it. If you think that this wont happen, you are wrong. There is like 99% of chance that it happens you since there are online viruses constantly searching for this vulnerability. The most know malware is XOR.

    There are many ways of protecting from this, but the one I use is the Ip restriction. I find Ip restriction very cool because it avoids making complicated passwords, and you can be sure that no other ip will connect. Of course, this solution only works for people who always works from known ip's.

    To use this protection you have to edit the file /etc/ssh/sshd_config:

    Add at the end of the file the following line: AllowUsers <user>@<ip> <user2>@<ip>. Ex:AllowUsers root@82.216.93.120 djuser@82.216.93.120 (As you can see multiple entries are separated by an space, and not a comma)

    Once you have modified and saved the file, you must restart ssh: systemctl restart sshd

    Bonus: Checking if some one is trying to hack your computer!

    The following command will show you the invalid logins: cat /var/log/auth.log | grep 'sshd.*Invalid'

  7. Bonus: How to synchronize files!

    This is something really easy to do thanks to rsync. An example to synchronize a folder /home/A over the client with a folder /home/B over the server, by using the root account:

    rsync -av --delete --stats /home/A root@2.216.93.120:/home/A.

    For more information take a look to rsync.

Info

  • Published on August 7, 2015.
  • Last modified on December 19, 2019.

Send a feedback

captcha