0

How can I connect to a remote (VNC) Ubuntu Desktop 16.04 with default configuration, but no internet access (i.e. no other way of installing additional software). On my remote machine there are no restrictions to install anything.

The first question was about windows->ubuntu, and there was no solution. I wonder if there would be a way using the same OS? I know the questions seem a bit strange, but there is a serious application background, so plz bear with me and only consider "no way" if you are really sure. Thanks

muru
  • 197,895
  • 55
  • 485
  • 740
CatMan
  • 1,399
  • It's the same. Either way you'll have to install something. Either use a temporary internet connection or download to a different PC. And this assumes the remote computer has some way to be connected remotely. How exactly do you expect to do that without internet? –  Jan 15 '17 at 18:10
  • @CelticWarrior. The PCs are connected via LAN on site and remotely via VPN. The LAN itself has not a connection to the internet. Thats acutally not a very unusual configuration. And everybody that has been a victim of a cypto trojan will be at least thinking about the benefits of such a setup. Was it clear that the target PC has had a full Ubuntu desktop installation, just after that noch specific additional SW. – CatMan Jan 15 '17 at 18:29
  • @Rinzwind: I am not sure I understand what you are saying. Its not possible to connect a couple of computers without a internet router? I am not talking about initial configuration. Thats done with the Ubuntu DVDs. I am trying to keep the question as short as possible and to the point. Can you say in what respect its unclear? – CatMan Jan 15 '17 at 18:29
  • The PCs are connected via LAN on site and remotely via VPN. The LAN itself has not a connection to the internet. Except for the VPN, right? It's hard to imagine otherwise. –  Jan 15 '17 at 18:33
  • I was told not to discuss and I am trying to, but why is it so difficult for people to accept that not every computer has internet access by design for very good reasons. Are those computers have no right to use ubuntu? On Purpose the question was not about whether or not that it is a good setup, but does ubuntu offer features to make life easier in such a setup. Please believe me that this is a very physically possible and feasible setup and lets concentrate on the question itself, will we? – CatMan Jan 15 '17 at 18:51
  • If we're talking about remote sites and VPN, an internet tunnel is created between site A and site B but it's besides the point anyway. If the remote devices aren't allowed to access at least the Ubuntu (online) repositories you'll have to somehow manage to make the repositories available in your local network or install only what's needed for the remote connection and do the rest from "home". Once setup as explained in the answers you'll be able to push any additional software from A to B and install it. –  Jan 15 '17 at 19:03
  • Would it be an option to install a system with a server in another computer which is connected to the internet (Ubuntu desktop with openssh installed), and then move the drive (an HDD, SSD or USB pendrive) to the computer with a problematic or missing connection. Then it might be possible to connect to that computer in a local area network or directly between that computer and another computer. But still , you need some kind of network (wired or wireless), otherwise the computers will not be able to connect to each other. – sudodus Mar 19 '17 at 15:40

2 Answers2

1
Download the latest OpenSSH for Windows binaries (package OpenSSH-Win32.zip)
Extract the package to a convenient location (we will use C:\openssh in this guide)
As the Administrator, install SSHD and ssh-agent services:
powershell.exe -ExecutionPolicy Bypass -File install-sshd.ps1
Generate server keys by running the following commands from the C:\openssh:

.\ssh-keygen.exe -A

Open a port for the SSH server in Windows Firewall:
    Either run the following PowerShell command (Windows 8 and 2012 or newer only), as the Administrator:
    New-NetFirewallRule -Protocol TCP -LocalPort 22 -Direction Inbound -Action Allow -DisplayName SSH
    or go to Control Panel > System and Security > Windows Firewall > Advanced Settings > Inbound Rules and add a new rule for port 22.
To allow a public key authentication, as an Administrator, from C:\openssh, run:
powershell.exe -ExecutionPolicy Bypass -File install-sshlsa.ps1
and restart the machine
In C:\openssh\sshd_config locate a Subsystem sftp directive and change the path to sftp-server to its Windows location:
Subsystem sftp C:\openssh\sftp-server.exe
Start the service and/or configure automatic start:
    Go to Control Panel > System and Security > Administrative Tools and open Services. Locate SSHD service.
    If you want the server to start automatically when your machine is started: Go to Action > Properties. In the Properties dialog, change Startup type to Automatic and confirm.
    Start the SSHD service by clicking the Start the service.

These instructions are partially based on the official deployment instructions. Setting up SSH public key authentication

Follow a generic guide for Setting up SSH public key authentication in *nix OpenSSH server, with following differences:

Create the .ssh folder (for the authorized_keys file) in your Windows account profile folder (typically in C:\Users\username\.ssh).
Do not change permissions for the .ssh and the authorized_keys.

Connecting to the server

Before the first connection, find out fingerprint of the server’s RSA key by running ssh-keygen.exe -l -f ssh_host_rsa_key -E md5 from the C:\openssh:

C:\openssh>ssh-keygen.exe -l -f ssh_host_rsa_key -E md5 2048 MD5:94:93:fe:cc:c5:7d:d8:2a:33:21:0e:f3:91:11:8a:d9 martin@example (RSA)

Start WinSCP. Login dialog will appear. On the dialog:

Make sure New site node is selected.
On New site node, make sure the SFTP protocol is selected.
Enter your machine/server IP address (or a hostname) into the Host name box.
Enter your Windows account name to the User name box. It might have to be entered in the format user@domain, if running on a domain.
For a public key authentication:
    Press the Advanced button to open Advanced site settings dialog and go to SSH > Authentication page.
    In Private key file box select your private key file.
    Submit Advanced site settings dialog with the OK button.
For a password authentication:
    Enter your Windows account password to the Password box.
    If you Windows account does not have a password, you cannot authenticate with the password authentication (i.e. with an empty password), you need to use the public key authentication.
Save your site settings using the Save button.
Login using Login button.
Verify the host key by comparing fingerprint with the one collected before (see above).
Ubuntu User
  • 327
  • Thats a detailed description, thanks. That would allow me to set up a windows PC and connect to the ubuntu. However, the last question [http://askubuntu.com/questions/872232/native-windows-terminal-access-to-ubuntu-pc] yielded, that standard Ubuntu desktop would not have ssh on board, so it would not react. I am trying to find a way to access a standard Desktop 16.04. The difficult bit is the target PC side. – CatMan Jan 15 '17 at 18:39
  • @CatMan You have to physically install ssh before sshing, there's no way around it. Use removable media if you must. You can't remotely access a PC without setting up the remote access in that PC beforehand. –  Jan 15 '17 at 19:58
  • @CelticWarrior. Thanks, that confirms that ssh is not a working solution for the question. Maybe there is another idea. – CatMan Jan 15 '17 at 21:53
  • @CatMan The default installation of Ubuntu has nothing allowing an automagic remote connection. That would be a huge security hole. Users have to explicitly configure such access. SSH is not the only possibility but is arguably the best. Either way you have to install something in the remote PC before being able to access it, so why not ssh? –  Jan 15 '17 at 22:03
  • 1
    @CelticWarrior. Just rephrased the question as discussion went off topic. You say "The default installation of Ubuntu has nothing allowing an automagic remote connection. [...] Users have to explicitly configure such access.". Your statement does not rule out this: the default installation DVD has something allowing remote connection, but the users have to explicitily configure it. What would that be? – CatMan Jan 16 '17 at 12:33
0

The answer to the question is:

There is no way.

As the first answer suggests there are alternatives when not using the standard install CD or when one is willing to install additional software that is not from the original install media. With google one can find several tutorials how to make a custom Ubuntu install CD. Then, just add the openssh-server package and follow the instructions of the answer of 'Ubuntu user' above.

The only alternative that is close to the question (using original media) would be:

  • Do not install Ubuntu Desktop, install Ubuntu server.

    Although both use the same kernel and are basically the same distributions, the difference between the two official *.iso images is the selection of packages that were put on the CD. The server does have the best remote control package to use: openssh-server.

  • The server can be completed with any desktop to a full desktop version ob Ubuntu.

    The easiest way is to use "tasksel" which is a command line but menu driven installation tool. It offers different Ubuntu flavors to install.

Clearly the disadvantage of that workaround is, that you need to know how to work with the command line in Ubuntu and how things work, e.g. the package management apt and its config file /etc/apt/sources.list.

Community
  • 1
CatMan
  • 1,399