Tuesday, May 18, 2010

Remote Maintenance Setup for Linux machines

The "computer guy" in the family often takes on some unofficial sysadmin duties. To make those easier the first step is to convince them to get rid of Windows and install Linux instead. That alone takes care of most of the work, however once you are there you might want to add remote maintenance. Here is a simple setup using ssh and dyndns.

First you need to sign up for an account with dyndns (which is free). You need to pick a name for the machine you want to administer remotely - let's call it falcon for this example setup. Also let's assume that this is the machine of your brother Norman, who uses the login norman.

They let you pick a domain name from the drop-down list, for the example we chose falcon.homedns.org.

The way dyndns works, is if you connect to the internet and get assigned a new IP number (the typical setup for home users) you need to sign in to dyndns and update the IP number. Each time someone tries to reach falcon.homedns.org they will get the IP number which was enter into dyndns' database the last time it was updated. This works very quickly - as soon as you update the number in their database, a ping to falcon.homedns.org will go to the new IP address.

This would be awkward if it had to be done manually and luckily it doesn't. Most routers provide a feature which does that automatically each time they connect to the internet. If that's not the case there are also shell scripts which can handle the task.

Ok, so now we have a way to reach ping falcon's router. We want to connect via ssh, so we need to open the ssh port (that's port 22) on the router and map it to port 22 on falcon. That again needs to be done in the router's setup. (Since falcon's home network looks like a single machine to the internet, you need to tell the router to which PC the incoming ssh request should be directed.)

So now falcon needs to have a ssh demon running so you can connect to it from the internet - normally you just need to check in your distribution's package tool that sshd is installed. (Also you may want to install x11vnc at this point - more on that later.)

With this setup we can securely tunnel into falcon from our home machine. Assuming we have a login and a password and also the administrator password that allows to look under the hood, maybe install a package or something like that. However for trouble shooting it's often convenient to see the user's desktop.

Since falcon is your brother Norman's machine we need to login to his account like that:

ssh -L 5900:localhost:5900 norman@falcon.homedns.org

This way we login with ssh on falcon as the user norman and at the same time redirect the VNC server port of falcon to our local machine.

To see what our brother Norman sees on his screen we need to see the X-Server display 0 - we can do that with the program x11vnc. On falcon type the following:

x11vnc -display :0 &

Now on your own machine you can start a vncviewer like this:
vncviewer :0

(For vncviewer it looks like it's connecting to the local machine, since ssh has redirected the VNC port of falcon to your local PC.)

Now you'll get a window which shows you exactly what's on Norman's screen, and you can move his mouse, type etc. He can see what you are doing on his desktop (which is great for teaching) and you can see what problem he has.

If Norman's upstream connection to the internet is relatively slow you can fiddle with the settings of vncviewer or use e.g. krdc instead on chose the "low quality" setting.

This works really smoothly for me.


Words of caution
:

This gives you complete control of Norman's machine, you can even turn on the webcam and see what is happening in front of the machine. You need to make Norman aware of that, he needs to be able to decide if he wants to entrust you with so much control.

Furthermore, while SSH is a secure protocol it allows anyone to connect to the machine if they have the right password to Norman's user account - the password better be good! Also since we are using this in combination with dyndns, we are opening ourselves up to a man-in-the-middle attack. Make sure that the password for dyndns is also a good one, but this is not complete protection. Ideally only let Norman open the SSH port on the router when you actually need it.

To summarize:
  • Inform the user of the security implications
  • Set a good password for the user account
  • Set a good password for dyndns
  • Keep bugfixes installed, especially sshd must be up to date
  • Only keep SSH port open as long as you need it

Thursday, May 6, 2010

First Step and Installing xv on Ubuntu

Instead of the first step, I'll first update the instructions for installing xv on Ubuntu (see here). Surely all reasonable people would agree that world peace can wait a little longer.

The occasion for the update is a new laptop on which I installed Ubuntu 10.04 - the install went smoothly and I wanted xv on the machine again.

This time I just pasted the package names from the last post into synaptic and let it resolve the dependencies right away. I found that xlibs-dev and libpng-dev were not available anymore, but they were not needed either. All other steps of the original post are still applicable as written.

Thursday, April 22, 2010

Fixing a problem with pulseaudio

I had a problem on my new machine - after bootup there was no sound. Starting "pulseaudio volume control" (= pavucontrol) I could see in the "Output Devices" tab, that the sound was muted. Just clicking on the mute button would enable sound.

However each time I would boot the sound was muted again. Also in the system log I found this:

alsa-mixer.c: Your kernel driver is broken: it reports a volume range from 18.00 dB to 18.00 dB which makes no sense.

(Not quite certain if that's actually related to the mute issue, but perhaps pulseaudio turns the output off because the driver reports an invalid volume range.)

Anyway I didn't want to unmute this all the time, so I figured out how to let pulseaudio do the job:

First enable sound manually via pavucontrol, then in a terminal window enter:

pacmd "dump" | grep set-sink

This will give a list of commands which pulseaudio has executed on your system. In my case the list looked like this:

set-sink-volume alsa_output.pci-0000_00_07.0.analog-stereo 0x3068
set-sink-mute alsa_output.pci-0000_00_07.0.analog-stereo no


That means that my audio "sink" (the part which plays the sound on my PC) is named alsa_output.pci-0000_00_07.0.analog-stereo and it was unmuted with:

set-sink-mute alsa_output.pci-0000_00_07.0.analog-stereo no

(Your sink will likely have a different name.)
So now this command just needs to be added to /etc/pulse/default.pa which pulseaudio executes automatically on startup.

The file can be edited like this:

sudo kate /etc/pulse/default.pa
(kate is just a texteditor, use vi if you are able or any other editor which is available on your system.)

At the end of the file just add this:

### disable MUTE
set-sink-mute alsa_output.pci-0000_00_07.0.analog-stereo 0


(Of course here you need the name of the sound sink on your system, I put mine there only as an example.)

And that's it, after the next reboot the sound is automatically on.

Thursday, September 10, 2009

Installing xv on Ubuntu

The following worked for me in Kubuntu 9.04:

Become superuser:
sudo su
(alternatively just add sudo in front of each "apt-get")

Then install these packages - a lot of these were already up-to-date on my system, but I've installed other software, so maybe they are not always included per default:

apt-get install dpkg-dev
apt-get install xlibs-dev
apt-get install zlib-bin
apt-get install zlibc
apt-get install libc6-dev
apt-get install libjpeg62-dev
apt-get install libpng-dev zlib1g-dev
apt-get install libtiff4-dev
apt-get install zlib1g-dev
apt-get install libpng3
apt-get install libpng12-dev
apt-get install libpng12-0
apt-get install x11proto-core-dev
apt-get install libx11-dev
apt-get install libxt-dev
apt-get install libjasper-dev

Additionally I added a link

sudo ln -s /usr/lib/libjasper.a /usr/local/lib/libjasper.a


Then I got the xv source:

wget ftp://ftp.cis.upenn.edu/pub/xv/xv-3.10a.tar.gz

The patches and diffs from here: http://www.gregroelofs.com/greg_xv.html

wget http://prdownloads.sourceforge.net/png-mng/xv-3.10a-jumbo-patches-20070520.tar.gz
wget http://www.gregroelofs.com/code/xv-3.10a-enhancements.20070520-20081216.diff



Unpack everything
tar xvzf xv-3.10a.tar.gz
tar xvfz xv-3.10a-jumbo-patches-20070520.tar.gz

Go into the directory, patch and compile:
cd xv-3.10a
patch -p1 < ../xv-3.10a-jumbo-fix-enh-patch-20070520.txt

make


This gives you the executable xv in the current directory,
test it by running:
./xv

Monday, August 10, 2009

Blog started

I'll write a proper blog post tomorrow.