Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Remote Access and SSH

Remote access is a crucial aspect of server management. The most common method for remote access in Linux is through SSH (Secure Shell). SSH allows you to securely connect to a remote machine and execute commands as if you were physically present.

Setting Up SSH

To set up SSH on your Linux server, follow these steps:

  1. Install OpenSSH Server:

    sudo apt install openssh-server  # Debian/Ubuntu
sudo dnf install openssh-server  # Fedora/RHEL
sudo pacman -S openssh            # Arch Linux

  2. Start and Enable the SSH Service:

    sudo systemctl start sshd         # Start the SSH service
sudo systemctl enable sshd        # Enable SSH to start on boot

  3. Check SSH Status:

    sudo systemctl status sshd        # Check the status of the SSH service

  4. Configure SSH: Edit the SSH configuration file located at /etc/ssh/sshd_config to customize settings such as port number, allowed users, and authentication methods.

    sudo nano /etc/ssh/sshd_config

    Common configurations include:

    • Port 22 (change to a different port for security)
    • PermitRootLogin no (disable root login for security)
    • PasswordAuthentication yes/no (enable or disable password authentication)

  5. Restart SSH Service:

    sudo systemctl restart sshd       # Restart the SSH service to apply changes

    For more advanced SSH configurations, you can set up key-based authentication, which is more secure than password-based authentication. To do this, generate an SSH key pair on your local machine and copy the public key to the server:

ssh-keygen

This command generates a public/private key pair. You can then copy the public key to the server using: Note: id_rsa.pub is the default public key file generated by ssh-keygen with default options.

ssh-copy-id user@server_ip -i ~/.ssh/id_rsa.pub

This command copies your public key to the server's ~/.ssh/authorized_keys file, allowing you to log in without a password.

Connecting to a Remote Server

To connect to a remote server using SSH, use the following command:

ssh user@server_ip

Replace user with your username on the remote server and server_ip with the server's IP address or hostname. If you changed the SSH port, use the -p option:

ssh -p port_number user@server_ip

Common SSH Options

  • -i /path/to/private_key: Specify a private key file for authentication.
  • -X: Enable X11 forwarding to run graphical applications over SSH.
  • -C: Enable compression for faster transfers.
  • -v: Enable verbose mode for debugging connection issues.

SSH Configuration File

You can create a configuration file at ~/.ssh/config to simplify SSH connections. Here’s an example configuration:

Host myserver
    HostName server_ip
    User user
    Port 22
    IdentityFile ~/.ssh/id_rsa

This allows you to connect to the server using:

ssh myserver

Remote File Transfer with SCP and SFTP

To transfer files between your local machine and a remote server, you can use scp (Secure Copy Protocol) or sftp (SSH File Transfer Protocol).

Using SCP

To copy a file from your local machine to a remote server:

scp /path/to/local/file user@server_ip:/path/to/remote/directory

To copy a file from a remote server to your local machine:

scp user@server_ip:/path/to/remote/file /path/to/local/directory
Using SFTP

To start an SFTP session with a remote server:

sftp user@server_ip

Once connected, you can use commands like get, put, ls, and cd to navigate and transfer files:

get remote_file.txt          # Download a file from the server
put local_file.txt           # Upload a file to the server
ls                            # List files in the current directory
cd /path/to/directory        # Change directory on the server

Remote Desktop Access

For graphical remote access, you can use tools like VNC (Virtual Network Computing) or RDP (Remote Desktop Protocol). These tools allow you to access the graphical desktop environment of a remote server.

VNC allows you to remotely control a graphical desktop environment. To set up a VNC server, you can use TigerVNC or x11vnc.

Debian/Ubuntu
sudo apt update
sudo apt install tigervnc-standalone-server tigervnc-common
Fedora
sudo dnf install tigervnc-server tigervnc-server-module
Arch Linux
sudo pacman -S tigervnc
Configuration
1. Set VNC Password
vncpasswd
2. Create VNC Service Configuration
For Debian/Ubuntu and Arch:

Create a systemd service file:

sudo nano /etc/systemd/system/vncserver@.service

Add the following content:

[Unit]
Description=Start TigerVNC server at startup
After=syslog.target network.target

[Service]
Type=forking
User=your-username
Group=your-username
WorkingDirectory=/home/your-username

PIDFile=/home/your-username/.vnc/%H:%i.pid
ExecStartPre=-/usr/bin/vncserver -kill :%i > /dev/null 2>&1
ExecStart=/usr/bin/vncserver -depth 24 -geometry 1024x768 -localhost :%i
ExecStop=/usr/bin/vncserver -kill :%i

[Install]
WantedBy=multi-user.target
For Fedora:

Copy the example service file:

sudo cp /lib/systemd/system/vncserver@.service /etc/systemd/system/vncserver@:1.service

Edit the service file:

sudo nano /etc/systemd/system/vncserver@:1.service

Replace <USER> with your username in the file.

3. Configure VNC Startup Script

Create or edit the VNC startup script:

nano ~/.vnc/xstartup

Add the following content:

#!/bin/bash
xrdb $HOME/.Xresources
startxfce4 &

Make it executable:

chmod +x ~/.vnc/xstartup
Starting VNC Server
Manual Start
vncserver :1 -geometry 1024x768 -depth 24 -localhost

# Enable and start the service
sudo systemctl enable vncserver@:1.service
sudo systemctl start vncserver@:1.service

# Check status
sudo systemctl status vncserver@:1.service
Connecting to VNC
Local Connection
vncviewer localhost:5901

ssh -L 5901:localhost:5901 username@remote-server
# Then connect to localhost:5901
Security Considerations
  1. Always use SSH tunneling for remote connections
  2. Bind to localhost only using the -localhost option
  3. Use strong passwords with vncpasswd
  4. Consider using x11vnc for sharing existing X sessions instead of creating new ones
Troubleshooting
Check VNC server status
vncserver -list
Kill VNC session
vncserver -kill :1
View VNC logs
tail -f ~/.vnc/*.log
Common Issues
  1. Display not starting: Check ~/.vnc/xstartup permissions and desktop environment availability
  2. Connection refused: Verify firewall settings and that VNC is listening on the correct port
  3. Black screen: Ensure your desktop environment is properly configured in the startup script
Alternative: x11vnc for Existing Sessions

If you want to share your current desktop session instead of creating a new one:

Installation
# Debian/Ubuntu
sudo apt install x11vnc

# Fedora
sudo dnf install x11vnc

# Arch
sudo pacman -S x11vnc
Usage
x11vnc -display :0 -auth ~/.Xauthority -localhost -rfbauth ~/.vnc/passwd
Last change: