Home Server Build part 4 – Remote Access (Ubuntu School)

Ubuntu LogoNow that the basic server is set up and ready to go it’s time to get started with the good stuff. The first thing on the priority list is making sure we know how to control the server. Being able to control and administer the server remotely is the key to being able to run the server as a [headless](http://en.wikipedia.org/wiki/Headless_system) machine. The key technology of this remote access strategy is [SSH](http://www.openssh.org/).

### SSH – Secure SHell

SSH is a key technology common in all [POSIX](http://en.wikipedia.org/wiki/POSIX) operating systems. The program provides command-line terminal access to the remote system over an encrypted connection. SSH has effectively served as a replacement for telnet which provides remote terminal services, but is not encrypted.

It is also possible to route traffic from your computer through to the remote computer using the SSH connection. These is known as [SSH tunelling](http://en.wikipedia.org/wiki/Tunneling_protocol#Secure_shell_tunneling). One example of this is using an encrypted SSH connection to serve as a conduit for unsecured traffic like web browsing. Most of the time this isn’t a major concern, but if you want to be sure that your browsing session is protected in a public location (ie unsecured WiFi) (or need to otherwise thwart a threat like [FireSheep](http://steve.grc.com/2010/10/28/why-firesheeps-time-has-come/) you can route all your web-browsing traffic through to your server and keep it protected from anyone on the public WiFi.

Once connected you will have the same access to the machine that you would typically have by using the local command line. You log in over SSH with the same user ID and password you created during the server setup process. Here is a quick example of what the connection process looks like

“`
ssh kdmurray@192.168.2.11
kdmurray@192.168.2.11’s password:
“`

Once that’s over with you’ll get some welcome text that will look something like this…

“`
Welcome to Ubuntu 12.04 LTS (GNU/Linux 3.2.0-23-generic x86_64)
“`

### Download and install Webmin

_Details originally sourced from the [Debian install instructions](http://www.webmin.com/deb.html) on the Webmin site._

These are the steps required to install Webmin using [APT](http://en.wikipedia.org/wiki/Advanced_Packaging_Tool). There are a number of other methods mentioned on the Webmin site, but APT has the added advantages of automatic dependency resolution and easy-to-use upgrades. Of course you’re already familiar with some of what APT can do from reading my Ubuntu School posts.

Edit the APT sources list
“`
sudo nano /etc/apt/sources.list
“`

Add the following lines to reference the Webmin sources

“`

# Sources for Webmin, current as of 2012-06-10

deb http://download.webmin.com/download/repository sarge contrib
deb http://webmin.mirror.somersettechsolutions.co.uk/repository sarge contrib
“`

Once the configuration is complete you’ll need to register the developer’s public key with APT so that the files can be verified. This is required because the source is not one of the built-in Ubuntu update sources.

“`
wget http://www.webmin.com/jcameron-key.asc
sudo apt-key add jcameron-key.asc
rm jcameron-key.asc
“`

Once the key has been added to the system, and the temporary file removed you’re finally ready to install Webmin.

“`
sudo apt-get update
sudo apt-get install webmin
“`

Because we haven’t set up DNS yet (that’s coming in the next section) you will need to access your Webmin interface using the IP address of your server. The default address for your Webmin installation is [https://192.168.2.11:10000](https://192.168.2.11:10000). Most browsers will throw up a warning message when you first log in because the SSL certificate being used was [self-signed](http://en.wikipedia.org/wiki/Self-signed_certificate). This is, however expected, so you can add an exception for this server and carry on through to the Webmin interface.