In part one, I showed you how to do all of the heavy lifting involved with getting yourself ready to do a little remote control action. Now, I will explain how to take that very vanilla SSH setup and tie it in with remote desktop, plus how to make sure you are using a hardened SSh install as well.

First, now that we know that port 22 is working fine on the LAN, let’s go ahead and change it over to port 2222. As you remember from part one, we already did this in the router. Now we just need to do this for the SSH config file.

sudo gedit /etc/ssh/sshd_config

Do a Ctrl F and type in Port 22. See it? Change 22 to 2222. Now close the text file and reboot the SSH server. Also check to verify that root logins are disallowed. Do this again with Ctrl F and type in PermitRootLogin. Make sure this is set to no. And finally, verify that Protocol is set to 2. Now…

sudo /etc/init.d/ssh restart

It’s just that easy. Now that you have not made yourself a moving target, you can go ahead and setup something like NO-IP or DynDNS to keep your box visible by a “domain name” rather than trying to keep up with the ever-changing IP your ISP gives you. Any router worth a crap has this ability built in. If you are not using such a router, then you’ll need to Google the NO-IP Linux howto. To start wit, just install noip2 from your package manager. Then run

sudo no-ip -C

to configure it. Again, pretty straight forward.

Now for the not so straight forward part - remote desktop!

Create yourself a text file on the desktop. Name it whatever.

Now with your mouse, copy and paste this:

#!/bin/bash
ssh -p 2222 -f -L 5900:localhost:5900 ubuntu-login-name@noip-domain \
x11vnc -ncache 10 -safer -localhost -nopw -once -display :0 \
&& sleep 3 \
&& vinagre localhost | nautilus sftp://ubuntu-login@noip-domain:2222/home/$USER

Now save the file, right click it, goto permissions and make it executable. At this point, the stuff in brown/red above will need to be filled in by you. Be careful not to get the code out of sync as it needs to be placed just as you see it above.

What the above code will do for you GNOME using Ubuntu users is provide you an icon that can be double clicked, then you’ll choose “Run” or Run in Terminal (either works). No needing to open up the terminal and CD’ing over to the right directory, etc. GNOME makes this much easier than that.

So there you have it. With the above script, you can easily login via SSH using the VNC-ready vinagre app to have a PCAnywhere like experience  from anyplace that has a reasonably decent broadband connection. Best of all, you also have Nautilus opening up secure FTP access to your Home directory for easy-peasy file transfers.