LogMeIn equivalent

Hi there,

I’m looking for an equivalent to LogMeIn for my desktop in the office running Kubuntu. I would like to remotely access its desktop as well as its shell but it’s behind the company’s router to wich i don’t have access. LogMeIn (logmein.com) would provide me a remote desktop that works well but sadly only for Window$. Does anyone know how I could accomplish this?
Thank you in advance!
Ron
:confused:

reggler wrote:

>
> Hi there,
>
> I’m looking for an equivalent to LogMeIn for my desktop in the office
> running Kubuntu. I would like to remotely access its desktop as well as
> its shell but it’s behind the company’s router to wich i don’t have
> access. LogMeIn (logmein.com) would provide me a remote desktop that
> works well but sadly only for Window$. Does anyone know how I could
> accomplish this?
> Thank you in advance!
> Ron
> :confused:
>
>

Firewalls are usually set up to prevent incoming connections.

I have successfully used ssh tunnelling to connect through firewalls. If
you have access to both machines (the inside one, and the outside one), you
can cause the inside machine to connect to the outside machine and set up a
tunnel which would allow you to connect any way you’d like. Of course,
your outside machine needs a dns resolvable address and whatnot.

I have used this method to connect to several machines in this way. Each
machine behind a firewall connected to my home server and set up a tunnel
connected to a unique port number. Then I could ssh to my own machine on
that port number and it would be tunnelled to the other machine and
connected to the ssh server. This could connect to any service you desire.
HTTP, FTP (messy, don’t!), SSH, HTTPS, IMAP, POP3, and so on.

And if I were away from home, I could ssh from wherever, to my home machine,
and bounce through that to the firewalled unit. quite handy. Tended to
annoy the Windows based sysadmin of the place too. fun!! (they spin up SO
easily!)

Google for ‘ssh tunnel’ to find some tutorials, and read the ‘ssh’ man page,
it’s quite informative.

You’ll have to set up passwordless (Public Key Authorization) accounts
between machines, but they could be the equivalent of ‘nobody’ with no
rights. This allows the firewalled units to connect automatically without
help.

Well, that’s how I’d do it. There’s also a method to connect through a
firewall called ‘STUN’, but it requires a lot more work and effort to make
it happen consistently.

Hope this helps.

Loni

L R Nix
lornix@lornix.com

Quamachi

Quamachi KDE-Apps.org

I tried out hamachi but didn’t get it working on the machine in thee office so i’ll play around with the direct port forwarding i guess :slight_smile:

Thanks anyways for your hint!

Hey,

Okay, thanks very much for this explanation. I got offered the server from a buddy of mine - its his system and he got full control over it.
So on my workstation at work i’d do a:
“ssh -L 5900:localhost:2468 MyBuddysAdress”
and on my buddy’s box i’d setup an IPtables to forward port 5900 to port 2468 (but what we don’t have an IP… :frowning: ) and then i’d be able to connect from home by connecting my vncviewer to MyBuddysAddress:5900 - right? Also would i need to setup a passphrase less ssh authentication from localhost to MyBuddysAddress? This doesn’t need to be a specific user you say, right? How would this exactly work?

Thanks,
Ron

reggler wrote:

>
> lornix;1851929 Wrote:
>> reggler wrote:
>>
>> >
>> > Hi there,
>> >
>> > I’m looking for an equivalent to LogMeIn for my desktop in the office
>> > running Kubuntu. I would like to remotely access its desktop as well
>> as
>> > its shell but it’s behind the company’s router to wich i don’t have
>> > access. LogMeIn (logmein.com) would provide me a remote desktop that
>> > works well but sadly only for Window$. Does anyone know how I could
>> > accomplish this?
>> > Thank you in advance!
>> > Ron
>> > :confused:
>> >
>> >
>>
>> Firewalls are usually set up to prevent incoming connections.
>>
>> I have successfully used ssh tunnelling to connect through firewalls.
>> If
>> you have access to both machines (the inside one, and the outside one),
>> you
>> can cause the inside machine to connect to the outside machine and set
>> up a
>> tunnel which would allow you to connect any way you’d like. Of course,
>> your outside machine needs a dns resolvable address and whatnot.
>>
>> I have used this method to connect to several machines in this way.
>> Each
>> machine behind a firewall connected to my home server and set up a
>> tunnel
>> connected to a unique port number. Then I could ssh to my own machine
>> on
>> that port number and it would be tunnelled to the other machine and
>> connected to the ssh server. This could connect to any service you
>> desire.
>> HTTP, FTP (messy, don’t!), SSH, HTTPS, IMAP, POP3, and so on.
>>
>> And if I were away from home, I could ssh from wherever, to my home
>> machine,
>> and bounce through that to the firewalled unit. quite handy. Tended
>> to
>> annoy the Windows based sysadmin of the place too. fun!! (they spin up
>> SO
>> easily!)
>>
>> Google for ‘ssh tunnel’ to find some tutorials, and read the ‘ssh’ man
>> page,
>> it’s quite informative.
>>
>> You’ll have to set up passwordless (Public Key Authorization) accounts
>> between machines, but they could be the equivalent of ‘nobody’ with no
>> rights. This allows the firewalled units to connect automatically
>> without
>> help.
>>
>> Well, that’s how I’d do it. There’s also a method to connect through a
>> firewall called ‘STUN’, but it requires a lot more work and effort to
>> make
>> it happen consistently.
>>
>> Hope this helps.
>>
>> Loni
>> –
>> L R Nix
>> lornix@lornix.com
>
> Hey,
>
> Okay, thanks very much for this explanation. I got offered the server
> from a buddy of mine - its his system and he got full control over it.
> So on my workstation at work i’d do a:
> “ssh -L 5900:localhost:2468 MyBuddysAdress”
> and on my buddy’s box i’d setup an IPtables to forward port 5900 to
> port 2468 (but what we don’t have an IP… :frowning: ) and then i’d be able to
> connect from home by connecting my vncviewer to MyBuddysAddress:5900 -
> right? Also would i need to setup a passphrase less ssh authentication
> from localhost to MyBuddysAddress? This doesn’t need to be a specific
> user you say, right? How would this exactly work?
>
> Thanks,
> Ron
>
>

Several steps:

  1. creating passwordless login from your workstation to buddysystem

  2. creating forwarded port

  3. using forwarded port to log into workstation remotely

  4. ???

  5. profit! (sorry, couldn’t help it)

  6. Creating passwordless login from workstation to buddysystem

  • on workstation, create rsa/dsa key with:

ssh-keygen

just press ENTER to all the prompts, do NOT enter a passphrase

There are several optional arguments, but the defaults are quite secure and
work well (without me having to explain them too! man pages are your
friends!)

you will need a valid login on buddysystem, let’s call it ‘reggler’, so…
copy your new public key (~/.ssh/id_rsa.pub) to buddysystem by doing this:

ssh-copy-id -i ~/.ssh/id_rsa.pub reggler@buddysystem

enter your password, and the public key is installed.

Try

ssh reggler@buddysystem

and you’ll be logged in securely without a password. this ‘autologin’ ONLY
works between workstation and buddysystem, and ONLY in that direction.

now we’re ready for step 2

  1. creating forwarded port
    In all honesty, you’ll likely want a cronjob or some daemon service to
    create (and recreate if it fails) the forwarding, but for now, we’ll keep
    it simple…

in a console, use this:

ssh -R *:25037:localhost:5900 reggler@buddysystem

This will create a ‘link’ from buddysystem port 25037 to your workstation,
port 5900. Anytime you connect to buddysystem:25037, you’ll be magically
connected to your workstation on port 5900. cool!

I’d recommend running that command from a text console (CTRL-ALT-F1/F2/F3)
so you don’t accidently log out of kde/gnome/whatever and close the
connection.

Your buddy MUST have the following options enable in
his /etc/ssh/sshd_config setup:

AllowTcpForwarding yes
GatewayPorts yes

(remember to restart sshd if these are changed)

  1. using forwarded port to log on to workstation remotely…

if you point your vncclient to buddysystem:25037, you will be prompted for
your vnc password as expected, and will connect to your workstation.

===============

-Port 25037 may be anything you desire, from 1024 to 65534, just used as an
example.
-I’d rather forward to port 22 instead of port 5900, since I find ssh logins
more useful and faster without the gui overhead of vnc (use -X for X11
forwarding too)
-You’ll need the help of your buddy to configure sshd to allow
tcpforwarding, but that’s all… no iptables or anything else required.
-your buddy will need to open a port in his firewall (port 25037 in this
example)
-you don’t need a buddy if you can forward to your own home system, but
you’ll need an address (see dyndns.com for free dynamic host names)

It just seems long and complicated… this is relatively quite easy and very
useful to connect to machines behind mean firewalls. (This can also be used
to subvert proxies and filtering, provided you can bounce through your own
machine (or a helpful buddy’s) )

Hope this helps

Loni


L R Nix
lornix@lornix.com

Very cool,
Thanks for this step-by-step instructions! :slight_smile:
I’ve used sshpublic keys before so that was no problem at all but the port forwarding thing is cool! 25037 actually didn’t work for me but i sucesfully use 2468 now :slight_smile: Very cool!
Thanks alot! :slight_smile:

reggler wrote:

> Very cool,
> Thanks for this step-by-step instructions! :slight_smile:
> I’ve used sshpublic keys before so that was no problem at all but the
> port forwarding thing is cool! 25037 actually didn’t work for me but i
> sucesfully use 2468 now :slight_smile: Very cool!
> Thanks alot! :slight_smile:
>
>

Glad to help.

Port 25037 was just a random number anyways, nothing special about it. And
your chosen port has a peculiar symmetry, making it easy to remember. yaay!

I’ve always marveled at the things you can do with the tools linux provides.

Of course, you have to play with them a bit to figure out what to use them
for. {Grin}


L R Nix
lornix@lornix.com

Huh,

It all worked fine for one try but now i keep getting this:
“Warning: remote port forwarding failed for listen port 2468”
when executing ssh -R… :frowning: why? :o

Thanks,
Ron

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

If you are setting up a second connection and the first is already done
then port 2468 is till held open by the other connection and cannot be
bound again. Try 2469. To see the listening ports on the server (the
box you are connecting-to) run the following command (exactly):

netstat -anp | grep 'LISTEN ’

Good luck.

reggler wrote:
| Huh,
|
| It all worked fine for one try but now i keep getting this:
| “Warning: remote port forwarding failed for listen port 2468”
| when executing ssh -R… :frowning: why? :o
|
| Thanks,
| Ron
|
|
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIm6HU3s42bA80+9kRAqlrAJ0cHN5dELiJPhrS4pBF5VM4qpjFGQCfUzUc
HumDFunB4f72j8CXSAMNBC0=
=Onth
-----END PGP SIGNATURE-----

ab@novell.com wrote:

> If you are setting up a second connection and the first is already done
> then port 2468 is till held open by the other connection and cannot be
> bound again.

> | It all worked fine for one try but now i keep getting this:
> | “Warning: remote port forwarding failed for listen port 2468”
> | when executing ssh -R… :frowning: why? :o

Unless you stopped or killed the first ssh -R, then it’s still active and
waiting for you. nothing more to do.

When I used a setup like this, I set up a cronjob to repeatedly try to start
the connection. If it was still running, it errored out and failed, but it
the connection had been lost for some reason, it reconnected. Pretty handy

Loni

L R Nix
lornix@lornix.com