Introduction
Long ago, being able to access equipment remotely became essential. Today, we can hardly picture life without remote computer control. Depending on the operating system you are using, there are numerous ways to connect to a remote machine, however the two most used protocols are:
- SSH (Secure Shell) for Linux-based computers
- RDP is the Remote Desktop Protocol for Windows-based computers.
The client and server program are used by the two protocols to create a remote connection. With these tools, you can connect to and control other computers remotely, transfer data, and perform nearly any task that can be carried out while physically in front of the computer
Prerequisites
There are a few prerequisites to fulfil before you can establish a secure remote desktop communication with a distant machine:
- The remote computer must always be on and connected to the internet.
- Installation and activation of the client and server program are required.
- You must know the distant computer’s IP address or name in order to connect to it.
- To access the remote computer, you must have the required permissions.
- The remote connection must be permitted by the firewall settings.
Describe SSH.
With the help of a text-based interface and the Secure Shell protocol, also known as Secure Socket Shell, you can safely connect to a server or remote computer.
A shell session will be launched once a secure SSH connection has been made, allowing you to issue commands from the client software on your local computer to control the server.
This protocol is most commonly used by system and network administrators, as well as anyone who needs to remotely administer a computer in a very secure way.
How Does SSH Function?
A client and the associated server-side component are required to establish an SSH connection. Installing an SSH client on your computer will enable you to connect to a server or another machine. If the credentials are validated, the client establishes the encrypted connection using the specified remote host information.
An SSH daemon is a server-side component that continuously monitors a particular TCP/IP port for potential client connection requests. The SSH daemon will respond with the software and protocol versions it supports once a client begins a connection, and the two will then share their identity information. If the credentials entered are accurate, SSH starts a fresh session for the proper environment.
Version 2 of the SSH protocol is the standard for communication between SSH servers and SSH clients.
Activating an SSH Connection
You must ensure that the client and server components are set up on the local and remote machines, respectively, in order to establish an SSH connection. OpenSSH is a popular SSH program that is open source and used with Linux distributions. OpenSSH may be easily installed. Both the machine you use for connecting and the server’s terminal must be accessible. Keep in mind that SSH server is not by default installed on Ubuntu.
Installing the OpenSSH Client
Make sure an SSH client is not already installed before continuing with the installation. An SSH client is already included in many Linux distributions. To connect to a server on a Windows system, instal PuTTY or another client of your choice.
You must: in order to determine whether the client is accessible on your Linux-based machine.
- Open an SSH window. You may either type “terminal” into your search engine or hit CTRL + ALT + T on your keyboard.
- Type in
ssh
and press Enter in the terminal. - If the client is set up, you will see a response similar to this.
username@host:~$ ssh usage: ssh [-1246AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec] [-D [bind_address:]port] [-E log_file] [-e escape_char] [-F configfile] [-I pkcs11] [-i identity_file] [-J [user@]host[:port]] [-L address] [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port] [-Q query_option] [-R address] [-S ctl_path] [-W host:port] [-w local_tun[:remote_tun]] [user@]hostname [command] username@host:~$
This indicates that you are prepared to connect virtually or physically to a machine. In any other case, you must set up the OpenSSH client:
- To install the OpenSSH client on your PC, use the following command:
instal openssh-client with sudo apt-get - When prompted, enter your superuser password.
If you have the required access rights and know the hostname or IP address of any machine that has the server-side programme on it, you can now SSH into that machine.
Installing an OpenSSH server:
A system has to have the server-side component of the SSH software toolkit in order to accept SSH connections.
Try connecting to the local host if you first want to see if the remote computer’s Ubuntu setup has an OpenSSH server that can accept SSH connections:
- Launch the server machine’s terminal. You may either type “terminal” into your search engine or hit CTRL + ALT + T on your keyboard.
- Type in
ssh localhost
and hit enter - The response will resemble this for systems without the SSH server installed:
username@host:~$ ssh localhost ssh: connect to host localhost port 22: Connection refused username@host:~$
If the aforementioned is true, you must set up the OpenSSH server. The terminal should remain open, and
- To instal the SSH server, execute the following command:
sudo apt-get install openssh-server ii.
- When prompted, enter your superuser password.
- After the disc space prompt, press Enter and Y to let the installation proceed.
By entering the following command, you can determine whether the SSH server is operational on the workstation after the necessary support files have been installed:
sudo service ssh status
If the SSH service is now functioning properly, the response should appear in the terminal something like this:
username@host: sudo service -$ SSH status: OpenBSD Secure Shell server (ssh.service)
Vendor preset: enab; loaded: loaded (/lib/systemd/system/ssh.service; enabled
Being active (running) since Fri Mar 12 10:53:44 CET; 1 minute and 22 seconds Method: 1174 /bin/kill -HUP ExecReload (code=exited, status=0/SUCCES) $MAINPID
PID Main: 3165 (sshd)
Run the ssh localhost command once more in your terminal prompt to see if the OpenSSH server is configured correctly and will accept connections. When you run the command for the first time, the result will resemble this screen:
$ ssh localhost username@host
It is unable to confirm the legitimacy of host “localhost (127.0.0.1)”. SHA256:9jqmhko9Yo1EQAS1QeNy9xKceHFG5F8W6kp7EX9U3Rs is the fingerprint of the ECDSA key. Are you certain you want to keep chatting (yes/no)? yes
Warning: “localhost” (ECDSA) has been permanently added to the list of known hosts.
username@host:~$
Enter yes or y to continue
Congratulations! You’ve configured your server to accept requests for SSH connections from other computers using SSH clients.
TIP
You can now modify the default port for SSH connections by editing the SSH daemon configuration file, for instance. Run the following command at the terminal prompt:
sudo nano /etc/ssh/sshd_config
Please be aware that you must use the following command to restart the SSH service each time you make changes to the sshd config file
sudo apt-get install nano
The editor of your choice will open the configuration file. In this instance, Nano was used.
sudo service ssh restart
Run the following command to install Nano if necessary:
Please be aware that you must use the following command to restart the SSH service each time you make changes to the sshd config file:
How to Use SSH to Connect
Now that every machine you require has the OpenSSH client and server installed, you can connect securely to your servers from a distance. To do this:
- Run the following command after opening the SSH terminal on your computer: SSH to “your username@host ip address”You can simply type: ssh host ip address and press Enter if the username on your local machine and the one on the server you are trying to connect to match.
- Enter your password after you’ve typed it. Keep in mind that when typing, there won’t be any feedback on the screen. Make sure your password is securely stored and not in a text file if you are pasting it.
- A server will ask you if you want to keep connecting when you connect to it for the first time. Just Enter yes after typing it. Given that the remote server is not recognised on your local PC, this notice only occurs this time.
- You have now inserted an ECDSA key fingerprint and are connected to the distant server.
It is recommended to utilise the private IP address rather than the public IP address if the machine you are attempting to remotely connect to is also on the same network. If not, you must only utilise the public IP address. Additionally, confirm that the port forwarding settings are accurate and that you are aware of the correct TCP port that OpenSSH uses for connection requests. If no changes were made to the configuration in the sshd config file, the default port is 22. You might also simply follow the host IP address with the port number.
The connection request using the OpenSSH client is demonstrated below. We will also mention the port number:
Phoenixnap@185.52.53.222’s username at the machine is: $ ssh phoenixnap@185.52.53.222 -p7654.
It is impossible to confirm the legitimacy of host “185.52.53.222 (185.52.53.222)”. SHA256:9lyrpzo5Yo1EQAS2QeHy9xKceHFH8F8W6kp7EX2O3Ps is the fingerprint of the ECDSA key. Are you certain you want to keep chatting (yes/no)? yes
Warning: “185.52.53.222” (ECDSA) has been added permanently to the list of known hosts.
username@host:~$
Now that you have a terminal, you can manage and control a distant machine. If you experience connectivity issues with a remote server, confirm that:
- The remote computer’s IP address is accurate.
- There are no firewall restrictions or erroneous port forwarding on the port the SSH daemon is listening on.
- Your password and user name are both valid.
- The SSH programme has been correctly installed.
SSH Additional Steps
We strongly advise taking a few further measures to increase SSH security when you are able to access to your server using SSH. If you leave the configuration at its default settings, your server is more vulnerable to hacking and might be easily the target of automated attacks.
Some tips for strengthening SSH through modification of the sshd configuration file include:
We strongly advise taking a few further measures to increase SSH security when you are able to access to your server using SSH. If you leave the configuration at its default settings, your server is more vulnerable to hacking and might be easily the target of automated attacks.
Some tips for strengthening SSH through modification of the sshd configuration file include:
- Change the default TCP port where SSH daemon is listening. Change it from 22 to something much higher, for example 24596. Make sure you do not use a port number that is easy to guess, such as 222, 2222 or 22222.
- Use SSH key pairs for authentication when logging into SSH without a password. They both make logging in without a password possible and are safer (which is faster and more convenient).
- On your server, disable password-based logins. If your password is cracked, it will be impossible for anyone to access your servers. It’s crucial to confirm that key pair-based authentication is operating properly before you remove the password login option.
- Disable root access on your server and switch to the root user by using a regular account using the su – command.
TCP wrappers can be used to regulate connections from IP addresses and domain hostnames. Configure which host can connect using TCP wrappers by editing the Etc hosts.allow and Etc hosts.deny file.
Keep in mind that permitted hosts take precedence over rejected hosts. To grant SSH access to a particular host, for instance, you must first refuse access to all hosts by adding the following two lines to the etc/hosts.deny file:
sshd : ALL
ALL : ALL
Then, add a line containing the allowed hosts for the SSH service to etc/hosts.allow. That could be a hostname, a set of IP addresses, or a single IP address: 10.10.0.5, LOCAL; sshd
Make sure to apply security at several tiers and to keep your log-in information secure at all times. Use a variety of techniques to restrict SSH access to your servers, or use services that will prevent anyone from brute-forcing their way in. One illustration of such a service is fail2ban.
SSH Over VNC
Connections can be fully encrypted via SSH tunnelling for users accustomed to working in a graphical desktop environment using Virtual Network Computing (VNC). Run the following command in the terminal on your Linux or UNIX workstation to tunnel VNC sessions over SSH:
$ ssh -L 5901:localhost:5901 -N -f -l username hostname_or_IP
Here is the breakdown of the command above:
- SSH: This initiates the SSH client software on your local machine and permits a secure connection to the remote SSH server.
- The command line option -L 5901:localhost:5901 instructs the local machine to redirect the client’s local port to the specified host and port on the remote system. In this instance, the local client’s port 5901 is being forwarded to the same port on the specified distant server.
- -N: tells not to run a remote command but merely to forward ports.
- -f : sends SSH to background after the password is provided, just before the command is executed. Then, you can freely use the terminal to type commands on the local machine.
- The username you enter here will be used to log into the remote server you specified with the option “-l username”.
- This is the distant system with a VNC server, identified by hostname or IP. 172.16.0.5 is an example of an IP address, while myserver.somedomain.com is an example of a hostname.
Using PuTTY on a Windows computer, you may also establish an SSH tunnel connection to a distant server. During configuration of PuTTY
- Click Connection, SSH, and Tunnels.
- .Type 5901 in the Source port field.
- Type localhost:5901 in the Destination field.
- The SSH session should be started as usual.
- Using a VNC client of your choice, connect to your server.
Describe RDP.
Microsoft created the Remote Desktop Protocol (RDP) as a protocol. It is used to remotely control and manage computers running the Windows operating system.
In contrast to Secure Shell, connections made using an RDP client give a user access to a graphical user interface that lets them access and control a remote computer much like they would their own.
Network and system engineers can quickly control remote computers connected to a local network or the Internet by using Remote Desktop services, formerly known as terminal services.
It costs money to get this. Since you are directly connected to the internet when using RDP, it is much less secure than SSH if you do not use a virtual private network (VPN). Numerous automated scripts are continually scanning your connection for flaws, especially if Windows Remote Desktop connections use open ports. In that scenario, having strong, safe passwords and changing them frequently are strongly advised. Although less vulnerable, this does not make RDP connections safe.
What Is the Process of Remote Desktop Protocol?
Windows Remote Desktop connection uses the Remote Desktop Protocol and is based on a fairly straightforward client-server approach (RDP). The Windows Remote Desktop server-side service begins accepting connection requests on port 3389 as soon as you enable it. You must always enter a correct username for the account you are using to log in remotely whenever you attempt to connect to a Windows server. You can administer applications, move files between the two machines, and essentially carry out any job you can carry out locally with the relevant account once you have access to the server.
Since the Remote Desktop client is by default available, you can create a secure remote connection to another computer regardless of the version of the Windows operating system you use. However, a machine can only be accessed remotely if it is running Windows in the Pro, Enterprise, or Server editions. Therefore, we can draw the conclusion that RDP connections are only possible between devices running the Windows OS.
Activating an RDP Connection
You must enable the Windows Remote Desktop server service in order to connect remotely to another machine across a network. Since the Remote Desktop client is built into Windows PCs, it is available right out of the box and does not require any further configuration in order to connect to another Windows-based machine. On all Windows OS versions, accepting Remote Desktop connections from other PCs is, however, disabled by default.
Before enabling this service, you should bear the following in mind if you intend to connect remotely to a server over the Internet rather than the local network:
- Forwarding ports – If a VPN is not being used, you must ensure that the ports are correctly forwarded to the IP address of the remote host. If you want to connect to a remote server using the Remote Desktop Protocol, port 3389 is the default TCP port for that purpose. To be sure this is the case, check your router’s settings. Keep in mind that your Windows server is susceptible in this scenario because it is accessible to the Internet directly.
- With a VPN– This is a much safer method of connecting to Remote Desktop. You can access any services that are only available while using a local connection when you set up a virtual private network on a client computer.
- Firewall parameters– Verify that the distant machine’s firewall is not preventing Remote Desktop connections. Regardless of whether it is the default or a custom port number, you must open the local port for RDP.
In Windows 7, 8, 10, and Windows Server versions, you can enable remote access.
For all Windows operating system versions, the process for configuring remote desktop and enabling secure remote connections to a server or a PC from another computer is the same. I’ll outline the fundamental procedures for enabling remote access to a desired machine. Please ensure that you have considered the above recommendations regarding port forwarding, VPN settings, and firewall configurations before proceeding.
Step1 Permitting remote connections
To authorise remote connections, access the computer information for that device.
- Right Depending on the Windows OS version, click either Computer or This PC.
- Select Properties.
- On the window’s left side, click Remote settings.
- Right Depending on the Windows OS version, click either Computer or This PC.Select Properties.On the window’s left side, click Remote settings.
Step 2:Users Can Be Added To The Remote Users List
Only if you wish to grant users other than administrators access to the computer in question do you need to complete this step. If you are an administrator, your account will be added to the list of permitted users automatically, but you won’t be able to see it. To pick more users:
- Click Select Users on the remote settings screen that is displayed above.
- In the Remote Desktop Users box, select Add.
- The box for selecting users will display. By clicking on Locations, you can choose the location for your search.
- Enter the user’s name in the field labelled “Enter the Object Names to Select” and then click “Check Names.”
- Select the user account after you’ve found a match, then click OK.
- By clicking OK once more, the System Properties window will close.
There aren’t many additional settings that may be altered in Remote Desktop configuration. You can now login to and control this machine remotely, provided that additional settings do not obstruct your Remote Desktop connection.
How to Use the Desktop Connection Client Removal Tool:
You do not need to specifically configure Remote Desktop on the local computer in order to use the Remote Desktop client. Beginning with Windows 7, the methods listed below will function with every version of Windows.
Step 1:Activate the Desktop Connection Unit.
You need to find the Remote Desktop Connection program on your local Windows machine. It can be located in a few distinct places:
- To access Remote Desktop Connection in Windows 7, go to Start -> All Programs, choose the ‘Accessories’ folder, and then click on it. The Remote Desktop Connection app may be found in the Windows Accessories folder, which can be found by clicking Start in Windows 10 and then selecting the Start button.
- Type Remote Desktop Connection into the search box after clicking on Start. As soon as you begin entering, search results will be displayed. When the program appears on the list, click it.
3.On your keyboard, press Windows + R to bring up the “Run” box. To launch the Remote Desktop client, enter mstsc in the “Open:” area and press Enter.
Step 2:Enter the IP address or name of the remote hosts.
You will be presented with a window after starting the Remote Desktop Connection application where you can type in the name or IP address of a remote computer you wish to access.
Enter the relevant name or IP address in the Computer area, then click Connect.
You may need to specify the remote host’s private or public IP address, depending on your specific situation. The potential outcomes are as follows:
- You will utilize the host’s private IP address for Remote Desktop Connection if the client computer and the remote host are connected to the same Local Area Network.
- You will utilize the remote host’s private IP address for Remote Desktop Connection if you are connecting to it via a virtual private network (VPN) on the client computer.
- You will utilize the public IP address if the client computer is connecting to the remote host from another network via the Internet without a VPN
How to Locate the Host Name and IP Address
Finding the name or public or private IP address of a computer where you wish to configure Remote Desktop service is possible in a variety of ways. Here are the simplest and quickest approaches:
To determine a computer’s private IP address:
- The command prompt can be opened by typing CMD and pressing Enter or by searching for CMD in the start menu or by pressing Windows + R on your keyboard.
- At the command prompt, type ipconfig and press Enter.
- The private IP address of your computer will be displayed below the IPv4 Address line.
A computer’s public IP address can be found by:
- Visit com from your computer browser or look something up there.
- Simply enter “what is my IP” or “my IP” and press Enter.
- Google will display the public IP address that your machine is utilising at the top of the page. If this doesn’t work in your area, go to the first page that appears in the search results, and it will display the IP address. You may also view your private (local) IP address on some websites, like www.whatismyip.com.
To find a computer’s name:
- Depending on the version of the Windows operating system you are running, right-click Computer or This PC.
- Click on
- The “Machine name, domain, and workgroup settings” section will show your full computer name.
Step 3: Making the connection official by entering the RDP credentials
The loading bar will show following your click on connect. When the remote session has been initiated and configured, a pop-up window similar to this one will appear:
- Enter the chosen username’s password. If necessary, you can use a different account and enter a different username and password.
- When ready, click OK to dismiss the security certificate warning.
- Select Yes to proceed.
The distant computer’s desktop won’t be visible to you. You can now do any operation that you can while working immediately in front of it, subject to the user account authorization settings.
Remote Desktop Protocol Further Steps
It’s crucial to take security measures when configuring your remote server or workstation to accept remote desktop connections. If you are using the Internet to access your server, it is particularly open to attack.
If you connect to your PCs remotely via the remote desktop protocol, bear the following tips in mind:
- Use your Windows computer’s built-in VPN server to further safeguard your traffic. Access to your Windows server and services will be made more secure as a result.
- Set the level of client connection encryption. By default, this option is set to “Not configured.” All communications between clients and Remote Desktop Session Host servers can be forced to use strong encryption levels if you enable this feature. The “Client Compatible” encryption level setting is not something we advise using. If you leave the default “High” encryption level setting, all data sent from the client to the server and vice versa will be strongly encrypted using 128 bits. The Local Group Policy editor can be used to modify this setup.
- Use a third-party tool, such as Duo Security, to implement two-factor authentication. You can add two-factor authentication to all Windows login attempts or just RDP sessions by installing Duo Authentication for Windows Logon.
- Apply firewall rules to restrict the amount of open RDP ports that are accessible to the Internet, especially if you use the standard RDP TCP port 3389. You may access Windows’ built-in firewall from the Control Panel and further customise it to limit traffic to particular ports and IP addresses.
You can further restrict remote desktop access by using these recommended practises for enhanced RDP security. Without spending a lot of effort configuring your machines, you can prevent the majority of fraudulent login attempts.
Conclusion
The majority of users and most Linux and Windows operating system versions will be able to use the procedures and actions specified in this guide.
Now, either Linux or Windows should be able to connect to a remote server.
Of course, there are many other ways to connect two distant computers, but the ones discussed here are the most typical
Read Our Next Articles Cost And Requirements For Making Money