Tuesday, September 4, 2012

Remote Desktop to a machine behind a NAT

It is nice to be able to connect to someone else's Linux machine remotely so you can help them with issues.  The problem I run into frequently is that the remote user is not very technical.  So when a remote machine is behind a NAT stepping them through configuring their router to do port forwarding is not easy.  The difficulty is compounded when you are unfamiliar with their router.  Here is a solution I came up with that just requires the remote user to run a quick script that will reverse tunnel into my machine so I can connect via SSH or VNC into theirs.  The VNC is nice because then they can watch what you're doing or you can help them with something they're doing.

Setup Local Machine:

  1. You'll need to setup your local machine to be running an ssh server.  Then setup your router to port forward port 22 to your local machine.
  2. Create a guest user on your local machine for the remote machine to login to.  I created the guest so someone smart on the other end doesn't have too many permissions on my machine.  You could just use your login if you don't mind giving the remote user your password or them possibly using the password-less login to your machine.

Setup Remote Machine:

  1. Setup VNC server for remote desktop viewing.  Setup steps I used can be found here: http://ubuntuforums.org/showthread.php?p=10744047
  2. Create an executable shell script that can easily be run by novice users on the far side.  This shell script will do 2 reverse ssh tunnels into the local machine.  The first tunnel is for ssh access and the second is for VNC.  Script contents:
    • vi reverseSSH.sh
    • Paste in the following:
    #! /bin/bash
    echo "Setting up secure tunnels for Remote Desktop help."
    echo "Press Ctrl + C when you are finished to close connections."
    ssh -R 12323:localhost:22 -R 12324:localhost:5900 guest@$1 -N
    • Run chmod +x on the newly created script

Connecting the local and remote machines

  1. Determine the local machine's external IP address.  This can easily be done by visiting this site: http://www.whatismyip.com/
  2. Run the script created above from the remote machine.
    • ./reverseSSH.sh [ip address found in previous step]
  3. Now you should be able to ssh into the remote machine from the local machine using:
    • ssh username@localhost -p 12323
    • This will require you to know a username and password to login on the remote machine
  4. In addition you can connect via VNC to the machine with these: localhost: 12324
    • The way I have it setup, a remote user will need to be logged in and acknowledge the remote desktop request.  You can change this in the remote desktop settings if you prefer.
  5. (Optional) Setup password-less login from the remote machine to the local by running the following while ssh'd on the remote machine.
    # ssh-keygen -t rsa
        Press "Enter" for the next 3 prompts and accept the defaults
    # ssh-copy-id -i ~/.ssh/id_rsa.pub guest@local.server

No comments:

Post a Comment