
Tips for Remote Unix Work (SSH, screen, and VNC) - BrandonM
http://shebang.brandonmintern.com/tips-for-remote-unix-work-ssh-screen-and-vnc
======
rmc
One thing the author is missing is the ssh-copy-id command, which will copy a
ssh key to he authroized_keys file and set the correct permissions. No need
for complicated and fragile ssh host "mkdir .." commands

I tried to leave a comment, but twas asking complicated things about
registering.

~~~
Mad_Dud
It's worth mentioning that ssh-copy-id might have problems with specifying
port number. Here is workaround for that:

$ ssh-copy-id ‘-p xx -i ~/.ssh/id_rsa.pub login@example.com’

------
sho_hn
One thing to keep an eye on for Unix remote work is Red Hat's SPICE remote
desktop protocol. It was originally meant to support remoting to virtual
machines and the server thus built into QEMU, but there's also a standalone
server now that appears as an X server to X clients, called xspice. xspice is
still young and immature, but already packaged in Fedora.

SPICE also keeps coming up as a possible solution to the lack of built-in
network translucency in Wayland, the technology many would like to see replace
X down the road.

Especially with NoMachine's NX 4 going closed source (previous versions were
partially open, allowing others to replace the closed parts and produce a
fully open stack), I'm looking to SPICE as a replacement.

~~~
sciurus
xpra is also worth looking at. I's much faster than X forwarding or VNC, and
it's much simpler to set up than NX. On Debian and Ubuntu, it's just an apt-
get away. The usage is straightforward

On the remote machine which will export the application(s):

xpra start :100

export DISPLAY=:100

xterm

On your local machine, you would use something like:

xpra attach ssh:serverhostname:100

You can even detach the windows(s) from one computer and reattach from
another, like GNU Screen.

<http://xpra.org/>

~~~
sho_hn
Thanks, I had heard about that shortly after the initial release but since
lost sight of it. Sure reads like the authors have made a lot of progress and
the repo looks pretty active, too. Will give it a try.

------
dnlk
From the article: _...you can leave the password blank (if you secure your
laptop with encryption, a locking screensaver, and a strong password, your SSH
key doesn’t require a password)..._ , but what if that is still not enough
security for you or your policy prohibits you from using key pairs for
authentication, or maybe you are not using a server that often and just don't
want to set up key pairs.

Enter the ControlMaster mechanism (see man ssh_config):

    
    
      Host *
      ControlMaster auto
      ControlPersist yes
      ControlPath /tmp/ssh-%r@%h:%p
      ServerAliveInterval 600
    

So now you type in your password for your first session only, and every other
session will be _slaved_ to it (this includes directory/file auto completion
over ssh in zsh and other nice nibbles like it does with public/private key
pairs).

~~~
DEinspanjer
Normally, your SSH auth agent is responsible for letting you unlock your key
once and use it with multiple sessions.

ControlMaster's biggest advantage is using a single encryption channel for
multiple connections. Especially handy if you need to jumphost through a vpn
machine.

~~~
rhizome
Doesn't ssh-agent do automatic pass-back, vpn or not?

------
llimllib
sshfs!

When I want to work with a server, I very often use "sshfs
<servername>:<remote_dir> <local_path>" to mount it to my local drive. (By
default <remote_dir> is your remote home directory, so you can omit it if
that's what you want).

Then you avoid all that mucking around with ssh while working. Probably a bit
more inefficient, but you can use rsync if you're pushing a lot of data
around.

Available on homebrew as "brew install sshfs".

~~~
BrandonM
I forgot about sshfs! I don't seem to use it as much anymore, but I first
encountered it about 6 years ago and thought it was pretty amazing.

There is a downside to sshfs, though, and it's related to the classic Joel on
Software post, "The Law of Leaky Abstractions"
([http://www.joelonsoftware.com/articles/LeakyAbstractions.htm...](http://www.joelonsoftware.com/articles/LeakyAbstractions.html)).
A relevant quote from that article is:

 _Abstractions fail. Sometimes a little, sometimes a lot. There's leakage.
Things go wrong. It happens all over the place when you have abstractions._

It sucks to be using your editor of choice to modify a file mounted on an
sshfs filesystem and have something not quite work right. Something as simple
as having the latency be higher than the local filesystem can make saves (and
even autosaves) ruin the user experience. And you're pretty well hosed when
the connection drops; you're almost guaranteed to lose at least some work.

That is why these days I tend to avoid sshfs and simply SSH+screen to a remote
machine, where I can then run vim using a .vimrc file that matches the one on
my home machine. I get exactly the same editing system no matter where I'm
logged in, and instead of hiding connection problems somewhere that you can't
control, it's very clear what will happen when a disconnection occurs.

Of course, if it's across a local or very reliable network, all of my
arguments disappear and sshfs is an excellent tool.

~~~
vacri
Screen is vital enough for me that I've modified the MOTD on my servers to
include a reminder to use it (I don't log into them that often)

------
gargalatas
VNC can be used to "remote control" a system. NX can be used to WORK on that
system.

I have written thousands of lines of code with NX, Eclipse and latencies of
~100ms! There is no way to do something similar with VNC or anything else.

<http://freenx.berlios.de/> FreeNX is a great service. Also NoMachine NX
Client is a great client. If you use them once, you can't even hear about VNC
and other remote control services.

~~~
cool-RR
Too bad there's no NX server for Windows yet...

~~~
hmottestad
You can have it connect to a windows terminal server. It works quite well and
is actually better than plain terminal server.

I wish there was NX for mac, since I try my best in life not to use ms
technology.

------
sciurus
Since learning about <https://github.com/apenwarr/sshuttle> here on HN, I
rarely need to use ssh tunnels on my local machine. Instead, I keep multiple
sshuttle sessions running in the background for the private networks I access.

------
mrud
Nice article. A really cool ssh feature is the integrated SOCKS proxy which
you start with the -D option. Just run

    
    
        ssh -D1080 me@remote.host
    

and it will start a SOCKS proxy on port 1080 and will forward all requests via
the remote host. Change the proxy definition in your browser (foxyproxy ftw.)
and you are done.

It is really useful if you want to access virtual named hosts behind remote
servers or just want to specify the uri instead of fiddling around with ports.

~~~
derwiki
It's even more useful than that! Some coffee shops restrict traffic over port
80, but don't touch 22. So set up a SOCKS proxy and you have free internet.
Tethering to T-Mobile and getting sick of them downsampling images for you?
Start up a SOCKS proxy -- they can't downsample what they don't see. Or just
in general, if you're on any WiFi network that you don't trust, set up a SOCKS
proxy and tunnel everything through it.

------
mseebach
> Send the files .. without .. scp

> cd && tar czv src | ssh example.com 'tar xz'

Why would you not want to use scp?

    
    
      scp -r src/ example.com:~/target/
    

does the same thing. Add -C for compression.

~~~
jebblue
That's faster from my experience than piping. Even faster, use rsync with the
ssh option.

~~~
derwiki
alias scp="rsync --progress --partial"

and voila! You can resume big file transfers now.

~~~
gbog
I'm not into overwriting commands, what if you share you bashrc on a machine
without rsync?

~~~
woof
Install rsync;)

------
mrich
I can recommend Nomachine for remote desktop work, it is blazingly fast even
for crappy X applications which redraw often.

<http://www.nomachine.com>

~~~
jebblue
I've tried it several times over the years and still find standard vnc4server
works great where nomachines seemed slower to me, and harder to install, you
had to download directly from their web site.

~~~
coyotej
Then you must have setup something wrong. NX has ALWAYS been consistently
faster than a typical VNC setup. You also don't have to use NoMachine's
implementation - use FreeNX (server) + OpenNX (client).

------
mbq
There are also tmux and NX.

~~~
tobych
For a discussion of the advantages (and perhaps disadvantages) of tmux over
screen: [http://unix.stackexchange.com/questions/549/tmux-vs-gnu-
scre...](http://unix.stackexchange.com/questions/549/tmux-vs-gnu-screen)

------
xchor
The ssh port forwarding command can also be simplified using "ssh -ND 9999
user@example.com" The -N opens up just a shell connection and is optional for
when you dont need to execute commands in that shell. The -D dynamically
forwards all requests to localhost:9999 to the server. I use this all the time
to tunnel out of networks and it works well with the socks proxy configuration
in firefox or your computer's proxy configs

------
mrud
Another nice ssh tunnel feature is remote port forwarding. Instead of
forwarding your local port to the remote server you can forward a remote port
to your local system. Instead of _-L8080:localhost:80_ you can just use

    
    
      ssh -R8080:localhost:80 remote.host
    

which will make your local running web server accessible via the remote port.
Of course you can specify instead of localhost other arbitrary hosts which
will be exposed via the connection.

This is really useful for some firewall punching (if you can access the ssh
server or have at least a http proxy which supports CONNECT) and exposing
private services remotely.

~~~
rhizome
_This is really useful for some firewall punching (if you can access the ssh
server or have at least a http proxy which supports CONNECT) and exposing
private services remotely._

It would also get you fired from most places I've worked.

------
Nick_C
Nice article. You could expand on it by mentioning the config file.

For example, I have a remote proxy server, a different remote web server,
github and so on, all with different user names and ports. I can alias each
with their own setup, including adding an entry for a tunnel.

    
    
      Host    mymac
      ForwardX11      yes
      ForwardX11Trusted yes
    
      Host webserver
      HostName webserver.org
      User username
    
      Host myproxy
      HostName xx.xxx.xxx.xxx
      User aname
      Port 1934

------
rcthompson
Don't forget autossh. It auto-reconnects when your connection dies. This
combined with screen makes working on flaky wireless much more bearable.

------
hmottestad
And on a mac, this will work to create a tunnel over ssh, then start the
default vnc viewer and finally close the connection when the vnc viewer is
closed:

ssh -C -f -L 5901:localhost:5900 example.com sleep 10; open
vnc://localhost:5901;

One line. Add is as an alias, configure ssh keys and you can connect to your
home machine from anywhere securely.

------
qjz
It's a very bad habit to use -p for every invocation of mkdir, and it's not
appropriate in any of the examples where it's used. For one thing, it will
never complain if you get the path wrong (provided you have the necessary
permissions) which is particularly undesirable when doing remote work.

~~~
BrandonM
I rarely use -p. Please point out where it was inappropriate.

------
lionyo
Instead of an SSH tunnel, I route a web address and use a VirtualHost to
access local ports.

For example, I route <http://blah.example.com> to my home server, then use
VirtualHost to route blah.example.come to port 8080

------
JonnieCache
For me, the article just ends with the phrase "For each computer that you
connect to," but all the rest of the html is still there. Very weird. Google
cache works fine.

------
resnamen
emacs --daemon/emacsclient is pretty awesome for remote work, and it cuts down
on startup performance issues when emacs is configured to interpret .el files
via NFS.

~~~
kra
It's a lifesaver for me. I normally run my emacsclient on my local X display,
but in low-bandwidth situations I run nox emacsclients in terminals over SSH.
I still get multiple buffers and the same emacs server session.

------
toisanji
is there a better way to do ssh/auto-screen, for example a setting for
~/.ssh/config to do the same thing?

~~~
mooism2
I have this at the end of my ~/.bash_profile:

    
    
        # run under screen if we are connected via ssh
        if [ "$SSH_CONNECTION" ] ; then
            rm -f .ssh/auth-sock
            if [ -e "$SSH_AUTH_SOCK" ] ; then
                ln -s "$SSH_AUTH_SOCK" .ssh/auth-sock
            fi
            export SSH_AUTH_SOCK=~/.ssh/auth-sock
            screen -d -R
            logout
        fi

~~~
pyre
Note: Don't do this if your screen session is setup to launch new shell
windows as login shells...

------
swah
I _bought_ Expandrive.

------
buzain
What happened to the site?

