[ale] how do I get graphical remote access to my linux machine

Alex Carver agcarver+ale at acarver.net
Sat May 4 03:46:17 EDT 2013


On 5/3/2013 23:49, Ron Frazier (ALE) wrote:
> On 5/4/2013 2:13 AM, Alex Carver wrote:
>> On 5/3/2013 22:53, Ron Frazier (ALE) wrote:
>> The linux machine is within my
>>> firewall at home, so I don't need super strong security.  A simple login
>>> username and password is sufficient.
>> [...]
>>> NX has a
>>> graphical administration option, but it appears to depend on having
>>> apache installed.  I don't want to do that.  The fewer server processes
>>> I have running, the better it is for security.  Both client and server
>>> will be on the same wifi router using wpa encryption.
>>
>> So which is it?  Don't need super strong security or need better
>> security?
>>
>
> Hi Alex,
>
> I prefer not to be running any server processes other than the remote
> access server (if possible) so I don't have to worry about the
> configuration of too many things, particularly if I decide to access it
> from outside the house at some point.  I prefer the data to be encrypted
> between the client and server.  For the moment, simple user name and
> password authentication is adequate.  If I decide to access it from
> outside the house, I would use more secure user name and password and /
> or possibly add a second factor authentication.

Or you avoid that headache and just use an SSH tunnel and/or VPN for any 
outside access.  There's no reason that you would need to (or should) 
expose your machines directly to the outside for services that only you 
use.  For my private services I have five web servers, three remote 
desktop services, three IP cameras, two temperature sensors, two disk 
arrays and a printer on my internal network.  All of them are accessible 
from anywhere *provided* I first log into my internal network and 
establish an SSH tunnel.  The only thing exposed to the world (not 
including any intentionally public services) is the SSH server otherwise 
the firewall is just a giant black hole.  Everything that isn't the one 
SSH port or an intentional public service is blocked.

I don't even have to mess with the firewall when I add a new private 
service.  I just add a new tunnel to my SSH client.  Security is handled 
by PKI with long keys and long pass phrases.  If I really wanted to go 
all out I'd add port knocking to the router and make the open ports even 
more obscure.

The point I'm making is that you contradict yourself.  Either you're not 
worried about security or you are.  If you are then plan for and set up 
the security now especially if you intend any form of remote access. 
You'll save yourself the headache later if you find that your initial 
solution can't be secured properly.  If I am building a house and think 
I may want to add an additional story in the future, I need to lay the 
foundation properly to ensure it can support the added load later.  If I 
don't bother to do that I will be wasting a lot more time and effort 
later when I have to strengthen a weaker footer to add that extra story.


More information about the Ale mailing list