[Gloucs] Administration of home computer

Dave Addison dave at redmoor.org.uk
Sun May 1 17:43:54 BST 2005 

Steve Greig wrote:
> 
> ----- Original Message ----- From: "Glyn Davies" <glynd at walmore.com>
> To: "Gloucestershire LUG" <gloucs at mailman.lug.org.uk>
> Sent: Friday, April 29, 2005 11:21 PM
> Subject: Re: [Gloucs] Administration of home computer
> 
> 
>> Steve Greig wrote:
>>
>>> Hi all, I am getting into Linux very much as a home user. My dad's 
>>> windows computer finally died and about 2 months ago I (with some 
>>> help partly from you) set him up with a new computer running Fedora. 
>>> Generally it is going really well and he likes it which is great. 
>>> However, he does occasionally run into problems which I try and sort 
>>> out when I get over to where he lives. My question is: would it be 
>>> possible, indeed sensible, to somehow link his computer with my (or 
>>> someone else's) computer using broad band connections so I would be 
>>> able to remotely log into his computer either as root or as a user 
>>> and then actually see what is going on on his computer and carry out 
>>> jobs (for example running the up2date routine which I have not taught 
>>> him yet as he has enough on his plate learning how to use email, 
>>> browser and word processing already)?
>>>
>>> I hope the answer is yes because it would seem such a practical way 
>>> to maintain a computer in someone's house without having to wait 
>>> until you have time to get round there.
>>
>>
>> Steve,
>>
>> Just to echo what tother Steve said and to add a little bit too.
>>
>> Use ssh to access the remote machine. It's nice and secure (i.e. no 
>> plain text passwords over the network). If you use the command
>> ssh -X -o "Compression yes" remotehostname
>>
>> you will get X forwarding (tunneled) over ssh (that's the -X) plus the 
>> ssh traffic will be compressed meaning you will get better performance 
>> over broadband or dialup links. Note: some versions of the ssh command 
>> accept the arguments in a friendlier format or have them as defaults. 
>> Mine doesn't though (FC3). Above, remotehostname is the name (see 
>> below) of the machine you want to connect to or the IP address.
>>
>> Before you can ssh in, you have to be able to find your father's 
>> machine on the Net. One presumes he will have a dynamic IP allocated 
>> each time he connects. I have been using dyndns for ages to do this. 
>> It's free although a few quid their way wouldn't hurt. Basically, you 
>> run a client on the remote machine that registers its IP with dyndns 
>> (you need to create an account on dyndns first). You can then find the 
>> remote machine on the Net by referring to its dyndns name i.e. ssh 
>> bonzo.dyndns.org (bonzo be your Dad's dyndns account). More info at 
>> http://www.dyndns.org
>>
>> Use VNC to give yourself a 'desktop' on the remote machine. This will 
>> allow you to run all your GUIs. Of course, you can run them without 
>> VNC but I find they tend startup quicker in VNC desktop (X isn't 
>> greater over Internet). Also, have the Gnome/kde start menu saves you 
>> having to remember the command line names of all those apps you see 
>> and use off the desktop menu. VNC is quite easy to set up. If you want 
>> a v. quick HOWTO I can post one here.
>>
>> As said elsewhere, the remote machine should use a firewall, 
>> preferably as a separate device. If you are looking at buying an ADSL 
>> connection, get a combined ADSL/router/switch. You can get a £30 one 
>> from Ebuyer. While the one I played with had an awful firewall (awful 
>> to configure) I found the Network Address Translation good enough 
>> protection (I would add that I had another firewall machine behind it 
>> for strength in depth). An ADSL router/switch will almost certainly 
>> provide an Ethernet connection as opposed to USB. I think the Ethernet 
>> way is much better. Configure your modem/router to allow ssh through 
>> to your father's machine and you should be able to connect to it over 
>> the Net. I'd configure sshd to only accept connections from one 
>> obscure username and add that user to the machine. This will stop the 
>> brute force attacks trying typical username/password combos. It 
>> happens a lot and I'm afraid steve is just too typical a username. Use 
>> a decent password on the account too.
>>
>> HTH
>>
>> -- 
>> Best Regards
>> Glyn Davies
> 
> Hi All,
> thanks very much for your helpful suggestions. It is quite a long term 
> project for me but I am definitely keen to pursue it and will get 
> googling using your advice as a starting point. Also, thanks for 
> comments about thread hijacking and also top-posting. I am afraid I 
> plead guilty to both these but will reform from now on. When I had a 
> look at my dad's computer it turned out that the only problem was that 
> he had inadvertantly hidden the address toolbar on his browser and that 
> was enough to stop him in his tracks. I got it back and explained how he 
> can do that himself in future. As a matter of interest would the type of 
> PuTTY / ssh approach you are suggesting actually allow me to make a 
> change like that to his browser or are there limits to what I would be 
> able to change on his computer remotely?
> Best wishes from Steve
> 
The linux version of ssh will take a "-X" parameter. This will enable 
the forwarding of X11 data over the link. This means you could use "ssh 
-X user at machine" to get a prompt and then run the browser from the 
command line. The browser will then be displayed on your screen.

Dave
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
Url : http://mailman.lug.org.uk/pipermail/gloucs/attachments/20050501/501d76f8/signature.bin

More information about the gloucs mailing list