Setup SSH and VNC over the internet

This year my partner and I went away on holiday. Since i didnt want to take my external drive with me and didnt have much room on my portable drive I decided to setup my router & computer so I could use ssh to access the drive.This is how I accomplished it.

First thing i did was to change the default ssh port , as I wanted to make it a little bit more secure. This was acheived by editing /etc/ssh/sshd_config and changing the line Port 22 to Port 2222. Now that this had been done i had to foward that port from the modem to the router to the computer. This is different for different routers, best to consult your modem and/or router’s manual on how to do this. If like me you have more than one computer you’d like to access via the internet make sure you change their ports aswell , and i would suggest using a different port per computer, ie something like 2220 2221 2222 etc.

My Setup was the Modem (192.168.1.1) port fowards ports 2220 – 2222 to the router (192.168.1.2, which is seen by the computers as 192.168.0.2) which in turn fowards those ports to the computers ie port 2220 is fowarded to 192.168.0.100 , which because I’ve setup the router to assign it’s Ip’s based on the mac addresses will always be the same computer. I would suggest doing the same , again since how to do this may differ best to consult your modem/router’s manual.

Since I was not sure that my Ip would change i setup a small script which email me and made this a cronjob , below is the script and what my cronjob looked like

#!/bin/bash
sendemail -f myuser@myisp.co.nz -s smtp.myisp.co.nz -xu myuser@myisp.co.nz -xp mypassword -o tls=no -t myuser2@alternateemail.com -m “ip=$(curl ifconfig.me/ip) kernel=$(uname -r) Uptime=$(uptime | awk {‘print $3’}), Hostname=$(hostname)”

30 5,9,12,15,18,21 * * * /home/ben/.conky/email.sh

I would get an email at 30 minutes past every hour specified (5,9,12,15,18,21), which would look something like this

ip=12.345.67.890 kernel=3.6.9 Uptime=39, Hostname=hostname

I was also wanting to setup ssh so i could view the webcam whilst away. I could have setup camorama to access the webcam over ftp , but again I chose ssh to do this. So again I opened /etc/ssh/sshd_config and changed X11Forwarding no to yes. The when started ssh from the client it would similiar to ssh -X -p 2220 ben@12.345.67.890 , once logged in I could then export the display export DISPLAY=localhost:10.0 , to find out which display , echo $DISPLAY I could now access the webcam by using

ssh -X -p 2220 ben@12.345.67.890 “camorama”

After doing so , I decided to also setup vnc , just in case i was wanting to use this , but i didnt want to always have the daemon running. X11vnc allows me to do this , so before I could vnc into the desktop i had to login using ssh first and manually start X11vnc. I also added a password file , the downside to this password file , is that it’s a plain text file but if anyone had ssh access or physical access it’s a bit too late to think about that. Like setting ssh I used a different port.
the line to start x11vnc was

x11vnc -rfbport 6660 -rfbauth mypasswordfile
Again I set the modem to foward port 6660 to the router which in turn fowarded that port to the desktop.

On the client (in this case gtkvnc) I could access the vnc with 12.345.67.890:6660 and when prompted the password contained in mypassword file.

And that is how I setup my desktop so that I could securely access my desktop and/or webcam whilst on holiday. I would also recommend setting up an encrytped key pair for ssh , so that know one can see you typing your password. I have previously explained how to do that here , http://sneekygeekers.com/2012/09/11/how-to-connect-to-an-ssh-share-on-boot-using-sshfs

Also you could setup bash aliases for your ssh, x11vnc and exporting the display. I wrote a quick guide http://sneekygeekers.com/2012/08/26/how-to-save-time-in-terminal-with-bash-aliases/

Advertisements
Tagged with:
Posted in 01Ben, Computers, Linux

Please feel free to leave a reply.

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Archives
Categories

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 69 other followers

%d bloggers like this: