Using DSL and ssh / ssh-server to access the Windoze desktop GUI

On2ndThought · 06-23-2008, 04:24 PM

Given that I'm using DSL at the moment, I'd initially intended to post this question on their forum site. But a) DSL forums is not allowing me to post for some bizarre reason, and b) this question could perhaps be better solved by all-purpose Linux geniuses.

OK, so here I am, another Linux newbie. But I have a need, and I hope someone here can point me in the right direction to figure out the problem for myself.

To give just a smidgen of background. I have a home LAN with 2 desktops, both using WinXP. My goal is to use my PCLOS laptop, to be able to access the full Windoze GUI of both of those desktop PC's. Sometimes I'll be doing this from within my home (via wifi), and other times from out in the wide wide world via the internet. At this time I am not yet ready to convert the desktop machines to Linux, but who knows what the future may hold. Although I've had PCLOS installed on my laptop for a few months, I haven't had the time to devote to really learning Linux the way I want, and as a result I still consider myself darn near a newbie. I'm very very comfortable in a CLI environment, but only when I know what commands I need, or what commands are available to be used. Way back in the day I used to use the command line almost exclusively on my various comps, but back then I knew what I was doing and what commands were available to me. These days I've gotten fat and lazy with GUI's showing me pretty pictures of what I can do. So I've got no problem with typing, I just need someone to point me in the right direction so I can figure out WHAT to type.

This past weekend I went to my first LUG meeting, and I can't praise those guys enough. They helped me with many various issues on my PCLOS laptop. When I mentioned my goal of using the laptop to access the desktop machines, one of the guys there told me about the way he uses ssh tunneling to do exactly that from his laptop. Unfortunately I've forgotten his name, and don't have any of his contact info.

He showed me how he logs into the Windoze PC's at his office from his laptop using ssh tunneling. He also showed me what to do on Windoze to turn on the remote access. Then he showed and clearly explained exactly what he types on his laptop to access the PC's at his office. It was pretty cool when he used his laptop there to log into one of his office machines, and was working in Windoze just like if he was sitting in front of it at his office.

He also explained that for it to work, I'd need an ssh server on my LAN, and fortunately I had an old 800Mhz, 384MB PC out in the garage just collecting dust and cobwebs. So, after the LUG I took it inside, cleaned it out, and fired it up with the latest version of DSL (v4.4.2). Given that I'm still a Linux newbie, I really didn't know which distro would be best for my needs, but I'm familiar with the philosophy of DSL, and after giving a serious look at the info online about Puppy, decided to go with DSL. (I did download and briefly try out DSL-N, but got scared away by the fact that it is still only a release candidate, and not yet final.) My primary reason for going with DSL is it's tiny footprint on system resources. I know that with DSL I could use that machine just like a 'real' computer. But until I get more familiar with Linux in general, most likely it will just sit off to the side and work almost exclusively as a ssh server.... and possibly a ftp server if I ever get a wild hair.

After a bit of messing around, I decided on a 'frugal install', and added a number of 'cheat-codes' to the grub menu.lst. Things like ssh, ftp, cron, syslog, nfs, fuse, and so on. I also added the pointers for home=, opt=, and mydsl=, so I could have persistence and allow my changes to be saved/restored.

My problem now is, I'm at a total loss on how to configure this DSL box to be my ssh server. When I set up the boot 'cheat-codes', I initially thought that adding 'ssh' would do what I needed. But that was just a guess, and honestly I don't know what adding 'ssh' really does. Logically, at some point I would need to actually configure the ssh-server, but I don't have a clue where to go in DSL to do that. I've done a bit of googling for ssh, and ssh-server, but most of what I found was about passwords and logging in with/without passwords, and doing things like file transfers or simple Command Line access. So far I've found very very little about full-blown remote access to the Windoze GUI. Most of what I've found on that topic is just telling that it is possible to do so, without really explaining how to do it using only ssh-server and ssh. And, sadly, I've not come across anything about doing this specifically in DSL. All the info I've found so far is for other distros. (Which surprises me because it would seem that a DSL set-up like mine would be idea for lots of people with the same desire, and who have an old machine in the closet collecting dust that could work perfectly as their ssh-server.)

I've seen a number of references to things like Putty, and VNC, and a few others -- special programs to run on Windoze, or in Linux. But the guy I saw just made the whole thing so simple without any of that other stuff. In a nutshell he told me: just use any distro to get an ssh-server running, turn on remote access in Windoze, and use ssh from my laptop. When he explained and SHOWED it, it all seemed that simple, clean and painless. Piece of cake. So I'm not deeply opposed to using some other programs, but why go the long way when this should be so simple? Thus far I think I've accomplished the last 2 steps, now I need to figure out how to finish doing the first.

So my questions are, is there ANYONE out there who can tell me what to do to turn on and configure the ssh-server in DSL? Also, does anyone out there either have experience with, or can easily explain what I need to do next to complete my goal? I played with ssh on my laptop last night, but made no progress. I'm guessing that is probably due to my ignorance, and not knowing how to set up DSL properly as an ssh-server.

FYI, I'm using a 2wire modem/router/NAT. I've already configured the 2wire and both Windoze boxes so that those comps will have the same LAN IP each time they boot. I believe I've also been successful in configuring the 2wire to open up port 22 and forward it to the DSL box. And, in the software firewall on my Windoze machines, I've opened port 3389 to allow remote access. I know that to make this work long term, I will need to set things up so I can tell ssh (on my laptop) to go to a specific domain, rather than an IP, because my modem's IP will change over time. I've done that sort of thing before for a friend, so I know how to do that. Overall I think I've made a good start. Beyond this though, I am at a brick wall, and I think it's because I don't know what I'm doing with regards to the ssh-server on DSL.

BTW, just so you know, the command he typed to access his work comp was:

Code:

ssh domain.com -p 22 -l username -L 127.0.0.1:3390:192.168.0.99:3389

Where: domain.com is the domain he'd already preconfigured. I think username is the username on the ssh-server (but I could be wrong on the username). 127.0.0.1 is the localhost on his laptop. I can't remember how 3390 was derived. 192.168.0.99 is the LAN IP of the comp he wanted to access. And 3389 is the default port used by Windoze for remote access.

One other note, I'm not dead-set on using DSL. I picked it because it is literally custom made for old systems like I have. But given that I may never use that old PC for anything more than ssh and possibly ftp, then perhaps an other larger distro could fit into the resources available and be made to work. The HD in this box is currently 6GB, but if I absolutely had to, I could throw in a 10GB or even 40GB HD. At the moment I'm not using those larger drives, but I was planing something for them down the road. So I'd rather continue with the 6GB that's already there, but I could use one of the larger ones if absolutely necessary for a different distro.

Thanks so much for reading this amazingly long post! Hope some of you geniuses out there can lead me to the info I need to make this ssh thing happen for me.

Regards,
Brian

JimBass · 06-23-2008, 10:13 PM

A couple of things. Most likely, the configuration for the ssh server is likely to be in /etc/ssh. That is the general location regardless of the type of linux you use. Also, there is nothing wrong with DSL, and you probably won't find this being any easier on another version. The functionality of linux is pretty consistent across all flavors, meaning you won't find one that can do things others can't. The differences are more about the method used to package and install software.

The command you have will work well, then only thing you're missing is the RDP software for linux on your laptop. That command opens a SSH tunnel to the windows machine at IP 192.168.0.99 in your example, and the way to connect to its RDP port of 3389 is to connect to your port 3390. So when you fire up the RDP client on your laptop, have it connect to 127.0.0.1 at port 3390. You could also use port 3389 by changing the connect command to:

Code:

ssh domain.com -p 22 -l username -L 127.0.0.1:3389:192.168.0.99:3389

That is generally inadvisable to windows machines, but as your linux laptop has no RDP server running, there is no problem connecting at that particular port.

This is a copy of a sshd_config from one of my systems. Another key piece of this puzzle is that the ssh server needs to have X forwarding enabled. You don't actually need X windows on the server, but it needs to forward the X settings to your client (your laptop). In any case, this config will work for what you want, although it does require keys for access, you can't log in with a password the way I have this setup, from the file /etc/ssh/sshd_config:

Code:

# Package generated configuration file
# See the sshd(8) manpage for details

# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes

# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 768

# Logging
SyslogFacility AUTH
LogLevel INFO

# Authentication:
LoginGraceTime 120
PermitRootLogin without-password
StrictModes yes

RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile     %h/.ssh/authorized_keys

# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes

# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no

# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no

# Change to no to disable tunnelled clear text passwords
PasswordAuthentication no

# Kerberos options
#KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no

#MaxStartups 10:30:60
#Banner /etc/issue.net

# Allow client to pass locale environment variables
AcceptEnv LANG LC_*

Subsystem sftp /usr/lib/openssh/sftp-server

UsePAM yes

I hope that helps, and if you hit more stumbling blocks, post and we can help.

Peace,
JimBass

On2ndThought · 06-24-2008, 12:05 PM

Wow! I think that may be exactly what I needed! Thanks so much Jim!

Due to my schedule, I won't have time to really dig into it until this weekend, but you've already given me 50% of what I need.

After reading your post, I went to my package manager and searched for RDP. The only program that came close was RDesktop. I googled that, and found a nice link here telling how to use it.

It was great! My laptop logged into my desktop Windoze machine from within my LAN on the very first attempt! No futzing around with different parameters, just gave it the LAN IP of my Windoze desktop, and Whoop, There It Is! AWESOME! (Only one utterly trivial let-down was that I couldn't figure out how to get the resolution above 800x600x16k, but I CAN live with that, so not a big deal)

Now all I need to do is install your script on the DSL machine, figure out what you were talking about re:RDP, do the keys stuff (not to worry, I've found several very informative links on that when I was researching ssh before), and then I think I'll be good to go! AWESOME!

Again, thanks so much Jim!

JimBass · 06-24-2008, 11:28 PM

The original command you posted was not simply to connect to a windows machine via RDP, but to connect where you normally couldn't. It passes traffic aimed at a specific port to another one. The advantage is you only need to have one port open on the firewall for SSH to get in, then you can use tunnels to get at anything else you want, port 80 for web, 3389 for RDP, 5900 for VNC, or whatever. Also, since all your traffic is going through an SSH session, it is encrypted. So somebody sniffing your traffic can't steal your username and pass because it was never sent in simple plain text.

There is no magic to using RDP on the LAN, it is just using it over the public net that you need to get creative with. With the sshd_config I posted, only key authentication works, so opening port 22 for SSH isn't much of a risk at all, only people who've already established an account with an SSH key on your box can actually connect that way.

Peace,
JimBass

jiobo · 11-16-2008, 02:17 PM

Quote:

But the guy I saw just made the whole thing so simple without any of that other stuff. In a nutshell he told me: just use any distro to get an ssh-server running, turn on remote access in Windoze, and use ssh from my laptop. When he explained and SHOWED it, it all seemed that simple, clean and painless. Piece of cake

Yeah, it is a piece of cake! If you have done it before...

At the DSL boot prompt: dsl norestore secure ssh
Then, enter in root password and dsl password.
This will boot up DSL with ssh server running.

Then, on your Linux PC you run ssh and login to DSL:
> ssh dsl@<ip_of_dsl_machine>
Enter in dsl password that you created earlier.

That's it! You are connected!
If you get stuck on the IP part of it, post again or email me. On DSL you would see the IP to the right under uptime and Linux kernel version.