What are the different remote
administration tools in Linux/Unix?
Ans
The next best thing to being there is being able to
log into your systems remotely. One of the great things about Linux is the
variety of tools you can use to remotely administer your Linux desktop and
server systems. From the command line to GUI tools, you can take control of it
all right from the comfort of your very own desktop anywhere you happen to be.
I'm going to introduce you to three ways you can remotely
administer your desktops and servers: Secure Shell (SSH), Remote Desktop
Viewer, and TeamViewer. Once you've completed this article, it will be up to
you to decide which method best suits your needs and when.
Secure Shell
This is, by far, the fastest and easiest method of remotely
administering your desktop. Gaining remote access from one machine to another
is simple and secure with SSH. You issue the sshcommand from your local
machine to connect to your remote machine and you can begin to run commands to
remotely administer that machine. Typically, the command to connect to a remote
machine will look like this:
ssh -v -l username remote-host
Where username is the username you want to
connect with and remote-host is the IP address or fully
qualified domain name (FQDN) of the remote machine you want to access. Once you
have successfully connected you will find yourself at the bash prompt of the
remote machine. Start firing away commands.
But what if you want (or need) to use GUI tools this way? You
can. SSH has the capability of tunneling X protocols built in. This means you
can run the GUI tools on the remote machine on your local machine. Why would
you want to do this over remotely connecting to the desktop via VNC or Team
Viewer? By only using the GUI tools you need you are not slowing down the
administrative process by having to process an entire desktop via the network.
It's one tool at a time.
To do this the ssh command looks like:
ssh -v -l username remote-host -X
That's it. Just add the -X switch and SSH will now
tunnel X Windows. You can start up the GUI tools you need by simply executing
the commands to start them up. This will, of course, require you to know the
commands for the tools.
One word of warning. It may be tempting to allow root user
connections to the SSH daemon. Do notallow this. Secure shell in as
a normal user and then su to root if you need to work as root on a
system remotely. Allowing root connections via SSH is inviting trouble. To make
sure you do not allow SSH root connections look at the /etc/ssh/sshd_config file
and make sure the linePermitRootLogin yesis commented out (it is preceded by
a # symbol), or simply change it to no instead. If you have to make
this change then restart the ssh daemon after you save the file.
Remote Desktop Viewer
Remote Desktop Viewer is a different beast. With this tool
you are going to be administering using the remote machines complete desktop.
For these types of connections to work the remote machine must have a server
running allowing connections to be made. Fortunately this is very simple. And
fortunately the necessary tools are installed by default in the more recent
GNOME desktops. Let's first take a look at how this is set up.
The first step is to allow connections to be made on the
remote machine. To do this clickSystem > Preferences > Remote Desktop.
This will bring up a small window (see Figure 1) where you configure allowed
connections. You want to take care of this set up as a poorly configured server
could allow anyone onto your desktop.
Take note of the address you are given for remote
connections. Also make sure you select either (or both) options "You must
confirm each access to this machine" and/or "Require the user to
enter this password". If you are going to be doing the remote
administration you will not want to enable the former as you will not be there
to confirm.
Once you have this configured click close and you are ready
to connect.
To connect to this machine click Applications >
Internet > Remote Desktop Viewer. This will bring up a small window that
allows you to manage your remote connections.
The first thing you need to do is click the Connect button.
This will bring up a small window (see Figure 2) that allows you to enter the
connection properties for the remote connection. This is fairly
straight-forward: Just fill in all the pieces and click Connect. Once you are
connected you will have complete control over the remote desktop. If you do not
set this connection up to do Full Screen your remote session will remain in the
Remote Desktop Viewer window (right pane). You can maximize that window to see
the remote desktop better if you like.
Once you are done with your administration, click Close and
the connection will be broken.
Team Viewer
This is yet another approach to the remote administration.
This does work somewhat similarly to Remote Desktop Viewer in that it allows
you full control over the remote desktop. However, where this differs is it
allows you to connect to a machine that does not have to have a server
installed. What I use this tool for is allowing me to do remote help sessions
for other users. All they have to do is either install Team Viewer or
just run the tool (from the download), give me their ID Number and Password
(which I then enter it into my Team Viewer window) and we are connected.
To be the administrator you do have to install Team Viewer.
To do this go to the Team Viewer home page and then click the Start
Full Version It's Free button. You will then be taken to the download page.
Click the Linux button and then download the file that suits your distribution.
Once done you can double click that file and your Package Installer should open
for installation. Or, if you are using Firefox, as soon as you click on that
file to download it should open up your package installer immediately.
Perhaps my most favorite capability afforded by Linux is ease
of remote administration. While it is true that Windows administrators have
access to a similar function using Terminal Services I have found that it is
not the simple and elegant interface offered by Linux. I also like the simple
yet powerful tools available for administration from the Linux command line.
Here is a review of the tools I use most frequently.
OpenSSH and keychain
OpenSSH is one of several packages that make remote
administration of Linux possible however the powerful add
on Keychain enhances the power of SSH quite nicely. Keychain works in
concert with ssh-agent to maintain a single ssh-agent session across multiple
logins. This saves the administrator the hassle of having to enter a passphrase
multiple times during a given login session. It also offers the ability to use
RSA/DSA keys with cron jobs in an easy and secure way. This brings me to the
next tool on my belt; cron.
cron
Cron is a tool that allow administrators, and sometimes
users, the ability to schedule tasks, a Windows analog being the
"Scheduled Tasks" mechanism. I like to use cron to automate certain
tasks such as tripwire scanning and reporting, searching for rootkits and
executing log parsing scripts. Using cron one can execute a command or script
at 3:51am on the third Tuesday of every month. It can also be configured to perform
a task hourly or daily. Cron is my favorite tool for automating tasks.
screen, tail and swatch
Screen is a tool that often makes these "Top 10"
lists and for good reason. Screen makes it simple to run multiple sessions on a
remote system and it even allows you to detach these session and reconnect
later. This is handy for starting a kernel compile or download, detach the
session to work on something else, and return later to make sure everything
went as planned. I like to use tail and swatch with screen to keep an
eye on logs while chasing down a problem with a service. swatch is great for
ongoing log monitoring with screen because you can use regex to assign color
codes to various events which allows for "at-a-glance" quick
analysis.
less, lynx and man
How often has "RTFM" been offered as an answer to a
question on a mailing list or in a channel on IRC? Reading documentation is a
crucial element of system administration and these three tools make that task
simple. Most everyone should already be familiar with man pages. The pager less
works well for reading README and INSTALL documents. Some of you may be tilting
your head sideways wondering why I would include lynx among my favorite tools
for administration. Why not use a modern browser such as Firefox or Konqueror
from my workstation? There are two reasons really. First, more documentation
bundled with software is included in html format and lynx makes reading this
documentation fast and easy. The second reason is that when I am working on a
server I like to stay focused on the task at hand. By using lynx to search the
web for help I remain focused on the task at hand and resist the temptation to
click the Slashdot icon on my toolbar.
sed, awk and grep
Rounding out my favorite
system administration tools are sed, awk and grep. Again, I use these tools
mainly for quickly analyzing logs or the output from various commands and
scripts. I use grep and awk together frequently to quickly grab bits of
interesting information from mail logs. If deeper analysis is required I
generally throw together a perl script and call it a day. As my knowledge of
perl has expanded I find myself using sed less frequently however it is handy
for making quick changes to bind zone files or any configuration file where a
template can be used.
No comments:
Post a Comment