I related the below story tonite in our Ubuntu Utah meeting and John asked me to blog the details and the howto. This is for you buddy 🙂
A few months ago I was in Chicago to take the Redhat Certified Engineer exam. By day I attended class and by night I studied the book to prepare for the grueling test. Well, one of the nights I was there (5 day course) my brother calls me in a panic begging me to come fix his computer. I of course tell him that I’m in Chicago at the moment and not sure what I can do to help. At that I can hear his heart sink, so I ask him what the problem is.
He starts into this sob story about how he has a paper due in the morning but he can’t get logged into his computer. Apparently his wife dropped something on the keyboard and the number row no longer works, which limits him from logging into his machine (numbers in passwords are good ideas boys and girls!). He is, by my suggestion, using Ubuntu on his home machine so I know I can save the day.
As he continues this story I use ssh to connect to his machine…
ssh user@remote-host
..and open the /etc/gdm/gdm.conf file.
vim /etc/gdm/gdm.conf
I change two lines from:
AutomaticLoginEnable=false
AutomaticLogin=
to
AutomaticLoginEnable=true
AutomaticLogin=username
I save the file and restart the gdm (Gnome Desktop Manager)
sudo /etc/init.d/gdm restart
By this point he’s finishing his sob story about how he needs to get his paper written or he’s going to fail his class, never graduate and end up being homeless, etc, etc.
I interrupt him to tell him to look at his computer, which is now logged in as his user, never requiring a password or username for access.
The phone goes silent. I ask if he’s still there. He is.. he’s speechless.
I remind him this is all due to the wonders of Linux and wish him good luck with his paper.. and to tell his friends about the wonders of Ubuntu!
Simple as that. SSH connection, two commands and a very thankful brother all from 1,400 miles away… and a tutorial on how to activate automagic login on Ubuntu (which is probably not the most secure idea, but you’ve been warned. Once he got a keyboard replacement I reverted the changes on his machine.)
Pingback: University Update - Linux - SSH Saves The Day.. 1400 Miles Away! Enable Automagic Login
Pingback: Pharao’s Blog - » remote administration
Often the other side should make sure that the modem allows incoming traffic on port 22 (or whatever port), otherwise it’s being blocked. That’s quite hard to set up when you are 1400 miles away and both don’t really know how the modem operates.
Just a tip if you read this blog entry and think that it would be really nice to be able to skip the login at startup: restarting gdm will kill X and with it all your applications. Which can be a bit annoying if you were right in the middle of something when you got the bright idea to implement this.
Wait, but you logged into his machine without even inserting a password? So you can login whenever you want? That, for me, is a demonstration of insecurity. Can you explain that to me please?
<p>Robert – I had to authenticate with my admin account to connect to his machine, and the ssh service was already configured. When I helped him install his machine I configured ssh for just this reason, so that I’d be able to help him remotely.
Janne – In this situation restarting gdm was safe as I knew he didn’t have anything running. He couldn’t login in the first place.
</p>
Fantastic…maybe I’ll send this to my father as a demostration of how I could help him remotely – he doesn’t believe I could no matter how much I explain…
Refusing support for Windows will help as well 😉
Nice piece but 1 big thing not covered. How did you enable ssh on your brother’s system, does he have dynamic IP or static IP & how the whole system work? Some more info. on the background on how SSH works or a pointer to some laymanish tutorials otherwise heard but nothing new 🙁
As always, be careful when SSH is active. SSH attacks can be pretty nasty on any *nix based system. TCP wrappers, VPNs, etc. are always a good idea…
by the way, nice website.
Pingback: Cartoons Fans Lounge
Um… a few questions?
1. Why didn’t you just change his password to something non-numeric (using keys on his keyboard that still function) and tell him the new password (which he can later change if he wants)?
2. How did you know his IP address (since he couldn’t login, how would he be able to tell you)?
3. OpenSSH Server is not installed by default on Ubuntu. I presume, then, that you knew it was installed and/or had made sure to install it on a prior date?
radmin.com
remember ubuntu kiddies, openssh-server is NOT part of a default ubuntu install, you need to install it on your own with synaptic or apt-get. cheers.
oops, hans beat me to it.
Women.
Pingback: This too was Dugg by …
Pingback: MK Web - Blog » SSH Saves The Day.. 1400 Miles Away!
If I install a linux machine, be it ubuntu, or fedora, or centos, or whatever,
-I install open ssh,
and make sure that the home router to that machine always assign the same IP to that machine,
-and I forward port 22 to that IP,
-and install and run a dynamic dns so I can always find that computer, and of course
-I always create an account for myself with administrative access so I can sudo remotely…
On the other hand whan I install a Windows machine, be it 2000, XP, Vista, or whatever,
-I install Terminal Services (Remote Desktop),
-and make sure that the home router to that machine always assign the same IP to that machine,
-and I forward port 3389 to that IP,
-and install and run a dynamic dns so I can always find that computer, and of course
-I always create an account for myself with administrative access so I can administrate remotely…
It’s no so big of a deal, it’s just a matter of knowing what you are doing in any OS. All modern OSes have pretty much the same capabilities one way or another.
I am a Systems Consultant, and we have clients with different platforms, and we ussually just create a VPN for this kind of stuff, but for home users the written above works great!
Hopefully he never had to type numbers in his paper. =) Of course, there’s probably an on-screen keyboard if necessary, although there’s always the numpad (or the Fn combos for laptop keyboards).
Great story and rescue nonetheless. =)
Your website always has good tips and this is no different. Thanks for this.
Pingback: Nineteen Labs » Blog Archive » Automatic Login Using SSH in UBUNTU
Very cool.
I’ve installed Ubuntu on machines for my parents for similar reasons. Being 5000 km away makes in-home repairs a little expensive 😛
I have SSH access to my network too, but don’t need to worry about SSH Attacks because i use Private Shared keys instead of interactive password login.
for more info: man ssh_keygen
Regards,
–Matt
@Matt has the right idea. Once you install openssh-server, create a public key for yourself, and exchange keys with the different computers you connect too. At that point you can disable Password authentication and simply use your public key to login (with or without a passphrase).
http://www.debian-administration.org/articles/152
Has a great article on how to enable password-less logins with SSH (but your public key can always have a passphrase).
As for knowing his brothers IP address, programs like ezipupdate and ddclient allow you to sync your IP with multiple dynamic DNS services (dyndns.org, no-ip, etc). Such a service would allow you to SSH into a domain name associated with a particular computer.
Other issues such as port 22 forwarding are device-specific, so you’ll have to make sure port 22 is forwarded (and unblocked by your ISP). Certain routers allow port triggering, such that traffic seen on a certain port on the internet side is forward through the router to the proper port on the LAN side. So if your ISP blocks port 22 (SSH) or HTTP (80), you can configure your router so that traffic from ports 2022 (x-SSH) and 8080 (x-HTTP) from the internet will be redirected through the router to the proper services on your lan.
Simply changing his password to non numerical characters would have sufficed also.
Could he not have gotten a replacement keyboard also?
Anyways, ssh++
Use fail2ban to stop brute force attempts.
http://wiki.kartbuilding.net/index.php/Iptables_Firewall#fail2ban_-_Debian_Etch.2FUbuntu
Use ajaxterm when behind facist firewalls.
http://wiki.kartbuilding.net/index.php/Ajaxterm
Linux++ ssh++
And the point of the story is…?
So you’ve had a stick and used it to get at the bananas hanging from the ceiling!?
Gratz…
*parade and fireworks*
Nice solution, but couldn’t he just hit numlock and use the numeric keypad? (I’ve been running Ubuntu for about 8 months now, I love it (started with Slackware in 95))
I don’t buy it! You knew his IP address? He wasn’t using a NAT router? If he was, it was already configured to forward port 22?
I am guessing your fix was more like “Head to Wally World and buy a new keyboard”
I appreciate the effort but Ubuntu or any other Linux distro doesn’t need such lies to convert
MC
I think this story is a little suspicious, what computer user doesnt have a spare keyboard laying around? Especially a linux user? Its a nice howto, but the premise sounds weak.
Pingback: Andrew D Williams » Blog Archive » SSH Saves The Day.. 1400 Miles Away!
On a windows box, one can go WIN+U -> On sceeen keyboard. Seems like a hell of a lot less effort to me. Or of course there is the numpad.
I like Linux and all, but come on. This is not “all due to the wonders of Linux”… It’s equally easy on Windows using Remote Desktop Connection or Mac OS using Apple Remote Desktop.
Ok, but you pass the Red Hat test?
Uh… why not just get a new keyboard? Or borrow one??
It’s kind of strange, solving a hardware problem using software. OTOH, whatever works and gets that paper written.
I think he’s making the point that SSH is a useful tool to have, not necessarily that he’s using Linux to run it. For example, I have OpenSSH installed on my mother’s box for similar reasons, but she’s running Windows. Just as easy to do the same thing, though. I’d ssh into her machine, type “edit logon.reg” and enter in:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
“DefaultUserName”=”Ma”
“DefaultPassword”=”herpassword”
“AutoAdminLogon”=”1”
Save it, type “regedit /s logon.reg”, then shutdown -r and be done with it.
Why didn’t your brother use a different keyboard?
Sorry, it’s a good story but I think the truth was stretched just a bit. As Jon said, I hope the brother didn’t have to type any numbers in his paper.
Pingback: [BLOCKED BY STBV] tipshack.com
I probably would of just went and got myself a new $5 keyboard. Or borrowed a neighbors.
Pingback: SSH Saves The Day.. 1400 Miles Away! « Linux and Unix Top News
WOW!
It’s amazing how many idiots have responded to this thread. I realize it’s dead, but I still need to say something.
1. Yes, he could have just changed the pass, but then he needs to explain how to change the pass back later. It’s also not as much fun.
2. I manage a lot of servers and systems as well as work with a computer repair company. We don’t keep spare parts around, only the essentials. A keyboard doesn’t count as essential.
3. That registry trick is cool, but I don’t foresee me ever remembering that much crap.
4. MOST smart people will setup openssh-server when installing a system. It’s not a huge security issue, especially if you also install denyhosts.
HE DID THIS – OBVIOUSLY