The server post
Tue Mar 16, 2010 22:58 (UTC -5)Well, spring break is history, and now it’s back to the grind. I’ve been meaning to mention this for a while, so here goes.
The weekend after Kate left, I experienced a strange emotion called “boredom.” I was thinking about how I was starting to rely increasingly on my external hard drive, and I was also thinking about how my sister and I both use said hard drive for backups. I was the keeper of the drive, so I could make a backup whenever I wanted, but my sister could only make a backup when I brought the hard drive to her. She had made her last backup in August.
On a whim, I decided to see if I could set up an SSH server on my computer so my sister could access the hard drive from her apartment. I figured it would be pretty simple because we both use Unix-like operating systems (yes, Mac OS X and Ubuntu are cousins). I installed the openssh-server package, and that was that. (Ubuntu’s wiki page was a good introduction.)
I made some tweaks to improve security, such as using a non-standard port (I know, security through obscurity is bad, but not if you also have better security) and disabling password-based authentication in favor of key files. SSH uses public and private keys, similar to PGP in the scheme I’ve described previously. Essentially, in order to log in, you have to have a copy of a key file that has been approved by the owner of the server. Your key itself can be encrypted, with a password used to decrypt it. This is useful because my sister doesn’t have to know my password to log in; she just has to know the password for her key.
Since my IP address changes from time to time, I decided to give my server a name that would be consistent and easier to remember. I signed up for a free account at DynDNS.com and got a subdomain of the form example.dyndns.org. (I won’t say what it actually is. Security through obscurity…) Then I installed and configured the ddclient package, which contacts DynDNS periodically to say, “Hey, I’m at IP address such-and-such. Point example.dyndns.org to it.” So, essentially, the subdomain becomes a synonym for my computer.
I didn’t realize how arcane all this stuff was until I was on the phone with my sister trying to get her to log in. She’s not dumb; I just had a hard time explaining how Unix command-line applications work in one marathon session. (Try doing it over the phone as well.) After about an hour, she had a key and was backing up her stuff on the external hard drive on my desk. Since then, we’ve performed another backup successfully. I’ll describe the backup scheme in a future post.
But that’s not all an SSH server is good for. Port forwarding makes a lot of fun things possible! Since setting up the server, I’ve used my computer as a web proxy, which might come in handy sometime. I’ve also installed a VNC server so I can view and control my desktop from other computers. Ubuntu’s wiki has some handy information on how to set up things like that. I could also cover them in a future post if you’re really interested (I can tell you are!).
It’s worth noting that if you’re using key-based authentication on your server and you want to use PuTTY to connect to it, you’ll have to convert your private key to PuTTY’s format.
For today’s first link, I’d like to showcase my friend and roommate Andy’s new blog, Seek the Sooth. For you polyglots, Andy is also blogging in Esperanto and Spanish! I’m looking forward to reading your posts, Andy, and I’m sure I’m not the only one.
I should start using this video to help explain why I’m afraid of Google. (Via The Presurfer)
I’m too young to remember some of these, but you might find the article interesting: The Twelve Most Tarnished Brands in Tech.
