Ubuntu Remote tool- Part1
Today I would like to share how I used these remote services under Ubuntu. If we are restricted from transferring files from Windows to Linux or connecting to the server, setup these tools will definitely help us be more productive.
In the past decade we have been using USB disks or thumb drives or even USB storage, but today it’s all about the network. Obviously, I think transfer by the network is much more convenient than using USB storage.
I am going to cover transfer on both Linux to Windows in my next blog, but right now I am going to cover only the remote connection tool such as:
SSH
Telnet
XRDP
VNCserver
UFW(firewall)
Remote tool
1. SSH
- Step1: Install package openssh-server:
sudo apt install openssh-server - Step2: Check SSH Services:
sudo systemctl status ssh
- Add firewall rule for ssh(option):
sudo ufw allow ssh - Step 3: Login client to current(ssh server)
Several ways you can do:
Login to the local server: sudo ssh localhost
Use the client to log in to the current server, you can use third-party tool (window) such as:putty or terteam-related tool.
Linux user login use this command : ssh username@ip_address
2. Configuring an SSH login without a password (option)
Continue from above, you can configure ssh password, next time make connect you don’t have to enter a password again, this is an option.
SSH Server : 192.168.126.131
SSH Remote Host : 192.168.126.137
Step1: Create Authentication SSH-Keygen Keys on server(192.168.126.131)
$ssh-keygen -t rsa -b 4096
or
$ssh-keygen -t rsa
Step2: Upload SSH Key to SSH client — 192.168.126.137
Use SSH from server 192.168.126.131 and upload a new generated public key (id_rsa.pub) under user .ssh directory(/home/username/.ssh) to client host 192.168.126.137. Client side .ssh directory generate authorized_keys
$ ssh-copy-id ssh-copy-id username@host-ip-address
Step3 Login from ssh server 192.168.126.131 to ssh client 192.168.126.137, should not prompt password.
Note: First time must enter a password, second time will not need to key in password
$ ssh test@192.168.126.137 #test is my username
Reference:
3. telnet
- Install telnetd:
sudo apt install telnetd -y - check status:
sudo systemctl status inetd
3. Adding telnet rule to firewall: sudo ufw allow 23
Or
Assign single IP to the rule: $sudo ufw allow from 192.145.50.33 to any port 23
Or subnet: sudo ufw allow from 192.145.50.0/24 to any port 23
4. Login from telnet host to the telnet server. you can use thrid-party tool, like putty or terateam, or window ssh command.
4. XRDP
If you want to connect to window PC from ubuntu, you have to use this tool. Before knowing this tool, I use VNC to connect to the window, but the window needs to have a server.
- Install XRDP
sudo apt install xrdp - enable the services:
sudp systmctl enable --now xrdp - Add firewall rule
sudo ufw allow 3389 - edit startwm.sh
gedit /etc/xrdp/startwm.shadd this in it:
unset DBUS_SESSION_BUS_ADDRESS
unset XDG_RUNTIME_DIR
. $HOME/.profile5. Test window remote to ubuntu PC or server
remote desktop command: MSTSC
Reference:
https://www.gushiciku.cn/pl/pE5s/zh-tw
5. VNCserver:
There are a lot of different vnc server, I am showing you
tightvncserver
tigervnc
x11vnc
1. Tightvncserver
- Install Tightvncserver
#sudo apt install tightvncserver
2. Configure VNCServer
- start vncserver and set vncpassword:
$vncserver - It will ask you to enter your password like below:
You will require a password to access your desktops.
Password:
Verify:
Would you like to enter a view-only password (y/n)? n
New 'X' desktop is chenchih-VirtualBox:1
Creating default startup script /home/chenchih/.vnc/xstartup
Starting applications specified in /home/chenchih/.vnc/xstartup
Log file is /home/chenchih/.vnc/chenchih-VirtualBox:1.log- Note: If you ever want to change your password or add a view-only password, you can do so with the vncpasswd command
vncpasswd
3. install the Desktop environment
You can use many different types of Desktop environment
#sudo apt install xfce4 xfce4-goodies
if you want to reconfigure please use this command: sudo dpkg-reconfigure lightdm
4. Configuring the VNC Server, backup config file (option)
5. edit xstartup file nano ~/.vnc/xstartup add below into the file.
#!/bin/bash
xrdb $HOME/.Xresources
startxfce4 &
Note: Save and close the file after adding these lines. If you used nano,save the file by pressing Ctrl+O, hit the Enter Key, and exit the same using Ctrl+X.
6. change xstartup executable permission
VNC server will be able to use this new startup file properly, you’ll need to make it executable chmod +x ~/.vnc/xstartup
7. Run VNC server: vncserver
When you run it, it will run background, and display your port, as you can see below the 2 => which means port 5902, if 1 is equivalent to 5901 . The next step will show you how to see your port.
You can also use: vncserver :1
or
vncserver :1 -geometry 1920x1080 -localhost no
8. check which port vnc use by this command:$netstat -tlnp or $vncserver -list
Above 5901, 5902, 6001, and 6002. Usually, if you run it one time vncserver it will only generate one port.
you can also use this command to list all vnc port and process ID:vncserver -list
6. stop vnc server
vncserver -kill :1 1 is port 5901
7. Install a vnc client, and test it.
You can install VNC third-party tools such as VNCviewer, or UtraVNC.
8. Running VNC as a System Service (startup) [option]
- edit this file:
sudo nano /etc/systemd/system/vncserver@.serviceand add below in it
[Unit]
Description=Start TightVNC server at startup
After=syslog.target network.target[Service]
Type=forking
User=chenchih
Group=chenchih
WorkingDirectory=/home/chenchihPIDFile=/home/chenchih/.vnc/%H:%i.pid
ExecStartPre=-/usr/bin/vncserver -kill :%i > /dev/null 2>&1
ExecStart=/usr/bin/vncserver -depth 24 -geometry 1280x800 -localhost :%i
ExecStop=/usr/bin/vncserver -kill :%i[Install]
WantedBy=multi-user.target
2. reload it and enable it
sudo systemctl daemon-reload
sudo systemctl enable vncserver@1.service
3. check services either one
sudo systemctl status vncserver@1
systemctl list-units — all — type=service — no-pager
2. TigerVNC
- Install Desktop Environment : gnome-session:
sudo apt-get install gnome-session-flashback - Install tigerVNCserver
sudo apt-get install tigervnc-standalone-server2 - Add VNCpassword
Add vncpassword: vncpasswd
$ vncpasswd
Password:
Verify:
Would you like to enter a view-only password (y/n)? n4. configure VNC setting: $ nano ~/.vnc/xstartup and add below in the file:
#!/bin/sh
unset SESSION_MANAGER
unset DBUS_SESSION_BUS_ADDRESS
export XKL_XMODMAP_DISABLE=1
export XDG_CURRENT_DESKTOP="GNOME-Flashback:GNOME"
export XDG_MENU_PREFIX="gnome-flashback-"
[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey
vncconfig -iconic &
gnome-session --session=gnome-flashback-metacity --disable-acceleration-check &Note: Save and close the file after adding these lines. If you used nano, save the file by pressing Ctrl+O, hit the Enter Key, and exit the same using Ctrl+X.
5. Change permission : sudo chmod +x ~/.vnc/xstartup
6. Start VNCServer
vncserver -localhost noor
vncserver :1 -geometry 1920x1080 -localhost no
we can check vncserver port : sudo vncserver -list
7. Stop vncserver: vncserver -kill :1 1 is port
8. Use vnclient to connect to vncserver, you can wither use 192.168.50.83:5902 or 192.168.50.83:2
3. X11vnc
- Install lightdm
sudo apt-get install lightdm - Install x11vnc
sudo apt-get install x11vnc - test it run
x11vnc
Note: we don’t need a password
4. add x11vnc.service sudo nano /lib/systemd/system/x11vnc.service
[Unit]
Description=x11vnc service
After=display-manager.service network.target syslog.target
[Service]
Type=simple
ExecStart=/usr/bin/x11vnc -forever -display :0 -auth guess -123456 password
ExecStop=/usr/bin/killall x11vnc
Restart=on-failure
[Install]
WantedBy=multi-user.target5 add x11 to systemctl
systemctl daemon-reload
systemctl enable x11vnc.service
systemctl start x11vnc.service
6. reboot
7. check status : systemctl status x11vnc.service
8. test again, will ask for your password.
Password is where you set in the x11vnc.service
9. press do not lock the screen under setting>privacy
If lock the screen after reboot will not be able to connect
10. restart and test again
Reference:
https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-vnc-on-ubuntu-20-04
https://www.crazy-logic.co.uk/projects/computing/how-to-install-x11vnc-vnc-server-as-a-service-on-ubuntu-20-04-for-remote-access-or-screen-sharing
https://yan-wyb.com/2021/07/12/vnc-server.html
https://tecadmin.net/install-vnc-server-on-ubuntu-20-04/
Part2: UFW firewall
Step 1. Check ufw status and services
In this section, I’m going to share the firewall setting, enable port or services. It is a useful setting you should know.
- Check Firewall Status
$sudo ufw status, default Firewall is disabled - Enable and disable Firewall
Enable:
$sudo ufw enabledisable:
$sudo ufw disable
- check firewall services status or is installed or not :
$sudo systemctl status ufw
If not installed, please install it by
$sudo apt-get install ufw
Step 2. Set firewall rule
- set default rule:
Set default rule :
sudo ufw default allow # default allow
sudo ufw default deny #
- adding rule with allow or deny port or services name
sudo ufw allow ssh #services name
sudo ufw allow 22 #services port, port 22 is ssh
sudo ufw deny ssh
sudo ufw deny 22
check port add-in firewall rule status, so it will add both Ipv4 and IPv6
If you don’t want Ipv6, please edit sudo nano /etc/default/ufw and Ipv6 change to NO .
- Adding specific IP address rule
sudo ufw allow from 192.168.11.10 # allow 192.168.11.10
sudo ufw allow from 192.168.11.0/24 # allow 192.168.11.1~192.168.11.25
sudo ufw deny from 192.168.11.4 # block 192.168.11.4
- assign IP with specific port rule
sudo ufw deny from 192.168.11.7 to any port 22
Step 3. delete rule
- check your port first
sudo ufw status numbered
- delete rule:
sudo ufw delete 2
You can also delete it like this:
sudo ufw delete allow http
sudo ufw delete allow 80
you can also use reset : sudo ufw reset
Reference:
https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-with-ufw-on-ubuntu-20-04
