July 29, 2014
 
 
RSSRSS feed

Graphical Remote Control Desktops for Linux, part 2 - page 3

Dynamic DNS setup and Wake-On-LAN (WOL)

  • November 3, 2008
  • By A. Lizard
The port commonly used for SSH on Linux is Port 22. Why not use it? Everyone else knows that too, and if your SSH port is available, it's always possible that an exploit will be discovered against SSH and tested on your server. Some systems also block "commonly used ports", i.e. everything below 1024. So pick something higher that isn't already running a service you actually use. Here is one of many listings of port usage. I am using port 54322 for an example in this discussion. I will explain how to change the port number in the following.

Install ssh and ssh-agent and libpam-ssh. Libpam-ssh is in because the last line of sshd_config says "UsePAM yes" , it seems reasonable that a ssh PAM library should go with this.

# aptitude install ssh ssh-agent libpam-ssh

Below is a list of ssh-related applications found on my server. If these packages aren't all installed with the possible exception of kdessh, there's a good chance this won't work. So do the search command below and install the packages which weren't already installed as part of installing ssh ssh-agent libpam-ssh as real (i) or virtual (v) packages.

# aptitude search ssh
i A kdessh - ssh frontend for KDE
v libnet-ssh-ruby-
i libpam-ssh - enable SSO behavior for ssh and pam
v libssh-dev -
i A libssh2-1 - SSH2 client-side library
i openssh-blacklist - list of default blacklisted OpenSSH
i A openssh-blacklist-extra- list of non-default blacklisted
i openssh-client - secure shell client, an rlogin
i openssh-server - secure shell server, an rshd repl
i ssh - secure shell client/server (metapackage)
v ssh-client -
v ssh-server -

If ssh_config and sshd_config exist, rename ssh_config ssh_config-backup and sshd_config ssh_config-backup. If these files do not exist after you install ssh, get the openssh-client* binary for your distribution, from wherever convenient, do:
  1. $ mkdir extractz
  2. download the files $ wget (use the corresponding file for your distro)
  3. extract the files: $ dpkg -x openssh-client_5.1p1-3_i386.deb extractz
  4. $ cd extractz/etc
  5. copy the ssh_config file into /etc/ssh . Don't worry about sshd_config, you'll get it somewhere else as you will see below.

Open a text editor as root. Copy and paste the ssh_config-backup file into your text editor

Make the following changes to it:
change
# GSSAPIAuthentication no
GSSAPIAuthentication no

change
# CheckHostIP no
CheckHostIP no

find
# IdentityFile ~/.ssh/identity
add:
# changed to enable v2 keys
add
IdentityFile ~/.ssh/id_rsa
IdentityFile ~/.ssh/id_dsa

change
# Port 22
54321 means whatever SSH port ID you decide on through the rest of the install.
Port 54321

if these lines are at the end of ssh_config, delete them:
GSSAPIAuthentication yes
GSSAPIDelegateCredentials no


Save and exit.

Open a text editor as root. Go to this page. If that page is no longer available, get it from www.archive.org It has most of the changes needed to make sshd_config work for NX Server. for Go down to the post with timestamp: ";May 22nd, 2007, 06:42 AM" . Copy and paste the sshd_config file into your text editor.

change
# Port 22
Port 54321


change
#ListenAddress 0.0.0.0
ListenAddress 0.0.0.0


change
AllowUsers nx cwmoser carl sharon
AllowUsers nx username

Username means your server account username, multiple usernames on the host can be added to give them remote access to the server desktop. nx must be in the AllowUsers entry.

If these lines are at the end of the document, comment them out or delete them.
GSSAPIAuthentication yes
GSSAPIDelegateCredentials no


Save to /etc/ssh/sshd_config and exit.

Once ssh is configured:
# /etc/init.d/ssh restart

If you connect via ssh to a terminal session on your system by:
$ ssh username@127.0.0.1
$ ssh username@localhost
$ ssh username@computername
$ ssh username@IP
# ssh root@computername

(IP can be LAN address or your Internet IP address)

there's a good chance your ssh is correctly configured.

If you never got around to creating ssh keys for your machine and yourself, now is the time to do this. If you created these keys quite some time ago, there was a major vuln in an earlier version of the ssh-keygen , earlier keys should be recreated. However, even if correctly configured, you're going to have to make some changes in your setup if you want it to work with NX Server. Note that ssh as a way to open a terminal on a remote computer is a useful debugging tool all by itself, some of the configuration work done the on the NX server setup for this article was done via ssh terminal session from the remote client machine I was not running NX client on because it wouldn't connect.
Sitemap | Contact Us