Skip to main content

Ubuntu Remote Access

Introduction

Remote access allows you to connect to and control your Ubuntu system from a different location or device. This capability is essential for server administration, working from different locations, and managing headless systems (computers without monitors). In this guide, we'll explore various methods to establish secure remote connections to Ubuntu systems.

Remote access solutions in Ubuntu typically fall into two categories:

  • Command-line access: Perfect for server management and running commands remotely
  • Graphical access: Ideal when you need to interact with the Ubuntu desktop environment remotely

SSH: Secure Shell

SSH (Secure Shell) is the foundation of secure remote access on Ubuntu systems. It provides encrypted command-line access to your system.

Installing SSH Server

Ubuntu desktop doesn't come with SSH server installed by default. To install it:

bash
sudo apt update
sudo apt install openssh-server

After installation, the SSH service should start automatically. You can verify its status with:

bash
sudo systemctl status ssh

Output:

● ssh.service - OpenBSD Secure Shell server
     Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
     Active: active (running) since Mon 2023-07-10 15:23:18 UTC; 5s ago
       Docs: man:sshd(8)
             man:sshd_config(5)
    Process: 4312 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=0/SUCCESS)
   Main PID: 4313 (sshd)
      Tasks: 1 (limit: 4621)
     Memory: 1.1M
        CPU: 34ms
     CGroup: /system.slice/ssh.service
             └─4313 "sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups"

Connecting via SSH

To connect to your Ubuntu system from another computer:

bash
ssh username@ip_address

For example:

bash
ssh [email protected]

The first time you connect to a server, you'll see a fingerprint verification prompt:

The authenticity of host '192.168.1.100 (192.168.1.100)' can't be established.
ED25519 key fingerprint is SHA256:abcdefghijklmnopqrstuvwxyz123456789.
Are you sure you want to continue connecting (yes/no/[fingerprint])?

Type yes to continue. This adds the server to your known hosts file.

Basic SSH Configuration

SSH configuration is stored in /etc/ssh/sshd_config. Here are some important settings you might want to change:

bash
sudo nano /etc/ssh/sshd_config

Common configuration changes:

# Change the default SSH port (more secure)
Port 2222

# Disable root login
PermitRootLogin no

# Allow specific users only
AllowUsers username1 username2

# Disable password authentication (require key-based auth)
PasswordAuthentication no

After making changes, restart the SSH service:

bash
sudo systemctl restart ssh

SSH Key-Based Authentication

Using SSH keys instead of passwords significantly improves security.

  1. Generate SSH keys on your client machine:
bash
ssh-keygen -t ed25519 -C "[email protected]"
  1. Copy your public key to the server:
bash
ssh-copy-id [email protected]

Alternatively, you can manually add the key:

bash
# On your local machine
cat ~/.ssh/id_ed25519.pub
# Copy the output

# On the remote machine
mkdir -p ~/.ssh
nano ~/.ssh/authorized_keys
# Paste the key and save
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
  1. Now you can connect without a password:
bash
ssh [email protected]

SSH Tunneling

SSH tunneling allows you to securely forward network traffic through an encrypted SSH connection.

Local port forwarding (access remote service locally):

bash
ssh -L 8080:localhost:80 [email protected]

This forwards your local port 8080 to port 80 on the remote server. You can access the remote web server by visiting http://localhost:8080 in your browser.

Remote port forwarding (expose local service to remote machine):

bash
ssh -R 8080:localhost:3000 [email protected]

This makes your local port 3000 accessible on the remote machine at port 8080.

Remote Desktop Access

When you need graphical access to your Ubuntu desktop, several options are available.

VNC (Virtual Network Computing)

VNC allows you to share your desktop across the network.

  1. Install a VNC server:
bash
sudo apt update
sudo apt install tigervnc-standalone-server
  1. Set a VNC password:
bash
vncpasswd
  1. Create a VNC startup script:
bash
mkdir -p ~/.vnc
nano ~/.vnc/xstartup

Add the following content:

bash
#!/bin/sh
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
startxfce4 &

Make it executable:

bash
chmod +x ~/.vnc/xstartup
  1. Start the VNC server:
bash
vncserver -localhost no

Output:

New 'X' desktop is your_hostname:1

Starting applications specified in /home/username/.vnc/xstartup
Log file is /home/username/.vnc/your_hostname:1.log
  1. Connect using a VNC client like RealVNC Viewer, TigerVNC, or Remmina from another computer to ip_address:5901

For security, it's recommended to use VNC over SSH tunnel:

bash
# On client machine
ssh -L 5901:localhost:5901 [email protected]

Then connect your VNC client to localhost:5901.

X2Go

X2Go is a more efficient remote desktop solution that works well even on slower connections.

  1. Install X2Go server:
bash
sudo apt update
sudo apt install x2goserver x2goserver-xsession
  1. Install a desktop environment if needed (e.g., XFCE for lighter usage):
bash
sudo apt install xfce4

  1. On your client computer, install the X2Go client:

    • For Ubuntu: sudo apt install x2goclient
    • For Windows/Mac: Download from x2go.org

  2. Create a new session in the X2Go client:

    • Host: Your server's IP address
    • Login: Your username
    • Session type: XFCE (or your installed desktop environment)

  3. Connect to your remote desktop!

XRDP (Remote Desktop Protocol)

XRDP provides Remote Desktop Protocol support, making it easy to connect from Windows computers.

  1. Install XRDP:
bash
sudo apt update
sudo apt install xrdp
  1. Start and enable the service:
bash
sudo systemctl enable --now xrdp
  1. Check status:
bash
sudo systemctl status xrdp
  1. Connect using the Remote Desktop client:
    • On Windows: Use the built-in Remote Desktop Connection app
    • On macOS: Install Microsoft Remote Desktop from the App Store
    • On Linux: Use Remmina or another RDP client

Enter your Ubuntu machine's IP address and your login credentials when prompted.

Remote File Access

SFTP (SSH File Transfer Protocol)

SFTP is built into SSH and provides secure file transfer capabilities.

If SSH is already set up, you can use SFTP without additional configuration:

bash
sftp [email protected]

Common SFTP commands:

pwd               # Print working directory
ls                # List files
cd directory      # Change directory
get file          # Download file
put file          # Upload file
mkdir directory   # Create directory
rm file           # Remove file
exit              # Exit SFTP

You can also use graphical SFTP clients like FileZilla by connecting to sftp://ip_address.

Samba (Windows File Sharing)

To share files with Windows computers:

  1. Install Samba:
bash
sudo apt update
sudo apt install samba
  1. Configure Samba:
bash
sudo nano /etc/samba/smb.conf

Add a share at the end of the file:

[SharedFolder]
   path = /home/username/shared
   browseable = yes
   read only = no
   create mask = 0755
   directory mask = 0755
  1. Create a Samba user and password:
bash
sudo smbpasswd -a username
  1. Restart Samba:
bash
sudo systemctl restart smbd
  1. Access from Windows by typing \\ip_address in File Explorer.

Security Considerations

Remote access inherently introduces security risks. Here are some best practices:

  1. Use strong passwords or key-based authentication
  2. Change default ports for services like SSH (22) to reduce automated attacks
  3. Use a firewall to limit connection attempts:
bash
sudo ufw allow 22/tcp
sudo ufw enable
  1. Implement fail2ban to block repeated login attempts:
bash
sudo apt install fail2ban
sudo systemctl enable --now fail2ban
  1. Keep your system updated:
bash
sudo apt update && sudo apt upgrade
  1. Use VPN for an additional layer of security when connecting to sensitive systems

Automation with SSH

Running Remote Commands

You can run commands on a remote system without logging in:

bash
ssh [email protected] "ls -la /var/log"

Automating File Transfers

Copy files easily with SCP (Secure Copy):

bash
# Copy local file to remote
scp file.txt [email protected]:/path/to/destination/

# Copy remote file to local
scp [email protected]:/path/to/file.txt ./

Creating SSH Config File

Create ~/.ssh/config for easier connections:

Host myserver
    HostName 192.168.1.100
    User username
    Port 22
    IdentityFile ~/.ssh/id_ed25519

Then simply connect with:

bash
ssh myserver

Remote Server Monitoring

Basic Monitoring Commands

Monitor your system's resources remotely:

bash
# Check system load
ssh myserver "uptime"

# Check disk space
ssh myserver "df -h"

# Check memory usage
ssh myserver "free -m"

# Check running processes
ssh myserver "ps aux | grep nginx"

Setting Up Remote Monitoring Tools

For more comprehensive monitoring, consider installing tools like:

  1. Netdata - Real-time performance monitoring:
bash
ssh myserver "bash <(curl -Ss https://my-netdata.io/kickstart.sh)"

Access via: http://server-ip:19999

  1. Glances - System monitoring tool:
bash
ssh myserver "sudo apt install glances"
ssh -L 61208:localhost:61208 myserver "glances -w"

Access via: http://localhost:61208

Remote Access Troubleshooting

Common SSH Issues

Connection refused:

bash
# Check if SSH service is running
sudo systemctl status ssh

# Verify firewall settings
sudo ufw status

# Check SSH config for errors
sudo sshd -t

Permission denied:

bash
# Verify username and password
# Check key permissions
chmod 600 ~/.ssh/id_ed25519
chmod 700 ~/.ssh

# Check authorized_keys file
cat ~/.ssh/authorized_keys

VNC/Remote Desktop Issues

Black screen or connection issues:

bash
# Check if display manager is running
sudo systemctl status lightdm  # or gdm3

# Check VNC server logs
cat ~/.vnc/*.log

# Restart VNC server
vncserver -kill :1
vncserver

Summary

Remote access is a fundamental skill for Ubuntu system administration. In this guide, we covered:

  • Setting up and securing SSH for command-line access
  • Implementing key-based authentication for improved security
  • Configuring VNC, X2Go, and XRDP for graphical remote access
  • Transferring files securely with SFTP and Samba
  • Implementing security best practices to protect your systems
  • Automating tasks and monitoring servers remotely

With these tools and techniques, you can efficiently manage your Ubuntu systems from anywhere in the world.

Additional Resources and Exercises

Exercises

  1. Set up SSH key-based authentication and disable password login
  2. Configure port forwarding to access a web server running on your remote machine
  3. Create a backup script that runs remotely via SSH
  4. Set up a VNC server and connect through an SSH tunnel
  5. Configure fail2ban to protect your SSH server

Further Learning

  • Man pages: man ssh, man sshd_config, man scp
  • Ubuntu documentation: The official Ubuntu documentation
  • SSH Mastery book by Michael W. Lucas for in-depth SSH knowledge
  • CompTIA Linux+ and LPIC-1 certifications cover remote access topics

If you spot any mistakes on this website, please let me know at [email protected]. I’d greatly appreciate your feedback! :)