Thursday, March 11, 2010

Project: Building An All-Text Linux Workstation - Part 13

Don't touch that dial!  Even the most die hard GUI fans among you will enjoy this.

You may have noticed that throughout this series, I have posted screen shots of the applications used on our all-text Linux workstation; screen shots that obviously are taken from a graphical desktop, so what gives?  Am I lying about this being an all-text workstation?  Not at all.  I do take the screen shots on a graphical desktop.  How?  By logging in to the workstation remotely from another computer.

One of the great joys of Unix-like operating systems (such as Linux) is the way they work with networks.  Much of the Internet's technology was developed on Unix systems and it shows.  Ever wonder why URLs use forward slashes?  Unix pathnames!

Back in the early days of my Unix career (the mid-1990s), there was a idea going around (foisted by the marketing people at Microsoft) that the newly introduced Windows NT was going to rapidly "kill" Unix.  Real Unix people knew this to be patent nonsense (though many of their pointy-haired bosses did not) because NT lacked an essential feature.  It didn't support remote administration.  I remember system admins complaining bitterly about how to fix even simple problems on NT, they had to travel to the machine and work the graphical interface personally.  Meanwhile, my team and I were managing a national network consisting of hundreds of Unix workstations and servers from our little office.  The only time we ever had to travel to a site was to replace hardware.

Over the years, there have been several Unix technologies used to perform remote administration.  Today, the overwhelming favorite is SSH (Secure SHell).  SSH allows the creation of a secure encrypted tunnel between machines through which can flow any number of network protocols.  It's most common use however is simple command line access to a remote system.

It works like this: a local machine runs a SSH client program that talks to a remote machine running a SSH server.  Every Linux system I have ever used comes equipped with a SSH client but most distributions do not install the server by default.  This is unfortunate since almost every system can benefit from remote administration.

Installing The OpenSSH Server

The most popular SSH implementation in the Linux world comes from the OpenBSD project.  It's called OpenSSH.  It is usually broken into two packages: the openssh-client package and the openssh-server package.  The client package is usually installed by default but we will need to install the server package on our workstation.  We can do this with the following command:

me@linuxbox:~$ sudo apt-get install openssh-server

That's all there is to it.  After the package installs, the service will start and our workstation can now be remotely accessed.  To demonstrate, we will open a terminal window on another machine on our network and use the SSH client program (called ssh) to log into our workstation:

bshotts@twin2:~$ ssh me@linuxbox
The authenticity of host 'linuxbox (192.168.1.7)' can't be established.
RSA key fingerprint is bf:bb:0e:9b:af:a1:dd:e0:b6:44:48:79:97:2f:34:97.
Are you sure you want to continue connecting (yes/no)? yes

The ssh program is invoked with this syntax:

ssh [user@]hostname

where user is an optional user name and hostname is the network name (or IP address) of the machine we want to connect with.  If the user name is omitted, ssh defaults to the name you are currently using on the local system.

The first time you connect with a remote system, ssh warns you that it has never seen this remote machine before.  One of the security features of SSH is that it authenticates the remote systems you talk to.  This ensures that the machine you are talking to really is the machine you think it is.

After answering "yes" to the prompt, ssh adds the remote system to its list of remote hosts that it will recognize in future sessions:

Warning: Permanently added 'linuxbox' (RSA) to the list of known hosts.

Finally, it prompts you for the user's password on the remote system. 

me@linuxbox's password:


Once that is entered, you are logged in!



From here, you can use any of the applications on the workstation just as if you were sitting in front of the workstation's console.

To end a SSH session, use the exit command:

me@linuxbox"~$ exit
Connection to linuxbox closed.
bshotts@twin2:~$

Executing A Single Command On A Remote System

We can also use the ssh program to remotely execute a single command on our workstation.  For example, we could ask our workstation about its uptime and load:

bshotts@twin2:~$ ssh me@linuxbox uptime
me@linuxbox's password:
 13:58:39 up 2 min,  0 users,  load average: 0.10, 0.14, 0.06
bshotts@twin2:~$

If a command follows the hostname, ssh will execute the command on the remote system and the command's output is transferred to the local machine for display.

Copying Files Using SSH

In addition to the ssh program, the openssh-client package also provides two additional programs used for securely copying files to and from remote systems.  The first is scp (secure copy) which is used much like the regular cp command.  To copy a file named somefile.txt to the home directory of user me on the workstation, we would do this.

bshotts@twin2:~$ scp somefile.txt me@linuxbox:
me@linuxbox's password:
somefile.txt                                  100%   10     0.0KB/s   00:00

To place the file in a specific directory (and/or rename the file) on the remote system, follow the hostname with the pathname of the desired destination:

bshotts@twin2:~$ scp somefile.txt me@linuxbox:/user/local/share/shared_file.txt

The second file copying program is sftp (secure ftp) which is a version of the ftp program that uses SSH for transport.  Remember, the ordinary ftp program sends all of its data over the network unencrypted (including user names and passwords), making it unsuitable for use over the Internet.

Using The GUI With OpenSSH

The sftp protocol makes another feature possible.  Most graphical file managers support it.  From our graphical desktop we can move files to and from the remote workstation.  Here's how:

In GNOME, we go to Places -> Connect to Server...  and fill out the dialog as follows:





We will next be prompted for the password on the remote workstation:




After that, voila!  We're browsing the file system on the remote workstation:




Adding Additional Users

With the ability to remotely connect to our workstation, it would make sense to add some user accounts.  This way, more than one person can be using the workstation at the same time.  To add a user account for an imaginary user named "user1", we would do this:

me@linuxbox:~$ su -
Password:
linuxbox:~# adduser user1
Adding user `user1' ...
Adding new group `user1' (1001) ...
Adding new user `user1' (1001) with group `user1' ...
Creating home directory `/home/user1' ...
Copying files from `/etc/skel' ...

Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully

Changing the user information for user1

Enter the new value, or press ENTER for the default
        Full Name []: Workstation User 1
        Room Number []:
        Work Phone []:
        Home Phone []:
        Other []:
Is the information correct? [Y/n] Y

linuxbox:~# exit

logout
me@linuxbox:~$

Now user1 can log in to the workstation with the command:

ssh user1@linuxbox



Deleting A User Account

This command will remove the above user account, if desired:

deluser --remove-home user1

Invite Your Friends!

Next time you have your Linux buddies over with their laptops, surprise them with individual user accounts on your awesomely configured all-text workstation.  You'll be the hit of the party!

Further Reading

The man pages for ssh, scp, sftp

SSH is covered in The Linux Command Line (Chapter 17):

OpenSSH:

Windows users need not feel left out.  PuTTY is a popular SSH client for Windows:
Other installments in this series: 1 2 3 4 5 6 7 8 9 10 11 12 13 14

3 comments:

  1. Could a link trail be created that shows all of the 'All-Text Linux Workstation' articles? I'm enjoying the articles but it is hard to read the series. Thanks.

    ReplyDelete
  2. There is a link to the series under "Labels" in the right hand column. Glad you are enjoying the articles!

    ReplyDelete
  3. Great series, the power lies in the commandline.

    The great thing 'bout Linux platforms is that everything is a text file and therefore readable and changeable by Linux commands.
    No binary garbage in the Windows world ;], this way it is easy to write your own tools/solutions

    Oebele

    ReplyDelete