Mastodon

Random Musings

Rube Goldberg and SSH

Send to Kindle

Rube Goldberg would be very proud of what you can accomplish with SSH. If you don’t know what SSH is, you really should just stop reading, as not only will this post be meaningless to you, you wouldn’t care about the result (or technique) even if you followed it perfectly! ๐Ÿ˜‰

A while ago, I gave an ancient laptop to a good friend who was sharing her husband’s laptop while they lived in Princeton for a year (he just finished a fellowship there and they are returning home in a week). Given the age of the laptop, the amount of RAM, the size of the hard drive, etc., I was hoping my friend would be willing to live with Linux rather than Windows on the box.

She’s a Gmail user, so she was indifferent (obviously, having never tried Linux before), given that she basically lives in the browser most of the time she’s on the machine. I installed PCLinuxOS on it (the 2007 release) because it looks a bit more like Windows than some other popular Linux distros. Today, I would make a different choice, not that there’s anything wrong with PCLinuxOS.

Anyway, for the most part, it has worked out very well for her, and she’s felt connected to the world, especially when her husband was in the office, and there was no laptop at home. Unfortunately, there is a bug somewhere either in PCLinuxOS, in her hardware, in their Linksys router, or in the timing between all of them, because on occasion, when the laptop boots, it doesn’t get the correct DNS server info even when it gets a good IP address via DHCP.

In what has to be a very painful process for my non-techie friend, I have given her a series of a few commands to type into a terminal window to correct the problem, when it occurs. Of course, it’s entirely Greek to her (rightfully so), but it works, and she patiently types them away and it all magically starts working again.

On occasion, she’s had trouble getting all of the commands in correctly, and she feels guilty calling me, even though I keep telling her that I don’t mind helping whatsoever. That got me to thinking about how I could fix it permanently, without making her life even more miserable trying to talk her through the various things I’d like to try in order to be sure I found the right solution.

I don’t have time to visit Princeton this week, and soon, she’ll be back in Indiana, and I definitely won’t be visiting there in a while. So, I need to have remote access to her machine. I can’t just SSH into it, because I certainly don’t want to talk her through port forwarding on her Linksys router, nor do I want to leave that port permanently open. That cuts out a vanilla VNC connection as well (which would be overkill, but if it was available, would work as well).

So, I thought that perhaps I would try one of the web-based remote control services. I have had excellent success with the free service from Yuuguu.com when I help my Dad with his Windows machine. It works on PC’s and Mac’s, but apparently, not yet on Linux, even though it’s Java based. That was disappointing. A peek on a few others yielded similar results.

After scratching my head a bit, and searching the net a bit more, I came across a very simple solution, entirely via SSH, but with Rube Goldberg implications in that I was solving a very simple problem, with a built-in option of SSH, but jumping through tons of hoops to get to the point where the simple command could be issued.

The solution (tested by me, but not yet done with my friend, because I wanted to be sure before subjecting her!) is as follows:

I’m running Windows XP. I could run an SSH daemon there (in a number of ways), but since this is a temporary solution, which I don’t really want to think about, instead I fire up VMware Player and launch my new favorite mini-distro, CDLinux 0.6.1. It automatically fires up an SSH server.

I then poke a hole in my firewall (I didn’t need to talk myself through it either) ๐Ÿ˜‰ with an arbitrary port number (for argument’s sake, let’s say it’s 12345). I forward that to port 22 on my CDLinux instance (running under VMware, and therefore having a different NAT’ed IP from my Windows box!). I can even leave the firewall in that state permanently if I want, since 99.9% of the time, CDLinux won’t even be running, and even if it was, and someone luckily got in, it’s a Live CD image, with nothing to really harm!

OK, we’re almost done! On the remote machine (my friend’s), she would type the following, in a terminal window:

ssh -l cdl -p 12345 -R 54321:localhost:22 the.name.of.my.remote.machine

She’ll get redirected to my VMware instance, and be prompted for a password, which I’ll give her in advance (can’t use ssh keys for this, since I don’t want to over-complicate this). Once she is in, I open a terminal window in my instance, and type:

ssh -l her_user_name -p 54321 localhost

Voila! I’ll now have a shell on her laptop, through an SSH tunnel, without her poking any holes in her firewall, and without me even needing to know her IP address, unless I want to restrict my SSH port forward to her specific machine, which would make this dance even more secure.

I’ve tried this a few times from different machines, all with success, but my friend isn’t online at the moment, so the final test will likely have to wait until tomorrow morning. In any event, a cool (and relatively simple solution) to an otherwise thorny problem. Just as a footnote, if I needed more control over her machine, the exact technique could be used to reverse tunnel a VNC port, giving me graphical control, or I could SSH back with -X (for X-Windows tunneling), and launch graphical clients one at a time, etc.

Update: OK, so today we got to try, and it worked perfectly. The only kink was that sshd was not automatically started on her laptop, so I had to talk her through becoming root and starting the service (simple enough!).

After we got it going, I did the unthinkable, and offered to upgrade her system. It was reasonably old, with Firefox at 2.0.0.7 (for example), and lots of other packages that could probably stand a security update. I warned her that it’s often better to leave these things alone when they are running smoothly, but in the end, we both decided to go for it.

So, I ran an apt-get upgrade. I then asked her to reboot. The machine came up, but only in terminal mode. She was able to log on, but startx failed with tons of errors. Oh oh…

Thankfully, the network did come up, and she was able to log on and run the ssh tunnel. I was then able to get back on her machine. I decided that instead of poking around too much, I’d try one last thing, which was to perform an apt-get dist-upgrade. This ran for a bit, and then I asked her to reboot again.

Voila! The machine came up correctly, and the networking worked again. So, for the moment, it seems that we accomplished everything we set out to do today, including her running Firefox 2.0.0.14 (I know, not 3.0 as yet…). Whew! ๐Ÿ™‚

Posted

in

, ,

by

hadar

Tags:

, ,

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *