Crear un escritorio remoto por ssh en un servidor linux

Crear un escritorio remoto por ssh en un servidor linux. Que duda cabe, que en situaciones especiales echamos de menos que nuestro servidor o vps tenga un entorno gráfico. En esta situación lo mejor es montar una VPN, pero y si no es posible que hacemos. En este interesante articulo, vemos como instalar y configurar un escritorio remoto en nuestro servidor o vps y conectarnos desde nuestro PC domestico. Lo bueno... nos conectamos a traves de SSH, lo que nos ofrece una seguridad extrema, lo malo... se requiere de un server o vps potente, además de un ancho de banda de internet poderoso. Si no cumples estos requisitos igualmente funcionara, pero excesivamente lento.   Crear un escritorio remoto por ssh en un servidor linux Lo primero que debemos hacer, es conectarnos a nuestro servidor permitiendo el reenvío de X y la compresión de datos. Es fácil, accede vía ssh tal como te indico. ssh -XC ip-del-server # o ssh -XC usuario@ip-del-server Una vez estemos conectados, instalamos xauth. # Debian, Ubuntu y derivados sudo apt install xauth # CentOS y derivados sudo yum install xorg-x11-xauth Ahora habilitamos el X11Forwarding, en el archivo de configuración ssh. nnao /etc/ssh/sshd_config Buscas la línea "X11Forwarding", y la modificas por... X11Forwarding yes Guarda el archivo modificado y reinicia sshd. sudo systemctl restart sshd También es aconsejable reiniciar el servidor o vps. sudo Read the full article

Limit standard accounts ubuntu

LIMIT STANDARD ACCOUNTS UBUNTU HOW TO

LIMIT STANDARD ACCOUNTS UBUNTU FULL

LIMIT STANDARD ACCOUNTS UBUNTU PASSWORD

LIMIT STANDARD ACCOUNTS UBUNTU DOWNLOAD

To display soft limits, use option -S: ulimit -S It is also possible to see either of these respective limits with a flag. This view displays a description, the assigned flag (that can be used for changing the limits), and the configuration. Your default values may be different than mine, of course. Let me show you the limits set up for me by default: :~$ ulimit -a If you omit the user_name, it shows limits for you. The -a flag will display all options and their configuration for your specific user name. You can display all kind of limits for a specified user in this manner: ulimit -a user_name Here’s the syntax for ulimit command: ulimit Display all limits for any user The user would be authorized to increase their limit from 25 up to 50. Then, you could establish a hard limit that could not be exceeded by that user (50). This would be your soft limit (let’s say 25). So from the admin perspective, you may prefer your user to hover around a certain value. This is where soft and hard limits come into play. You may be wondering why even set a limit if a user can adjust it. Soft vs Hard LimitsĪs a user, you can actually adjust your ulimit settings. Ulimit allows us to edit that configuration quickly. Your exact location may vary but it is typically something like /etc/security/nf. Ulimit is linked to a security configuration file. In addition to ensuring smooth processing of tasks, it prevents unwanted processes from being able to devour system resources like RAM, and CPU power. This type of control can be enforced at the global, group, and user levels. It is essential for any system to regulate these types of controls. Ulimit is a built-in shell command designed to display, allocate, and limit resources.

LIMIT STANDARD ACCOUNTS UBUNTU HOW TO

You’ll how to use it to control system resource allocations.

LIMIT STANDARD ACCOUNTS UBUNTU DOWNLOAD

You can create multiple users with different directories to securely upload and download files on your server.In this beginner tutorial, you’ll learn about the ulimit command in Linux. In this guide, you successfully set up SFTP on a Ubuntu 20.04 server, then tested connectivity through a terminal session and FileZilla. sftp> cd uploadsĬonfirm creation of the new directory: sftp> lsįileZilla and Cyberduck are the most popular SFTP clients available for Windows, Mac, and Linux desktop to test connectivity using a desktop client. Your output should be similar to the one below: password:Īlso, try creating a new directory within the subdirectory to test user permissions. $ sftp $ sftp (If running within the same server SSH session) Open a new terminal window and log in with sftp using a valid user account and password. Restart the SSH server for changes to take effect. Subsystem sftp /usr/lib/openssh/sftp-server The line below should be uncommented in /etc/ssh/sshd_config: # override default of no subsystems

ForceCommand internal-sftp: Enable SFTP only with no shell access.Īlso, confirm if SFTP is enabled (it is by default).

X11Forwarding no: Don't permit Graphical displays.

AllowTcpForwarding no: Disable TCP forwarding.

LIMIT STANDARD ACCOUNTS UBUNTU PASSWORD

PasswordAuthentication yes: Enable password authentication.ChrootDirectory %h: Restrict access to directories within the user's home directory.Match Group sftpcorner: Match the user group sftpcorner.Match Group sftpcornerīelow are the functions for each of the above configuration lines: Replace sftpcorner with your actual sftp group. $ sudo vim /etc/ssh/sshd_configĪdd the following lines to the end of the file. Using an editor of your choice, open the file /etc/ssh/sshd_config. With the sftp group and user accounts created, enable SFTP in the main SSH configuration file. Then, allow read and write permissions to all files within the home directory. $ sudo chown -R exampleuser:exampleuser /home/exampleuser/uploads Grant the user ownership rights to the subdirectories. Now, create new subdirectories within the user home directory. Restrict the user from accessing files outside the home directory.

LIMIT STANDARD ACCOUNTS UBUNTU FULL

$ sudo adduser exampleuserĮnter the user’s full name, password to continue. Replace exampleuser with your desired user name. $ sudo addgroup sftpcornerĬreate a new user account. Replace sftpcorner with your desired group name. PrerequisitesĬreate a new SFTP Users Group. In this guide, you will set up SFTP User accounts on Ubuntu 20.04, and allow the user to strictly access files within the home directory. It is an improved version of the traditional file transfer protocol (FTP), which adds a layer of security during the file transfer and connection establishment processes. Secure file transfer protocol (SFTP) is a secure way of transferring files between a local and remote computer using an encrypted SSH session.

VcXsrvのインストール

今までUbuntu側へxrdpを入れてリモートデスクトップ接続してた。最近はWindows10+WSL2+VcXsrvでWindowsへX WINDOWを入れると動作が軽いらしいので試してみた。

インストール

VcXsrv

SORCEFORGEのVcXsrvからVcXsrvをダウンロードする。Filesタブをクリックし、vcxsrvフォルダ内の最新版を使った。2022/06/14時点では1.20.14.0。

インストール時の設定は基本デフォルト。ただし、一番最後のAdditional parametersに「-ac」を追加すること。

Desplay settingsはMultiple windowsを選択（左上）、Display numberは-1のまま

Client startupではStart no clientを選択（一番上）

Extra settingsではClipbordとPrimary Selection、Native openglの3つにチェック

Extra settingsのAdditional parameters for VcXsrvに「-ac」を入力！

Configuration completeでSave configurationをクリックして設定を保存できる。保存した設定ファイルをスタートアップに登録すると自動起動するみたい。

VcXsrvの初回起動時にWindows Defenderファイアウォールの設定が表示される。すべてのネットワーク���で許可しておくこと。ここで許可しなかった場合は[コントロールパネル]-[Windows Defenderファイアウォールを介したアプリまたは機能を許可]からVcXsrvにチェックを入れる。VcXsrv windows xserverはプライベートにチェックが入ったものと、パブリックにチェックが入ったものの2つにチェックが入っていればよい。

そのほかに/etc/ssh/sshd_configのX11Forwarding yes設定とかあるかも。その場合はググって。

WSL2

wsl2のインストールはググっていれる。デストリビューションはMicrosoft StoreからUbuntu20.04.4LTSを入れた。

WSL2のubuntuの環境変数設定とx11-app追加

$ export DISPLAY=$(cat /etc/resolv.conf | grep nameserver | awk '{print $2}'):0.0 $ export LIBGL_ALWAYS_INDIRECT=1 $ sudo apt install x11-apps $ xeyes (起動確認。Ctrl-Cで終了） $ $ ssh -XC ユーザ名@ホスト名またはIP sshログイン先のマシン $ xeyes (起動確認。Ctrl-Cで終了）

ssh接続先でLIBGL_ALWAYS_INDIRECT変数設定

どうやらLIBGL_ALWAYS_INDIRECT環境変数はssh接続先で設定しないといけないらしい。 ということでssh接続先の~/.bashrcに以下を追加した。

~/.bashrc if [ -v SSH_CLIENT -o -v DISPLAY ]; then export LIBGL_ALWAYS_INDIRECT=1 fi

ssh自動タイムアウト対策

タイムアウトでssh接続が自動で切断されてしまうと、作業中のウィンドウが消えてしまってヘコむ。その対策。~/.ssh/configファイルを作って以下の設定をしておけばokらしい。

~/.ssh/config ServerAliveInterval 300 ServerAliveCountMax 10

インターバル300（秒）に設定すると5分に1回クライアントからサーバへ生きてる通知を送ってくれるようになる模様。

Installing X11 packages on Centos 8

Installing X11 packages on Centos 8

I ran into an issue the other day where I wanted to have graphic capabilities remotely available. I wanted to use virt-manager to Normally its just a matter of having X11Forwarding=yes in /etc/ssh/sshd_config and then using “ssh -Y USER@IP_ADDRESS”. This of course was not working and that’s because when I installed these servers they were stripped down and no X11 packages were installed. In…

View On WordPress

MacOS: Enabling X11 forwarding when SSHing into a Mac

Late model MacOSes tend to come with sshd configured to not allow X11 forwarding when one is attempting to log into a Mac. To fix this do the following:

Edit /etc/ssh/sshd_config and change/replace the following lines:

X11Fowarding yes XauthLocation /opt/X11/bin/xauth X11UseLocalhost no

The meaning of those magic incantations above is as follows:

X11Forwarding yes: Enable X11 forwarding. This allows X11 data to be tunnelled over incomming SSH connections.

XauthLocation /opt/X11/bin/xauth: This specifies the location of the xauth binary. xauth, according to it's man page is "used to extract authorization records from one machine and merge them in on another (as is the case when using remote logins or granting access to other users.)"

X11UseLocalhost no: By default this configuration option is set to yes, which means that the ssh server only accepts X11 forwarding requests from the localhost, not remote connections (i.e. it listens on the loopback interface for X11 forwarding requests) To cause it to listen for X11 forwarding reqeusts on all interface, and hence support remote X11 servers, change this field's value to no.

Then stop and restart your ssh daemon to get the daemon to pick up the configuration changes. You can do so as follows:

sudo launchctl stop openssh.sshd # Not strictly required sudo launchctl unload /System/Library/LaunchDaemons/ssh.plist sudo launchctl load /System/Library/LaunchDaemons/ssh.plist sudo launchctl start openssh.sshd # Not strictly required

Unfortunately, every time Apple updates your OS, you'll need to redo this work.

Fixed: Detach X11 app and reattach on another? #fix #development #solution

Fixed: Detach X11 app and reattach on another? #fix #development #solution

Detach X11 app and reattach on another?

Given a setup of a headless Linux box running on a network, but having Xorg installed, and having various other machines on the network capable of using SSH with X-forwarding to connect to that box, and have X11 apps run on the local machine, I have an interesting question.

I’m familiar with using ‘screen’ to encapsulate an SSH session such that I can…

View On WordPress

How to: SSH X11 not working #computers #fix #it

How to: SSH X11 not working #computers #fix #it

SSH X11 not working

I have a home and work computer, the home computer has a static IP address.

If I ssh from my work computer to my home computer, the ssh connection works but X11 applications are not displayed.

In my /etc/ssh/sshd_config at home:

X11Forwarding yes X11DisplayOffset 10 X11UseLocalhost yes

At work I have tried the following commands:

xhost + home HOME_IP ssh -X home ssh -X…

View On WordPress

Fixed: SSH X11 not working #programming #it #dev

Fixed: SSH X11 not working #programming #it #dev

SSH X11 not working

I have a home and work computer, the home computer has a static IP address.

If I ssh from my work computer to my home computer, the ssh connection works but X11 applications are not displayed.

In my /etc/ssh/sshd_config at home:

X11Forwarding yes X11DisplayOffset 10 X11UseLocalhost yes

At work I have tried the following commands:

xhost + home HOME_IP ssh -X home ssh -X…

View On WordPress

Fix: What does "Warning: untrusted X11 forwarding setup failed: xauth key data not generated" mean when ssh'ing with -X? #computers #dev #development

Fix: What does "Warning: untrusted X11 forwarding setup failed: xauth key data not generated" mean when ssh'ing with -X? #computers #dev #development

What does "Warning: untrusted X11 forwarding setup failed: xauth key data not generated" mean when ssh’ing with -X?

When I use ssh -X on my Mac (running OS X 10.6.7) to connect to my Ubuntu (11.04) box, I get the following warning:

Warning: untrusted X11 forwarding setup failed: xauth key data not generated Warning: No xauth data; using fake authentication data for X11 forwarding.

Is there…

View On WordPress

Fixed: What does "Warning: untrusted X11 forwarding setup failed: xauth key data not generated" mean when ssh'ing with -X? #computers #answer #development

Fixed: What does "Warning: untrusted X11 forwarding setup failed: xauth key data not generated" mean when ssh'ing with -X? #computers #answer #development

What does "Warning: untrusted X11 forwarding setup failed: xauth key data not generated" mean when ssh’ing with -X?

When I use ssh -X on my Mac (running OS X 10.6.7) to connect to my Ubuntu (11.04) box, I get the following warning:

Warning: untrusted X11 forwarding setup failed: xauth key data not generated Warning: No xauth data; using fake authentication data for X11 forwarding.

Is there…

View On WordPress