I will assume you already have Seahorse installed on your desktop. I will also assume you have access to the remote machine via ssh. With that in mind, let’s get started.

Step 1: Fire up the GUI

You will find the Seahorse GUI in System > Preferences > Passwords and Encryption Keys. Start it up and you will see the standard Seahorse GUI. In that GUI, the tab you want to work with is the My Personal Keys tab. Click on that tab and you will see any personal keys you have already created. If you do not see any, you have to first create a key.

Step 2: Creating a key

Figure 1

To begin the process of creating a key, click File > New and a small window will open (see Figure 1). From that new window click Secure Shell Key and then click Continue. When you do this you will be prompted for the following:

• Key Description.
• Advanced options: Key type and strength.

You can elect to set up the key or just create they key. Click Just Create and you will be prompted to create a passphrase (and confirm the passphrase). Once you have created your key it will appear in the Personal Keys tab.

Step 3: Set up key for secure shell.

The next step is to set that newly created key up to be used for Secure Shell. You need to have access to the remote machine at this point because the key will be automatically copied for you.

Go back to the personal keys tab and right click the key you want to set up for Secure Shell. When you right click it, select the option for Configure Key for Secure Shell. When you select this a new window will open asking for two pieces of information:

• Computer name.
• Login name

If you do not have the computer name in your /etc/hosts file you can just use the computer’s IP address for the Computer Name. For the Login Name you must use a legitimate login on the remote computer. When you have those two pieces entered click Setup and you will be prompted for the remote username’s password. Upon successful authentication the key will have been copied and you are ready to go. You can now ssh to that machine with the added security of ssh key authentication.

In this article I will show you how to take advantage of the secure shell user-specific configuration files.

Assumptions

Naturally this article will assume you have secure shell installed and working. Now these configurations only work for the secure shell client, not the server. I will also assume the client from which you will be connecting from has a working internet connection and the hosts you want to connect to are reachable using secure shell as per normal. With that said, let’s get down to work.

Configuration file location

If you take a look at you ~/.ssh directory you probably will not find a configuration file. Instead you will have to create one. Fear not, it’s simple. The file that secure shell will look for is called config. So open up a terminal window, open up your favorite editor, and create the file ~/.ssh/config.

Possible options

Let’s look at a sample config file. Say you have host ssh.sample.host that is the target host. You want to be able to forward X11 and the username on the host you want to connect to is jack. This configuration file would look like:

Host ssh.sample.host

ForwardX11 yes

User jack

Now when you issue the command ssh ssh.sample.host all you will need to do is enter the user password. This command would replace the usual ssh -l jack ssh.sample.host -X. You could make this even easier by adding an entry for ssh.sample.host in your /etc/hosts file like so:

ssh.sample.host  NICKNAME

Where NICKNAME would be an easy name to remember. So now the command would look like ssh NICKNAME. That is much easier to remember and type.

You can also make options global. Let’s say you don’t want any forwarding of X11 on any ssh connection. For that you can create a section like this:

Host *

ForwardX11 no

This way none of your ssh connections will forward X11.For the global section you might want to add the line:

Protocol 2,1

which will instruct ssh to always use SSH2 first.

Global config

If you like you can edit the /etc/ssh/ssh_config file to make some of these options global. If you do this, the options will apply to all users on the system (including root). If you want more granular control over your users ssh connections, and you have multiple users on a system, go with the user-specific configuration instead.

Final thoughts

Secure shell is certainly the way you need to be making your remote connections to and from your Linux machines. And because secure shell is so flexible, you have numerous options that will allow you very specific control over how users connect as well as making yours and their lives much simpler.

In this article I will show you how to take control of a remote Linux desktop with the help of x11vnc, Remote Desktop Viewer, and secure shell. You will, of course, have to have secure shell access to the remote machine. Other than that you have everything you need. So let’s get to work.

Installation

You will need the following installed in order to take on this task.

Local machine

• VNC client (such as gtk vnc)
• Ssh client (openssh works fine)

Remote machine

• Ssh server (openssh-server works great)
• VNC server (x11vnc is my recommdation)

Fire up your package management tool, search for the above applications, and install each. If you do not already have the secure shell server installed on the remote machine, you will need physical access in order to install the tools. If you already have the ssh server installed you can simply ssh to the remote machine and install the VNC server from command line (such as sudo apt-get install x11vnc) Once you have these installed you are ready to start setting up your connection.

x11vnc

The first thing you need to do is secure shell to the remote machine (we’ll say the remote machine is at IP address 192.168.1.10) and start up the VNC server. From the command line (on the remote machine) you will enter the command x11vnc. This will start the VNC server but you will not get your bash prompt returned to you. To have your VNC server running at all times you could add the line:

x11vnc &

to the end of your /etc/rc.local

The Client Machine

Figure 1

For the purposes of this tutorial I will use the Gtk VNC Viewer. It is a very simple to use, up to date, client. You will find this tool in Applications > Internet. When you first start it up you will see a fairly straight-forward connection window. You only need enter:

• IP Address:Port: IP address and port of the remote machine (in the form of 192.168.1.10:5900). NOTE: x11vnc uses port 5900 by default.
• User name: The user name you will connect with on the remote machine.
• Password: Password of the user on the remote machine.

If you know the above information is correct (and you know you’ll be connecting to this machine again) click the Add button to add the remote machine (as shown in Figure 1).

To connect to the remote machine either enter the information in the text areas and click the Connect button or double click on a saved machine from the list.

Figure 2

When you connect a new, maximized window will open showing your remote desktop (see Figure 2). From this window you can do the following:

• Disconnect: Disconnect from the remote machine.
• Send keys: Send key-combinations to the remote machine.
• Fullscreen: Switch to a full screen window.
• Screenshot: Take a screen shot of the remote desktop.
• Make icon on desktop: Create an icon that allows you to connect to this remote desktop with a double-click.

You can now interact with this remote machine as if it were your own desktop.

Final thoughts

Taking advantage of the remote desktop is a great way to train users or trouble shoot problems on a remote machine. I use this exact setup for a number of clients. It works well.

One tool to help you manage your secure shell connections is the GNOME SSHmenu tool. This helpful application adds a small applet to the GNOME panel that allows you to make secure shell connections with a single click. And not only does this applet make it easy to connect, it also stores multiple connections, so all of your ssh connections are just a click away. In this tutorial I am going to show you how to install GNOME SSHmenu and set up your secure shell connections so you can take advantage of this handy tool.

Installation

If you fire up Synaptic and do a search for “ssh-menu” (no quotes), you will see two entries:

• ssh-menu
• ssh-menu-gnome

You will need to install both of these applications. So mark them both for installation and click the Apply button. Once these packages are installed you are ready to begin.

Adding the applet

Because this is an applet, not so much a stand-alone application, you need to add the applet to your GNOME panel in order to make it available for use. To do this right click the GNOME panel and select Add to Panel. From this new window you can select the SSH Menu Applet entry and then click the Add button. When you do this a window will appear asking if you want to manually add your hosts, or if you want to give the applet a shot at auto-configuring your connections. This auto-configuration reads your ~/.ssh/known_hosts file in order set up your connections.

Figure 1

Of course you might not want all of your connections listed in the applet. For that you can select to manually configure your connections. If you make that choice the window will be dismissed and the SSH applet will appear in your panel (see Figure 1). As you can guess, the SSH applet is indicated by the “SSH” (no quotes).

Manually adding hosts

Figure 2

In order to make your connections you first have to add hosts. Do do this left click the SSH applet and select Preferences. From the Preferences window (see Figure 2) you can add, edit, copy, and remove hosts. You can also (from the Options tab) back up your ssh connections configurations, enable “tear-off” menus, enable “open all windows”, and enable “open all tabs”. click the Add Host button.

Figure 3

When you click Add Host a new window will open (see Figure 3)where you enter the following information:

Title: Name of the connection (this will appear in the SSH applet menu).

Hostname: Address for connection. If you connect with a different username will be in the form username@address.

Geometry: This dictates to the applet the size of the terminal window to open. To make this easy for you can open a terminal, size it to the exact proportions you want, click the Grab button, and then click on that pre-sized terminal window.

Profile: Select Default from this.

If you want to make sure your configuration works, click the Test button and a terminal window will open to your connection.

Usage

Now that you have the applet configured for a connection click the OK button to dismiss the preferences window, left click the applet, select the connection you just created, and wait for the prompt in the window that will open to request your password. Congratulations, you now have your first host set up in the applet. You can create as many as you like and then just select the one you want to connect to from the list.

Final thoughts

This simple tool has made my administration life so much easier. No more opening up terminals and typing ssh commands (or bothering with bash aliases). Now all of my secure shell connections are nothing more than a click away.

With Secure Shell there are a number of ways to use (and configure) this tool to make it more useful and more secure. In this article  you will learn five different (and handy) secure shell tips to make sure your ssh usage is as good as it can be. And for some basic secure shell knowledge, check out my article “Get to know Linux: Secure shell“.

Password-less logon

Have have dealt with this before (as a side note), but wanted to re-iterate this process. Because I use ssh so much I get tired of having to enter passwords constantly. Now I will preface this by saying only do this on a network you trust. Yes you will be logging into ssh with a certificate, and that certificate will be on your machine, but you don’t want to employ this method on a network that can not be trusted. With that in mind, here are the steps for setting this up.

On the local machine issue the command:

ssh-keygen -t dsa

This command will generate a public key that will be then copied to your server. During this creation process you will be asked for a password – just press enter to use a blank password for this. You will have to verify the password, so hit enter again. )

With the key created you have to copy it to the server you want to ssh into. To do this enter the command:

ssh-copy-id -i .ssh/id_dsa.pub username@destination

Where username is the username you will be logging into on the remote server and destination is the IP address of the remote server.

Now when you go to secure shell into that remote machine you will not have to enter a password.

Block root login

Although secure shell is a secure means of logging into your server, you do not want to allow root access (for obvious reasons). Blocking root access is simple. Open up the /etc/ssh/sshd_config file and look for this line:

PermitRootLogin

and make sure it is set to “no” (no quotes). So the complete line will read:

PermitRootLogin no

Once you have saved that file, restart the ssh daemon with the command:

sudo /etc/init.d/ssh restart

Now the root user can no longer log in remotely via ssh.

Enable X tunneling

Secure shell is made even more powerful when you can run a remote X application on your local machine. And what is better is that it’s not difficult at all. In order to allow X tunneling you will first need to open up the /etc/ssh/sshd_config file and search for this line:

X11Forwarding

and make sure it looks like:

X11Forwarding yes

Once that is set save the file, restart sshd, and you are ready to tunnel and X Windows application through ssh. To accomplish this you have to add the -X flag to your secure shell command like this:

ssh -v -l USERNAME IP_ADDRESS -X

Where USERNAME is the username you want to log in with and IP_ADDRESS is the actual IP address of the machine you are logging into.

Final thoughts

There are so many cool tricks and tips with secure shell, but the above three are, in my opinion, the most helpful. Have you come across a helpful ssh tip you’d like to share? Or are you looking for a particular behavior out of secure shell? If so. share with your fellow Ghacks readers.

There is one thing that most Linux backup tools have in common and that is their underlying technologies. In most cases one of the tools that make the GUI backup tools possible is the venerable rsync. Rsync is an incredibly fast and lightweight file copy tool that can not only copy files to and from a local machine, it can also copy over a network connection – which makes rsync an ideal candidate for user-generated backup scripts or cron jobs.

In this tutorial you will learn how easy it is to use rysnc to not only back up specified directories to an external usb drive, but also to backup over a network connection via ssh.

Command structure

The structure of the rsync command is:

rsync [OPTIONS] SOURCE DESTINATION

Where SOURCE is the location of the directory to be backed up and DESTINATION is where the backup will be placed.

Now the structure of the command changes when you are employing a network facility such as ssh. At that point the command structure would look like:

rsync [OPTIONS] ssh SOURCE user@destination:/directory

Where user is the user name on the remote machine, destination would be either an IP address or domain, and /directory is the explicit path to the directory you want to back up to.

Usage

For the first example we are going to backup the directory /home/jlwallen/Documents to the directory /media/disk/BACKUPS. This destination is a directory located on an external USB drive obviously mounted to /media/disk. The command for this backup will be:

rsync -avh /home/jlwallen/Documents /media/disk/BACKUPS

This is where we run into our first “gotcha”. What happens with the above command is that any subdirectory in /home/jlwallen/Documents will be created on /media/disk/BACKUPS. So if you want to create a similar directory structure on the destination you should first create a parent directory similar to that of the source. So before you run the rsync command issue this command:

mkdir /media/disk/BACKUPS/Documents

The new rsync command would be:

rsync -avh /home/jlwallen/Documents /media/disk/BACKUPS/Documents

The options used in the above command are:

• a: Archive mode
• v: Verbose mode
• h: Output in human readable format.

Now let’s backup the same source to a remote location with the help of secure shell. It will help your cause to first make sure you can log into the remove machine via ssh. Once you have that working you are ready to backup. Using our same example we are going to backup to user jlwallen at the IP address 192.168.1.10 to the directory /home/jlwallen/BACKUPS/Documents. To do this the command would look like:

rsync -avhe ssh /home/jlwallen/Documents jlwallen@192.168.1.10:/home/jlwallen/BACKUPS/Documents

The added option is e which allows you to specify the remote shell to use.

You will be prompted for the remote users’ password and then the coping will begin. But what if you don’t want to have to use a password? If you are wanting to set up automated, remote backups you will have to allow this process to happen without entering a password. To do this you have to create an SSH key without a password. Here are the steps for this:

create an ssh key on the source machine with the command:

ssh-keygen -t dsa

Press enter when prompted for a password.

Once the key is created copy that key to the destination key with the following command:

ssh-copy-id -i .ssh/id_dsa.pub username@destination

Where username is the user on the remote machine and destination is the IP or domain of the remote machine.

Now rsync copying can be done without having to enter a password.

Final thoughts

The nice thing about this setup is you can now use rsync to create a cron job for backup automation. Rsync is an incredibly flexible and reliable means for backing up your directories and files. It should be since it is the foundation that so many other backup tools were based on.

Secure shell was created as a replacement for telnet because telnet transmitted unencrypted passwords. The encryption is handled via public key cryptography. Through secure shell the user can issue commands on a remote server or even tunnel the X protocol in order to run remote graphic applications locally.

Using secure shell on Linux will require you to install openssh-clients and if you want to run an secure shell server (so others can secure shell into your machine) you will need to install openssh-server. These can be found in your Add/Remove Program utility. During the installation you will most likely be informed that the installer needs to generate a key. You won’t have to do anything for this key generation. And, depending upon the Add/Remove Program utility that you use you may not even see any sign that this is happening.

Basic usage

To use secure shell you will need to open up a terminal window (gnome-terminal, konsole, aterm, eterm, etc). Once this is open you can begin. The structure of the command is:

ssh OPTIONS REMOTE_SERVER_ADDRESS

Secure shell has quite a list of options available. For a complete listing of these options issue the command man ssh to see them all. But the most useful options are:

• -v This gives verbose output so you can see all output given as a connection is being made.
• -l This allows you to specify a username for the connection.
• -X This instructs the remote server to allow the tunneling of X protocols.

Say you want to connect user jlwallen to server 192.168.1.10 and you want to tunnel X. The command to do this would be:

ssh -v -l jlwallen 192.168.1.10 -X

You would see a good deal of information pass by before you are asked for the users password. If this is the first time you’ve attempted this connection you will be prompted (via Y or N) if you want to allow the addition of a key to be placed in the ~/.ssh/known_hosts file. If you are wanting to make this connection you will have to accept this key.

ssh daemon

Now if you want to have the secure shell daemon running on your machine (so that users can log on) you will have to start the deamon. The ssh daemon (sshd) is started from the init.d system. On a Fedora-like system this daemon is started like so:

/etc/rc.d/init.d/sshd start

On a Ubuntu-based system this daemon is started like so:

/etc/init.d/sshd start

Once the daemon is started users can now log in. NOTE: The sshd daemon runs on port 22 so you will need to have that port open in order to allow connections.

Final Thoughts

Secure shell is one of the better means of logging into a remote machine securly. Sure there are other methods but secure shell is easy to use, reliable, and secure.

Connect Bot is probably the number one must have application for webmasters who operate their own servers. It can be used to log into the server using the phone. For those who do not know what SSH is, it basically allows a user to exchange data using a secure channel between two network devices.

Some examples where this could come in handy would be to restart the web server, configure services or monitor the connections, processes and resource usage while on the road.

The application can be installed right from the Android Market. Must have for any webmaster and admin with their own servers.