No matter how hard you try, you can’t be everywhere at once. Servers and workstations that you need to support can be based in various locations, sometimes even thousands of miles away. Physical access to these systems on short notice is impossible. Fortunately, there are several widely used remote administration methods for Linux that let you cross that distance in little more than a few mouse clicks. Here are four major Linux remote administration utilities and some pluses and minuses for each.
Using Secure Shell
Secure Shell (SSH) is probably the most popular remote administration tool. SSH offers command line access over an encrypted tunnel. Many Linux distributions come with an SSH server already installed. As with any tool, patches must be installed and restrictions should be put in place to keep unauthorized users from using the service.
Once you have an SSH server installed, configuring it is fairly easy. There are a couple of major settings that you should have in place to minimize risk, including:
- PermitRootLogin—This value should be set to No, since root should never log in remotely. If you want to administer the box, create a normal user and SSH in with that account. Once in, you can use the su command to log in as root.
- X11 Forwarding—This value will be used for getting a graphical connection. If you just want to use the console, you can set this value to No; otherwise, set it to Yes.
If you don’t have an SSH server installed, you can use your Linux distribution’s RPM installer to get it up and running. Once you’ve accomplished that, connecting is fairly simple. First, you need to obtain a client. My favorite free SSH client is PuTTY, which you can download from the PuTTY Web site. PuTTY is a great little utility that allows you to connect to remote systems using various protocols, including SSH and Telnet.
Configuring PuTTY is very easy. To connect to a remote system, all you have to do is fill in the host name or IP address to connect to, and select SSH for the connection type, as shown in Figure A.
|Configuring PuTTY for SSH|
Once you connect to the remote system, you have full shell access allowing you to issue commands as you would from the console.
Telnet, much like SSH, allows for remote console-level access to a system. The major difference between these two is that Telnet is not encrypted, meaning it is open for all to see. Most major Linux distributions come with a Telnet package that can be installed, but is not by default.
You can install a Telnet daemon using your distribution’s RPM installer. Because of the inherent insecurity in using an unencrypted connection, most distributions have the Telnet service disabled. Most Telnet daemons run through Xinetd, a management system for services. To enable a Telnet daemon that runs through Xinetd, edit the /etc/xinetd.d/telnet file and change the value for Disable to No. Then, type service xinetd restart to have the changes take effect.
Connecting to a server with Telnet is even easier than with SSH. Nearly every operating system has a built-in Telnet client, including such obscure operating systems as OS/2. If you prefer, you can still use PuTTY and just select Telnet instead of SSH. To connect using the built-in Windows client, use the Run dialog box from the Start menu, as shown in Figure B.
|Running the Windows Telnet client|
Once connected, you’ll be presented with a standard logon prompt. You can remotely manage your system from the console, as you can with SSH.
FTP, a file transfer mechanism, can’t be used for major remote administration but is great for transferring files that you may need on the remote workstation. FTP is not encrypted, but there’s an encrypted alternative, SFTP.
Most distributions come with an FTP service that you can install by using the RPM installer. Note that most of the major Linux FTP servers have had major vulnerabilities found, so make sure to get the latest version. If you have an SSH server installed, you can also use SFTP through it.
My favorite file transfer program is FileZilla. It’s free and supports both FTP and SFTP. You can download it from the FileZilla Web site. Connecting to your FTP server using FileZilla is fairly simple. You need to fill in the host name to connect to, your username, password, and finally the port, as shown in Figure C. The port to connect to depends on whether you’re using FTP or SFTP to connect. FTP is commonly run on port 21, whereas SFTP is on port 22 with SSH.
|Using FileZilla to connect to your FTP server|
Once connected, you can use the FileZilla graphical interface to move files between your local system and the remote system. If you’re uploading many files, FileZilla will automatically establish multiple connections to minimize upload or download time.
Using an X Server to manage a system remotely allows you full graphical access to the remote machine. X is the graphical interface used by most Linux distributions. It can function as both a local and remote graphical server.
There are several ways to establish an X session, but the most secure of these is to connect to your server with SSH or Telnet and spawn back your X window. This method prohibits users that are not authenticated from getting access. X sessions are a fairly secure and very efficient method for managing remote servers. However, many corporate firewalls block outbound X traffic.
Several components are needed to make remote X sessions work. The first of these is an X Server. Linux has the native X Server, but to get a connection on a Windows system, you need an X Server for that as well. Cygwin has an X Server that can be installed, along with support for many other features similar to Linux. You can get Cygwin from Red Hat.
When you install Cygwin, make sure to include the X Server. You also need to have some way to connect to the remote machine (such as using SSH). Once you start Cygwin, you’ll get a prompt; just type startx. This will open another window with several local xterms running in it. Now that you have X Server up and listening, you can spawn back windows from your remote server.
The next step is to connect to your server. For the purposes of this article, I’ll use PuTTY to connect via SSH and spawn back a shell. To set up PuTTY to automatically forward X requests back to your X Server, go to the SSH | Tunnels configuration option and check the Enable X11 Forwarding option, as shown in Figure D.
|Enable X11 Forwarding|
Connect to the remote host, type xterm, and press [Enter]. After several seconds, a new window will appear in Cygwin’s X window. This new window gives you full access to your server. From this window, you can run most applications that you could run locally on the server.
Hand me the remote
Now that you have a good overview of the various remote management techniques for Linux servers, you can choose which one works best for you. Each of the above methods has advantages and disadvantages. The hardest part of remote management is deciding which method suits your purposes. Remember that security must play a major role in your decision.