| Archive for Downsizer For an ethical approach to consumption |
| James |
another maintenance of computer remotely questionI'm setting up my parents with ubuntu & would like to maintain their computer remotely. On the ubuntu forum someone has pointed me towards VNC (which I think was also mentioned in Nick’s thread). I’ve read through the setup of installing VNC & that looks OK, but I don’t understand the principle of using it. How do I actually access my parents machine? what happens? |
||
| Nick |
I've been on the receiving end of VNC. In the corner near the clock is a VNC icon. Hovering over it gives an IP address. When I ring up my IT dept I give them this IP address, and within seconds the background of my PC goes blue, and they can operate my PC.
As for the IT dept end, I don't know. 
|
||
| orangepippin |
You install VNC server on their computer. You install VNC viewer on yours. That is the easy bit. The hard bit is that you need to have remote access to their PC over the internet (normally). That means publishing their IP address on their ADSL router, specifically the VNC "port". You then fire up your VNC viewer and enter their IP address and off you go. It works really well, but is potentially tricky to setup the connectivity in a secure fashion. | ||
| James |
So when I set up their broadband, I’d
1) need to use a Ethernet router (not one of the many spare USB frogs I’ve got knocking about) 2) input the ISP address onto somewhere on the router setup screen, which is then visible to the outside world (so that my end of things can search for it…) What are the risks of making an ISP address public? |
||
| RichardW |
Not quite cos you will have a rolling IP unless you have paid for a static one (which is why nick has to phone his through to the IT dept). So you parents address will change posibly everytime they go online (in reality it only changes occasionaly). A simpler way would be for you to use logmein on both pc's with the added benifit that you can remote view / control the pc from any web enabled pc even if the ip changes as the pc lets the service know its ip every time it logs on. Will also mean no awkward setting up routers & you can use any modem / bb access you want.
Justme |
||
| Barefoot Andrew |
James,
Ubuntu - or any flavour of Unix for that matter - lends itself particularly well to remote control because:- a. you can simply log in at the command line from your Ubuntu machine. You'll need to set up open SSH on both, but it's quite easy. b. X-windows - the underlying graphics system - can send its display to a different machine and not necessarily the one upon which the app/OS is running. This is a fundamental feature of Unix/X and doesn't need VNC to work. I'm a bit pressed for time just now, and will need to come back to you to explain how to do this. It probably won't be today - I'll try and explain how to do all that you need to do some time tomorrow. A. |
||
| James |
Thanks very much Andrew. | ||
| orangepippin |
I think VNC comes with Ubuntu. One advantage of VNC (maybe not for you !) is that it also works very well on Windows PCs ... so you can access your Ubuntu host PC from a Windows or Linux client in exactly the same way.
The most difficult bit, regardless of whether you use VNC or something else, is publishing the IP address, and keeping it secure. It is one of those things that is quite easy to do if you have done it before, but complicated if you haven't! Most ISPs will give you a "dynamic" IP address - changes each time you login. If you want to give someone else (you in this case) access to your PC then you either need to find out what the IP address is each time - or ask your ISP for a static one. Then you need to configure your parent's router to allow incoming access on that VNC port (5900 etc). Preferably you want them to be able to turn this on and off ... otherwise it is setting there online and anyone can have a go at connecting to it. If you have something like a Netgear firewall/router then it is reasonably straightforward to do all this. |
||
| Nick |
Can you explain what the problem is with publishing your IP address? I can see there may be security issues if James' parents use their PC for shopping and such, but with my PCs, they are empty PCs, not connected to anything else (bar a robot), and have nothing but XP and one software application on them. Presumably, I'd have no security worry? or is the issue one of accessibility to viruses, or similar? | ||
| orangepippin |
The issue is that hackers scan the address ranges of the major ISPs looking for open ports. If your firewall and / or XP or not up to date with the latest exploits they might be able to insert program components that allow them to use your PC for their purposes - typically in a denial of service attack on some corporate webserver. However in this case, the parent's PC could have useful identity information such as login names on Amazon or whatever. I personally would not do this - although Ubuntu firewalls are better than XP ones, a firewall is only as good as the person configuring it. | ||
| Barefoot Andrew |
Right then James. I was going to tell you how to use "X forwarding" to get graphical apps running on your parent's machine to display on yours. But I've changed my mind - it can be a bit of a faff, especially to do it securely. So use VNC as suggested previously.
You're going to need to three things:- 1. Set up Open SSH on both your machine and the parental machine. It's quite easy, and you'll find instructions on how to do it here. When you've done this, from a command line on your machine you can 'SSH log in' to your parent's machine and get a command prompt on their system. The channel between your machine and your parents is encrypted and secure. This may well provide all that you need admin-wise; once you've got a command prompt you can use sudo in the normal way to do stuff that needs root access. SSH usually uses port 22, many people choose a different port. Whatever port you use, you might need to tell your parent's firewall (software on the machine, or the broadbrand router) to allow incoming TCP traffic on that port. 2. Set up the VNC server and client. You'll find instructions on how to do this here. Initially you'll just get a direct connection going between the two machines, but when that's working you'll want to get VNC to use a secure, encrypted SSH connection. This is called "tunelling" and is essential. Up to now I've assumed the parental machine will be in your possession during setup. Now that it's all working and you're ready to hand it over, you'll have to address the dynamic IP issue as mentioned earlier in this thread:- 3. Create a free account with DynDNS and download the software to your parent's machine. The software will periodically update your DynDNS account with whatever IP address the parental machine has been assigned. You can connect to the parental machine using a hostname of your choosing (created when you set up the account) without needing to worry about dynamic IP. Good luck! A. |
||
| James |
Thanks very much Andrew.
I'd read about DynDNS as a way of stabelising the ISP to use VNC. I'm foreseeing that much of what I'll need to do will be via the terminal (adding removing & updating software) |
||
| MarkS |
Just do a little reading before installing ssh - theres been a major security flaw patched in the very recent past - you'll want to have the new versions.
ssh is indeed easy. No reason why you cant use a usb 'frog' ? - Although I prefer routers for all sorts of reasons. Many routers have inbuilt support for dynamic dns services anyway. if you have a static IP you can set your parents box only to allow connections in from your address. The IP visible thing just means that people can see your box on the web when they scan an IP range. As long as the box is locked down properly this shouldnt be an issue. Nick - what robots? A couple of years ago I wrote some software for the welsh nhs to do remote connections to robots for pharmacies. |
||
| Nick |
They are Eppendorf liquid handling robots. Which now means Downsizer will come up in google searches and my secret double life will be revealed! 
|
||
| James |
Alcatel speedtouch usb modem. From what I've read, its really an external win-modem. It has no firewall & is a lot slower than an ethernet router. I have 3 of them lying around un-used. There's a very nice little package been written to allow them to be used with ubuntu. |
||
| orangepippin |
I would check with BA, but as a Windows user I personally would not go online with that type of modem and no separate firewall. Linux is supposed to be safer, but even so. | ||
| Barefoot Andrew |
James, if you're using the Alcatel 330 you must have a firewall setup on your Ubuntu machine.
I've not had to do this - I have a separate modem/router/firewall box - but if everything else in Ubuntu is anything to go by it'll be a doddle. Firewalls in Linux are usually based on a mechanism called "ip tables" - which can be a fairly skilled business to get right. Hopefully the Ubuntu firewall feature shields you from the nitty gritty and sets up sensible settings for you. A. |
||
| James |
thanks. I stopped using these in favour of a modem/router/firewall, but figured that if my parents ISP didnt provide a connection device then I could use one of these & set up a firewall on the computer (I dont know how yet, but it must be do-able)
I've also found a "how to" on the ubuntu forum which gives good detailed advice similar to your method, Andrew (expect it uses Hamachi not OpenSSH): How to: Secure remote access via Hamachi & VNC |
||
| Barefoot Andrew |
Hamachi - not heard of that. One learns something new every day 
A. |