PAC Manager: connect anywhere!

PAC Manager tends to be a drop-in replacement for closed source SSH/Telnet client SecureCRT. With respect to features, it beats Putty by a wide margin. PAC Manager comes with a simple GUI written in Perl & GTK+ and is a sysadmin’s delight. It can also connect to Windows desktops over RDP (like X2Go) as it supports the rdesktop protocol. Continue reading PAC Manager: connect anywhere!

Home Remote Control: Ubuntu from Android

android_compWe explored lrc, a tool to control Linux from a smartphone browser earlier. Recently we found another Android app that does the job better by communicating over SSH – Home Remote Control. Home Remote Control works best when both your smartphone and the Ubuntu box are connected to the same WiFi router. In theory it should work as long as the devices can reach each other using IP address.

Features

  • keyboard
  • mouse/touchpad
  • list and download files from filesystem
  • system monitor (CPU, RAM, disk, battery…)
  • custom shortcuts
  • custom commands
  • sound control
  • future tasks
  • login via QR Code scanner
  • rename, delete and upload files on your filesystem
  • terminal
  • linux command library
  • ssh login

App features

  • remote control widget
  • wake on lan widget
  • export/import remote controls via a file
  • display cpu,memory,battery,bluetooth,network info of android device

Install

You can tall the app from its Google Play page (link below).

SSH server and xdotool (for mouse and keyboard control) needs to be set up on Ubuntu. Run:

$ sudo apt-get install openssh-server
$ sudo apt-get install openssh-client
$ sudo service ssh restart
$ sudo apt-get install xdotool

Now you can connect your device to your Ubuntu system. Open the Android app, navigate to “new device” -> “Linux” and enter Ubuntu LAN IP. You will have to enter the username and password to complete the SSH authentication.

Wake-on-LAN

If your hardware supports Wake-On-LAN, you do not need to leave the Ubuntu system running to control it remotely any time you want. If your system goes to sleep after an interval, setup Wake-On-LAN to wake it us whenever you try to connect to it. Steps:

  • Check and activate Wake-On-Lan and/or Wake-On-PCI(E) from BIOS
  • Run the following on Ubuntu:
    $ sudo apt-get install ethtool
    $ sudo ethtool -s eth0 wol g
  • Insert the following two lines into the autostart script (/etc/rc.local)
    sleep 5
    ethtool -s eth0 wol g
  • Open /etc/init.d/halt and set
    NETDOWN=no

You can also generate SSH key to enhance the security of the connection.

Webpage: Home Remote Control

KiTTY: PuTTY advanced

Do you connect to remote Linux boxes from Windows? If the answer is yes, you’ve definitely come across PuTTY, the most popular Telnet and SSH client on Windows. Unfortunately, PuTTY gets beta improvements once in a year. The last set of changes (at the time of writing) were published in Aug 2013. Time for the good news! KiTTY is a PuTTY alternative that implemented everything in PuTTY including requested features and much more.

Features

  • Requested
    > Sessions filter
    > Portability
    > Shortcuts for pre-defined command
    > The session launcher
    > Automatic logon script
  • Technical
    > URL hyperlinks
    > Automatic password
    > Automatic command
    > Running a locally saved script on a remote session
    > ZModem integration (experimental)
  • Graphical
    > An icon for each session
    > Send to tray
    > Transparency
    > Protection against unfortunate keyboard input
    > Roll-up
    > Always visible
    > Quick start of a duplicate session
    > Config Box
  • Other
    > Automatic saving
    > SSH Handler: Internet Explorer integration
    > pscp.exe and WinSCP integration
    > Binary compression
    > Clipboard printing
    > The PuTTYCyg patch
    > Background image
    > File association
    > Other settings
    > New cmdline options
  • Bonus
    > A light chat server is hidden in KiTTY
    > A hidden text editor is integrated into KiTTY

KiTTY has only one limitation, it is Windows-only and does not have any Linux port. However, Linux users have a number of powerful alternatives.

KiTTY is a FOSS software. It is portable as well.

Webpage: KiTTY

Effective SSH on Ubuntu

terminalUsing SSH to connect to a remote system is a part of the job for many people. There are many tweaks available to play around with SSH. However, you may not always be using the same system to connect from. Here’s a quick guide to give you a responsive experience over SSH even with X forwarding. All the changes are on the client-side. So whether it would work depends on how the server is configured too. However, in a secured network, you may not be allowed to change anything on the server which is why there are no SSH server config changes here.

In the rest of the article ssh config file refers to /etc/ssh/ssh_config on the client system from which you are connecting.

Forward X11

$ ssh -X user@remote.com

or, add the following in the ssh config file to do that permanently

Host remote.com
ForwardX11Trusted yes //if you trust remote.com
ForwardX11 yes //even if remote.com is untrusted

Compression and reasonable encryption

$ ssh -XC -c blowfish-cbc,arcfour user@remote.com

or, add the following to ssh config file

Host remote.com
 Compression yes
 Ciphers blowfish-cbc,arcfour

Disconnect hung connection

It happens more often than you think! You can get out of a hung SSH connection by keying in

Enter~.

i.e., you press Enter, then ~, then .

Re-use connections

This one is a bit risky because if the master session hangs, the newly created ones will also hang forcing you to delete the socket or manually kill it.

To try it out, add the following in the config file

Host *
ControlMaster auto
ControlPath /tmp/ssh_mux_%h_%p_%r

If you can’t avoid using SSH from mobile or tablet devices, check out mosh.

mosh: SSH alternative for weak and roaming connections

A shell to stay connected all the time!

Have you ever tried to use SSH over a dodgy connection dropping every now and then? It’s quite difficult to concentrate on what you are doing because of the repeated failures to connect to the remote box. Enter mosh (mobile shell) – a remote terminal application that specifically cares about mobile connections with high latency. mosh is an MIT product and is developed primarily by Keith Winstein with contribution from few other developers. Features:

  • Allows roaming. Stay connected even if your IP address changes.
  • Supports intermittent connectivity. If your internet connection drops, or you put your laptop to sleep, mosh will warn you but will resume connectivity when you are connected again.
  • Instantly responds to typing without lags.
  • You can run mosh as a regular user. mosh is not a daemon either. It runs as a remote server and connections are done over UDP. The authentication mechanism remains the same as SSH.
  • Supports UTF-8 characters only (and hence Unicode also). Runs on any commonly used terminal just like SSH.
  • UDP-based protocol handles packet loss gracefully, and sets the frame rate based on network conditions. mosh doesn’t fill up network buffers, so Control-C always works to halt a runaway process.
  • Dependencies on common packages installed by default on major distros.
  • Intelligent local echo support.
  • Line editing of user keystrokes
  • Multiplatform. Works on Linux, Cygwin, OSX and Android.

Configuration and usage of mosh is well-explained in its home page.

Webpage: mosh

TinySSH: light and secure SSH server sans OpenSSL

cool_penguin_smallIn case you want to try a secure SSH server that doesn’t depend on OpenSSL, TinySSH is your latest choice at the time of writing. The first version is experimental and very light (has only 48996 words of code). TinySSH uses state-of-the-art high-security cryptographic library NaCl / TweetNaCl.

TinySSH uses non-OpenSSL state-of-the-art cryptographic libraries. Attempts to be secure by design.

TinySSH claims to offer good security on TCP and is designed for perfect security on CurveCP. CurveCP is similar to TCP but uses high-speed and high-security elliptic-curve cryptography to protect every packet against espionage, corruption, and sabotage.

Features of TinySSH:

  • Easily auditable – TinySSH has less than 100000 words of code
  • No dynamic memory allocation – TinySSH has all memory statically allocated (less than 1MB)
  • Simple configuration – TinySSH can’t be misconfigured
  • Reusing code – TinySSH is reusing build mechanism from NaCl and libraries from CurveCP implementation
  • Reusing software – TinySSH is using tcpserver/curvecpserver for TCP/CurveCP connection
  • Limited amount of features – TinySSH doesn’t have features such: SSH1 protocol, compression, scp, sftp, …
  • No older cryptographic primitives – rsa, dsa, classic diffie-hellman, md5, sha1, 3des, arcfour, …
  • No copyright restrictions – TinySSH is in the public domain
  • No dependency on OpenSSL – TinySSH is using NaCl / TweetNaCl
  • Open source

In this early stage, the only way to install TinySSH is to compile and install it from source. The well-explained instructions are available here.

Webpage: TinySSH

FireSSH: SSH from Firefox

firefoxFireSSH is a cool Firefox extension that you can use to connect to a remote SSH server directly from your browser. It runs wherever Firefox runs. Quite handy when you want to stay anonymous (e.g. behind a proxy) and don’t want to connect to external servers using a desktop client which may reveal your online identity.

For Google Chrome a similar extension is Secure Shell.

Webpage: FireSSH