This is a read-only archive. Find the latest Linux articles, documentation, and answers at the new Linux.com!

Linux.com

Feature: Networking

Simple home networking with SSH

By Drew Ames on October 19, 2007 (9:00:00 AM)

Share    Print    Comments   

The Secure Shell (SSH) network protocol makes it easy to connect computers that are running Linux, share files, and remotely run applications. Along with an X server, it can make sharing a single computer simple on a home network.

In my home, my wife and I need to share a desktop computer -- often at the same time. The computer runs Slackware Linux, and we have individual user accounts, Thunderbird email profiles, Firefox bookmarks, and other documents. Linux gives us the ability to share the computer by using multiple X Window sessions, each on its own virtual terminal. But the computer has only one monitor and one keyboard, which limits us to one user at a time.

To let us use the system concurrently, I bought a laptop computer, installed openSUSE on it, and set up a wireless router. By connecting to the desktop computer using SSH, the laptop functions as an extension of the desktop -- essentially a second keyboard and monitor. Additionally, KDE's Konqueror and the GNOME's Nautilus file manager can use SSH to remotely connect to another computer. The result is a much more efficient way to share resources than shuttling files back and forth with a flash drive.

Configuring the SSH daemon

To set up this kind of network connection, the first step is to make sure that SSH is installed. OpenSSH, an open source implementation of the SSH protocol, is included in most Linux distributions. If it is not on your system, the official OpenSSH application for Linux is available from the download page of OpenSSH's Web site.

Once you're sure you have SSH, you should configure the SSH daemon on the computer to which you want to connect. The configuration file at /etc/ssh/sshd_config, and is well-commented, but it needs a few edits to make it more useful and secure. The file states that:

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options change a
# default value.

So to change an option, delete the number sign from the beginning of the line. At a minimum, you must change three options. As the root user, or from sudo, open /etc/ssh/sshd_config in a text editor, and search for and change the following lines:

  • Change #Protocol 2,1 to Protocol 2. SSH can use two versions of its protocol, with the second more secure than the first. This option forces SSH to use the more secure protocol.
  • Change #PermitRootLogin yes to PermitRootLogin no in order to keep remote users from logging into the computer as the root user. If you need to perform system maintenance or other activities that require root user privileges, use sudo or su to become root after logging in as a regular user.
  • Change #X11Forwarding no to X11Forwarding yes. This option makes it possible to run more than just command-line-based programs over an SSH connection.

Save the file and the SSH daemon is configured for simple home networking. The daemon is usually already running as part of most default Linux installations.

Before you can connect to the host from another machine, you need to know its IP address. As the root user, or with sudo, use the ifconfig command (interface configurator) to determine the IP address of the host computer. Look for the line starting with "inet addr" for the connection type you have ("eth0" for the Ethernet card, "ath0" or a different designation for the wireless card).

Using SSH to run programs remotely

Once the SSH daemon is running, using the SSH service is simple. Open a terminal window and type the following command using your user name and the IP address you found in the step above:

ssh -Y -l username IP address

The -Y switch enables trusted forwarding of X Window applications from the host computer so that they can run in the X Window environment of the client computer. The -l switch allows you to specify the user name you want to log in under. If you leave it off, SSH assumes you want to log in under the user name you are using on the client computer.

I use a simple bash script I keep in my home directory for connecting. Replace the user name and IP address in the script with your own and then save it as ssh_connect.sh:

#!/bin/bash
#ssh_connect.sh
ssh -Y -l user name IP address

Make the file executable, and run the script from a terminal window in your home directory by typing ./ssh_connect.

The first time you log in, you will see a message similar to this:

The authenticity of host 'IP address' can't be established.
RSA key fingerprint is a long string of characters
Are you sure you want to continue connecting (yes/no)?

When you answer "yes," the SSH application adds an entry to a hidden file in your home directory listing trusted hosts.

To run applications remotely, simply type the name of the program on the command line of the terminal you used to connect to the host computer. If you are in X, then X Window applications will run through the remote connection. For example, I type thunderbird& to read my email using that program on the desktop computer from the laptop. The ampersand at the end of the command runs the application in the background so that my command prompt is available while the program is running. Because the computer with the SSH client is acting as an extra keyboard and monitor for the SSH host computer, everything done through the SSH connection is done on the host computer.

Setting up remote folders in KDE and GNOME

By itself, working remotely is a great way to boost productivity, but KDE and GNOME both offer ways to map the host computer as a network folder through an SSH connection, making it easy to copy files between the computers. This in turn makes it possible to use a local application to edit a remote file, rather than running an application on the host.

In Konqueror, click on the Go menu and choose Network Folders, then click on the Add a Network Folder icon. Follow the dialogue prompts by first choosing SSH as the type of folder you wish to add, then filling out the short form. The Name field is any name you want to give to the folder, while the Server field is where you put the IP address of the host computer.

To do the same thing in GNOME, go to the Places menu at the top of the screen and choose Connect to Server. A dialogue box similar to the one in KDE's Konqueror prompts you for the service type (choose SSH), the sever, and optional information -- port (usually 22), the folder to which you would like to connect, your user name, and the name to use for the connection. With both KDE and GNOME, setting up the connection takes only a few seconds.

SSH is a powerful, easy-to-use tool for setting up a simple home network. Application performance over an SSH connection is quick, even on older hardware (both of my computers are Pentium IIIs). In my experience, the host computer does not slow down noticeably when both my wife and I are using it for word processing, email, and Web browsing.

The next time you need to connect two computers, give SSH a try. It is easy to configure and even easier to use.

Drew Ames is a transportation planner in Harrisburg, Penn.

Share    Print    Comments   

Comments

on Simple home networking with SSH

Note: Comments are owned by the poster. We are not responsible for their content.

Simple home networking with SSH

Posted by: Anonymous [ip: 192.168.1.144] on October 19, 2007 11:15 AM
This is over-complicated for providing a second keyboard and monitor onto a GNU/Linux system. The X protocol has always allowed for networked client terminals using XDMCP, and the standard login managers like KDM support both allowing logins from other machines, and letting your client log in to a remote machine. This is the system I use at home and it becomes transparent.

#

Re: Simple home networking with SSH

Posted by: Anonymous [ip: 80.253.52.6] on October 19, 2007 01:52 PM
SSH adds encryption. The link between the two machines is wireless.

#

Re: Simple home networking with SSH

Posted by: Anonymous [ip: 75.168.78.77] on October 19, 2007 11:02 PM
>The X protocol has always allowed for networked client terminals using XDMCP

Great, so write an article telling us how it is done!

#

Simple home networking with SSH

Posted by: Anonymous [ip: 193.175.8.58] on October 19, 2007 12:56 PM
the link "multiple X Window sessions" doesn't work

#

Re: Simple home networking with SSH

Posted by: Anonymous [ip: 216.174.25.7] on October 19, 2007 02:43 PM
Here's the correct link for multiple X windows sessions: http://www.tuxfiles.org/linuxhelp/multiple-x.html

#

Simple home networking with SSH

Posted by: Anonymous [ip: 216.174.25.7] on October 19, 2007 01:38 PM
Here's the correct link for multiple X windows sessions:

http://www.tuxfiles.org/linuxhelp/multiple-x.html

#

Compression option

Posted by: Anonymous [ip: 200.207.152.182] on October 19, 2007 02:22 PM
I agree with the review, sometimes you don't need xdmcp, specially when you need security over wireless or public Internet.
Other thing is that with ssh you can open only one tcp port on a firewall, if you use xdmcp you need to open an insecure one. xdmcp is an unsecure protocol too.

The only thing I add to the review is the possibility to enable compression through ssh tunnels like this:
ssh -p [port] -Y -C user@machine
the -C option enables gzip compression and is useful when you have fast machines and slow connections or restricted bandwidth.

I need to say too that you DON'T need to enable X forwarding in /etc/ssh/sshd_config. It just makes it the default for ingoing connections. If you specify the -Y option in the command line thats all.

#

nice howto

Posted by: Anonymous [ip: 12.169.163.241] on October 19, 2007 05:58 PM
Well done, thank you. SSH is one of the easiest and strongest ways to protect your network traffic.

#

Simple home networking with SSH

Posted by: Anonymous [ip: 207.212.42.120] on October 19, 2007 06:48 PM
dude. You wasted my 10 seconds.

#

Simple home networking with SSH

Posted by: Anonymous [ip: 200.62.107.17] on October 19, 2007 07:52 PM
You might have mentioned the ssh-keygen option so as to eliminate the need for passwords on the home network. Getting the perms right is sometimes tricky on .ssh/authorized_keys

#

Re: Simple home networking with SSH

Posted by: Anonymous [ip: 82.211.203.179] on October 19, 2007 08:26 PM
You can use the ssh-copy-id command to copy your public key to the remote server, that way the file will automaticaly get the right permissions. Of course password login needs to be enabled for that to work.

The command is runned like: ssh-copy-id -i /home/username/.ssh/id_rsa.pub usernameAtRemoteComputer@remoteComputer



For the people who don't know, a key can be generated using: 'ssh-keygen -t rsa', if you save at the default location the ssh commands (including scp but not ssh-copy-id) can automatically find the keys.



You should usually not open an Xforward by default. If can also be opened with 'ssh -X username@remoteComputer'



Maybe I gave too mush irrelevant information. Its just that I find ssh so unlimited useful.

#

Simple home networking with SSH

Posted by: Anonymous [ip: 208.47.135.227] on October 19, 2007 09:06 PM
Just a thought for your original situation of one machine.

http://userful.com/products/free-2-user

I saw it on freshmeat a few times and it looked interesting. Maybe there is a way to build an opensource alternative but its free for non-commercial use.

Note: To maintainers of this sight your human detector could use an upgrade check out
http://www.dublish.com/articles/37.html its an article about a php Captcha that is easy to implement

#

sshfs

Posted by: Anonymous [ip: 143.166.255.57] on October 19, 2007 11:13 PM
Another useful related tool is sshfs. You can mount a remote directory using ssh and access it locally. I use this instead of Nautilus' ssh connection when I want to play music off of a remote computer among other things.

Good stuff!

#

Simple home networking with SSH

Posted by: Anonymous [ip: 68.160.58.51] on October 20, 2007 05:11 AM
Newbie talking,

Thank you for the tutorial but

From what I read, OpenSSH is more likely to be a target on the Internet by bots looking for open port 22? Per http://secunia.com/product/ versions before 4.0 have unpatched security holes. Aren't you asking for it by running a web facing PC w/ OpenSSH. Wouldn't it be advisable to at least run OpenSSH using a user vs. a system wide configuration setting and maybe a front-end firewall appliance?

I assume your talking Red Hat here since Ubuntu's system wide configuration files are in /etc/ssh/ssh_config and user files are in ~/.ssh/config.
Ubuntu doesn't seem to have a "PermitRootLogin yes to PermitRootLogin" that I could find.

Also, shouldn't Port 22 also be enabled to the changed options for communications. It's available in Ubuntu's config file. I do not know about Red Hat.

#

Re: Simple home networking with SSH

Posted by: Anonymous [ip: 75.58.40.192] on October 21, 2007 08:09 PM
Port 22 is closed on the router but open on the local boxes connected to the router. This allows those on the local network to use ssh with anyone on the local network but closes ssh access to anyone outside the local network.

#

broken link "multiple X Window sessions"

Posted by: Anonymous [ip: 69.106.180.102] on October 20, 2007 11:48 AM

Simple home networking with SSH

Posted by: Anonymous [ip: 84.169.131.195] on October 21, 2007 12:26 PM
Thank. Exactly what I needed.

#

Simple home networking with SSH

Posted by: Anonymous [ip: 75.58.40.192] on October 21, 2007 02:56 PM
Port 22 is closed on the router but open on the local boxes connected to the router. This allows those on the local network to use ssh with anyone on the local network but closes ssh access to anyone outside the local network.

#

Simple home networking with SSH

Posted by: Anonymous [ip: 10.11.70.2] on October 22, 2007 04:46 PM
check this out, http://linuxgazette.net/124/smith.html
that method would be more cheaper than buy another laptop.

#

Keep it simple, just SSH in and use console apps.

Posted by: Anonymous [ip: 72.192.21.54] on October 23, 2007 04:18 AM
All of my important communications, writing, and development tools are console apps. So I can just ssh in to our main system (where all of our home dirs live). The GUI is just a tool to juggle Xterms and the occasional browser. I don't rely on it for anything that really matters.

#

Simple home networking with SSH

Posted by: Anonymous [ip: 83.8.198.158] on October 25, 2007 01:45 AM
Thanks for another very interesting article. Keep up the good work. Regards
<a href="http://www.profesjonalna-reklama.pl" target="_blank">Pozycjonowanie</a> <a href="http://www.topblogposts.info" title="Blog">Tom</a>

#

good job

Posted by: Jen on October 31, 2007 02:02 AM
I found http://www.boxsweeper.com has a lot of movies anime music and games!This website is quite great! And it's free for you to streaming and download! Check it out and enjoy it! It will save you much time and money! Don't forgot to thanks me........ha ha

#

Simple home networking with SSH

Posted by: Anonymous [ip: 89.59.191.72] on November 05, 2007 04:17 PM
Thank you for sharing this information
<a href="http://www.yellobook.eu">yellowpages</a>

#

Simple home networking with SSH

Posted by: Anonymous [ip: 85.64.216.48] on November 30, 2007 08:50 AM
Thank you for sharing with us.


<a href="http://www.peoplerecords.com/background-checks/">background check</a>


<a href="http://www.peoplerecords.com/background-checks/">online background check</a>


<a href="http://www.peoplerecords.com/">People Search</a>



<a href="http://www.peoplerecords.com/background-checks/">background checks</a>


<a href="http://www.peoplerecords.com/employee-background-checks/">employe-background check</a>

#

Simple home networking with SSH

Posted by: Anonymous [ip: 88.114.150.221] on December 03, 2007 03:24 PM
wouldn't it be easier to use an ALIAS, instead of a script...
example, alias ssh1='ssh -Y -1 computer@IP.address'

#

Simple home networking with SSH

Posted by: Anonymous [ip: 67.84.33.236] on December 06, 2007 12:33 AM
Why not use FreeNX http://freenx.berlios.de/

#

This story has been archived. Comments can no longer be posted.



 
Tableless layout Validate XHTML 1.0 Strict Validate CSS Powered by Xaraya