Easy Guide on SSH into Desktop PC
Personally, I prefer desktop computers, as they are usually cheaper, more powerful, and easier to upgrade than laptops. So right now I own a good Desktop PC (which is more than enough for me) and a ThinkPad X200 Laptop, which is great for everyday use but it can’t compute anything related to machine learning, as it has an Intel Core Duo and no external GPU.
As a solution, I could buy a new fancy Laptop, but buying anything that resembles the quality of my ThinkPad will cost around 2000€. So the optimal solution if you have a decent desktop PC and a cheap Laptop is using the desktop PC remotely, this can be achieved through SSH, which lets the user control a remote server securely.
If you have a VPS for your personal website, you should be familiar with SSH. But setting up your own SSH server is not as easy as just connecting to a prepared SSH server. This guide will focus on making a secure SSH server as easy as possible.
Setting Up the server
Obviously, the first step is installing the OpenSSH package at the desktop server, although it should come preinstalled in your distribution, users not running systemd may need to install its own init package.
sudo pacman -S openssh # For arch-base distros
sudo pacman -S openssh openssh-runit # For systemd-free distros
sudo pacman -S openssh openssh-openrc #
Once all the packages have been installed, we should change the default settings on the server. Open the configuration file at /etc/ssh/sshd_config and add the following lines:
Port 9999
PubkeyAuthentication yes
With this configuration, we are changing the port of connection from the default value to a random one, it will add an extra layer of security, as attacks usually target the default Port 22. So it is important to enable the port on the firewall, if you are using ufw, just enter the following commands:
# Allow selected port
sudo ufw allow 9999
sudo ufw deny 22
# Restart the firewall
systemctl restart ufw # On systemd distros
sv restart ufw # On runit distros
# And restart the ssh server
systemctl restart sshd # On systemd distros
sv restart sshd # On runit distros
Now the server is up and running, find out your local IP address and connect to it while adding the key from the Laptop to the desktop computer.
ssh-copy-id -i ~/.ssh/id_rsa.pub -p 9999 user@local_addr
With the public key copied to the server, we will prevent brute-force attacks disabling password authentication. No password will be asked to connect to the server, only the public key. Add these lines /etc/ssh/sshd_config:
Port 9999
#PubkeyAuthentication yes
PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM no
And restart the ssh server.
Connecting outside the local network
Right now, you can only connect to the server in your local network, which can be useful but is not the main purpose of the guide, as you want to eliminate the need for powerful laptop, you should be able to connect to the server anywhere.
This can be achieved by forwarding the Port 9999 from your home router to the desktop PC. Open a browse tab and go to 192.108.0.1 to enter the router configuration page, enter the corresponding username and password and head on to the internet configuration. Here forward the public port 9999 to the private 9999 port on the local IP address. In my case, I used port 1535 and my local IP address is 192.168.0.167, so here is how I configured the router:
Finally, you should be able to connect to the server outside of the local network. Find the public address of your router with the command curl https://ipinfo.io/ip and the connect to the server:
ssh -p 9999 user@public_addr
When you connect to the public address, your are sending a connection request to your home router for the port 9999. But as you forwarded that specific port to the local address of the desktop PC, the router will establish the connection to the desktop PC automatically.
Jupyter Notebook on SSH
By default, ssh does not support graphics, although it can be achieved with the use of X11, this can lead to some security issues. However be can use Jupyter without X11, which is useful for running python scripts, Matlab, octave, etc.
To use Jupyter remotely, we will need to forward the port where jupyter is active from the local to the remote computer. Meaning that is we create a jupyter instance on port 1111 on the desktop computer, it will also appear at port 1111 on the laptop.
ssh -p 9999 -NL 1111:localhost:1111 user@public_addr # Connect and foward the port
jupyter notebook --no-browser --port 1111 # Start jupyter instance
The desktop computer will return the link of the jupyter instance with the corresponding token, copy and paste the link to the browser and the jupyter file manager should be available.