[Gloucs] Administration of home computer

[Glyn Davies]

Steve Greig wrote:

> Hi all, I am getting into Linux very much as a home user. My dad's 
> windows computer finally died and about 2 months ago I (with some help 
> partly from you) set him up with a new computer running Fedora. 
> Generally it is going really well and he likes it which is great. 
> However, he does occasionally run into problems which I try and sort 
> out when I get over to where he lives. My question is: would it be 
> possible, indeed sensible, to somehow link his computer with my (or 
> someone else's) computer using broad band connections so I would be 
> able to remotely log into his computer either as root or as a user and 
> then actually see what is going on on his computer and carry out jobs 
> (for example running the up2date routine which I have not taught him 
> yet as he has enough on his plate learning how to use email, browser 
> and word processing already)?
>
> I hope the answer is yes because it would seem such a practical way to 
> maintain a computer in someone's house without having to wait until 
> you have time to get round there.

Steve,

Just to echo what tother Steve said and to add a little bit too.

Use ssh to access the remote machine. It's nice and secure (i.e. no 
plain text passwords over the network). If you use the command
ssh -X -o "Compression yes" remotehostname

you will get X forwarding (tunneled) over ssh (that's the -X) plus the 
ssh traffic will be compressed meaning you will get better performance 
over broadband or dialup links. Note: some versions of the ssh command 
accept the arguments in a friendlier format or have them as defaults. 
Mine doesn't though (FC3). Above, remotehostname is the name (see below) 
of the machine you want to connect to or the IP address.

Before you can ssh in, you have to be able to find your father's machine 
on the Net. One presumes he will have a dynamic IP allocated each time 
he connects. I have been using dyndns for ages to do this. It's free 
although a few quid their way wouldn't hurt. Basically, you run a client 
on the remote machine that registers its IP with dyndns (you need to 
create an account on dyndns first). You can then find the remote machine 
on the Net by referring to its dyndns name i.e. ssh bonzo.dyndns.org 
(bonzo be your Dad's dyndns account). More info at http://www.dyndns.org

Use VNC to give yourself a 'desktop' on the remote machine. This will 
allow you to run all your GUIs. Of course, you can run them without VNC 
but I find they tend startup quicker in VNC desktop (X isn't greater 
over Internet). Also, have the Gnome/kde start menu saves you having to 
remember the command line names of all those apps you see and use off 
the desktop menu. VNC is quite easy to set up. If you want a v. quick 
HOWTO I can post one here.

As said elsewhere, the remote machine should use a firewall, preferably 
as a separate device. If you are looking at buying an ADSL connection, 
get a combined ADSL/router/switch. You can get a £30 one from Ebuyer. 
While the one I played with had an awful firewall (awful to configure) I 
found the Network Address Translation good enough protection (I would 
add that I had another firewall machine behind it for strength in 
depth). An ADSL router/switch will almost certainly provide an Ethernet 
connection as opposed to USB. I think the Ethernet way is much better. 
Configure your modem/router to allow ssh through to your father's 
machine and you should be able to connect to it over the Net. I'd 
configure sshd to only accept connections from one obscure username and 
add that user to the machine. This will stop the brute force attacks 
trying typical username/password combos. It happens a lot and I'm afraid 
steve is just too typical a username. Use a decent password on the 
account too.

HTH

-- 
Best Regards
Glyn Davies