Saturday 11 July 2009

Remote Linux Access

Overview

This blog gives instructions on how to login between linux machines without having to enter passwords. It does this using the secure shell client / server programs (ssh and sshd). These use a public/private key pair.

Enabling Programs


On the machine you wish to login to, ensure that the SSH server (sshd) is installed.

Enable it is the Mandriva Control Centre (system / Enable Services)
  • Tick 'on boot'
  • Press 'Start'

Configure the firewall to enable the server to be accessed (security/Personal Firewall):
  • Ensure either ssh or all is ticked

Creating your Public / Private Keys for SSH

The machine infront of you is the SSH client. You need to create a public/private key pair for use in ssh sessions. You only need to do this once on the client machine.
From the machine infront of you, create a public/private keyset:
[steve@crunchie ~]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/steve/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/steve/.ssh/id_rsa.
Your public key has been saved in /home/steve/.ssh/id_rsa.pub.
The key fingerprint is:
3b:4d:5e:21:ee:65:e3:dc:22:21:33:fd:ed:53:d8:fd steve@crunchie
The key's randomart image is:

+--[ RSA 2048]----+
| |
| 2 o. |
| X. ==o= |
| . |
| + o o S |
| *.o |
| X. |
|. - |
| ...oo. |
+-----------------+

Transferring your Public Key to the SSH server

Now, transfer your public key to the machine you want to log into, and set the correct directory permissions:
[steve@crunchie ~]$ cat ~/.ssh/id_rsa.pub | ssh steve@flake 'cat >> .ssh/authorized_keys'
steve@flake's password: *****
[steve@crunchie ~]$ ssh steve@flake 'chmod go-w . ; chmod 700 .ssh ; chmod 640 .ssh/authorized_keys'
steve@flake's password: *****
That's it - you can now open shells up on the target machine without entering a password.
[steve@crunchie ~]$ ssh flake
Setting up X for Remote Access

The machine infront of you is the X server (the server actually draws the windows). Now that you have configured ssh, you won't be prompted for any passwords.

For me, the client machine (the machine on which the applications are started) is called flake:
xauth extract \- $DISPLAY | ssh flake xauth merge \-
Running an Application

this is as simple as sshing into the other machine, and running the application:
ssh flake gedit
Now for the minor complication - when your program exits, the X session remains connected for a period of time, and until the X session closes, ssh will not exit - you have to control-C it.

If you launch your programs from the remote X client / ssh server and re-direct stdin and stdout, this will not happen, e.g.:
[steve@crunchie ~]$ ssh flake
[steve@flake ~]$ gedit < /dev/null >& /dev/null &
[steve@flake ~]$ logout
You can also launch your programs from the X server / ssh client and re-direct stdin and stdout.

I've created a script called 'flake' which I have put in ~/bin on crunchie, my local X server, which is in the path. It closes stdin/out/err and connects to my X client machine (flake) and runs the requested command line program:
#!/bin/sh

exec 0<&- # close stdin
exec 1>&- # close stdout
exec 2>&- # close stderr

ssh flake $* &

Configuring the Menu

You can now create a menu entry, to launch all of the programs on the remote machine, but display the windows here. Select System / Preferences / Main Menu, and create new entries, for example:


Logging In

If you want to have a terminal to connect to a server, added to the menu, the best way to do this is to run the gnome-terminal locally and connect to the remote server:

The command should be:
gnome-terminal -e "ssh remotemachinename"
You could also use an IP address instead of the machine name.

If the remote machine is a Madriva one, it is likely that it contains appropriate environment variables, containing escape sequences which cause the window title to be dynamically changed.

If it is not, you can add something to the start-up script to set the prompt to include the appropriate escape sequences. This is the /etc/profile script on a Freecom FSG3, which uses 'sh' from busybox:

# Set prompt

PS1="[\u@\h \W]\\$ "
export PS1

# Set window title

case $TERM in
xterm*)
PS1="\033]0;\u@\h: \w\007[\u@\h \W]\\$ "
;;
*)
;;
esac
Now, when you login using the new menu entry, the title bar of the window dynamically updates: