How To: Remotely Access a Computer, Server, or NAS

[Windows7ge]

Having a Computer, Server, or NAS setup in your home is great for hosting a plethora of applications and services that suit your daily needs. At times though you may wish to access these systems from a remote location. Depending on your choice of OS and how you wish to remotely access your system the software to do so can vary but they all achieve the same goal. This tutorial will cover various types of remote access software that is available on both Windows & GNU/Linux based clients & servers including best security practices and how to implement them.

 

NOTE: The majority of this tutorial is for setting up SSH/SFTP methods of remote access. If you need Remote Desktop methods skip strait to 4.3 - Remote Desktop. Additionally if you would like the extra security of a Client-to-Site VPN checkout my other tutorial How To: Access Remote Systems at Home/Work Securely from Anywhere with Pritunl. This will require changes as to how you setup your router in relation to how you configure your Computer/Server/NAS so comment below if you need help with that.

 

Index

Spoiler

1. Router Setup

    1.1 - Static IP or Dynamic DNS

    1.2 - Reserving Server IP

    1.3 - Port Forwarding

2. Generating a Public/Private Key Pair

    2.1 - Generating a Public/Private Key Pair on Windows 10 (2004)

    2.2 - Generating a Public/Private Key Pair on Debian, Arch, & RHL/RHEL

3. Server Setup

    3.1 - CentOS 7 / Fedora 32

        3.1.1 - Disable Password Authentication

    3.2 - FreeNAS / TrueNAS CORE

        3.2.1 - FreeNAS

            3.2.1.1 - Other PPKA Setup Method

            3.2.1.2 - Disable Password Authentication

        3.2.2 - TrueNAS CORE

            3.2.2.1 - Other PPKA Setup Method

            3.2.2.2 - Disable Password Authentication

    3.3 - Open Media Vault

        3.3.1 - PPKA Setup

        3.3.2 - Disable Password Authentication

    3.4 - Ubuntu Server

         3.4.1 - Disable Password Authentication

4. Client Software

    4.1 - Secure Shell (SSH) | CLI

        4.1.1 - Windows, GNU/Linux, MacOS Command-Line

        4.1.2 - Windows Subsystem for Linux

        4.1.3 - PuTTY

        4.1.4 - Git

        4.1.5 - Cygwin

    4.2 - Secure File Transfer Protocol (SFTP) | GUI

        4.2.1 - WinSCP

        4.2.2 - FileZilla

    4.3 - Remote Desktop

        4.3.1 - VNC Connect & TightVNC

        4.3.2 - TeamViewer

        4.3.3 - AnyDesk

        4.3.4 - PARSEC

        4.3.5 - RDP

5. Conclusion

 

1. Router Setup

Spoiler

Before proceeding your Internet connection must meet three criteria:

1. Your ISP must allow Port Forwarding.
2. Your Server/NAS must not be behind a Double NAT.
3. You must have one of the following:
   1. A Public Static IP from your ISP.
   2. A Dynamic DNS service configured.

If these conditions are met you can continue. If not, not all is lost. Post a comment and we'll discuss your options.

 

1.1 - Static IP or Dynamic DNS

Spoiler

Which you should go with any why:

 

Static IP:

On a commercial level a Static IP is better and is often times provided by default when you buy a commercial subscription from your ISP. Residential subscriptions are often times subject to Dynamic IP's where-in your public facing IP  changes at the whim of the ISP's network needs.

 

For most people this is fine and doesn't impact normal Internet browsing but if you want to Port Forward it's like trying to send a letter to someone with a constantly changing street address. Today most routers are configured with what is called a Dual Stack. That is it has both a public facing IPv4 & IPv6 address. If you want to use a raw IP address but don't want to ask your ISP for a Static IP sometimes the IPv4 address simply does not change. On a residential subscription you may be able to connect to your network with your Public IPv4. Often the IPv6 will change at the ISP's whim.

 

If you don't know what your Public IP's are you can often find them in your Routers WebUI or alternatively you can use one of the many WhatIsMyIP websites. This will give you information on both your Public IPv4 & IPv6.

 

Dynamic DNS:

What if you:

• Want something more reliable than gambling on your ISP changing your IP?
• Don't want to type in numbers whenever you want to connect to your Server/NAS.
• Don't want to pay the additional fee ISPs often charge when requesting a Static IP?

Well that's where Dynamic DNS comes in. DNS alone is the web service that resolves IP's to hostnames. Normally this relies on a Public IP that doesn't change, however Dynamic DNS is a service that updates the public DNS server with whatever your ISP subscription's IP currently is. One such service that allows you to do this is No-IP. No-IP is a free Dynamic DNS hosting service that lets you connect to your server from anywhere using a domain name.

 

How will No-IP know when my IP changes? You need to setup a service on your network that pings their servers. There's a couple of ways of going about this.

• One way is you can download a tool they provide. This tool periodically pings their servers and updates your IP when it changes. This isn't always an option though since it requires the computer remain powered on 24/7.
• Many routers have a Dynamic DNS service you can configure where your router will update No-IP for you.
• Many Server OS's come with a Dynamic DNS service where you can have the Server/NAS update No-IP.

There is no best option here except for going the route that suits your specific needs.

 

Once you have either your Static IP in hand or Dynamic DNS configured you can continue.

 

As for router setup, first and foremost, all routers are different. I cannot provide pictures as to how to setup your specific unit. However navigation typically follows a similar structure across the different manufacturers so I can provide general instructions that should apply to most.

 

1.2 - Reserving Server IP

Spoiler

Before we configure Port Forwarding it's important that the IP given to the Server/NAS is reserved so that it either doesn't change or cannot get handed out a second time. There's generally two ways of going about this:

1. Reserving the IP assigned to the Server/NAS in your Router. This requires:
   1. Picking an IP you will use to identify the server on your network.
   2. Identifying the MAC address assigned to the NIC being used to remotely manage the Server/NAS
2. Shrinking the DHCP pool and assigning the Server/NAS a Static IP. This requires:
   1. Understanding how to configure DHCP settings in your Router
   2. Picking an IP you will use to identify the Server/NAS on your network and changing said settings within it.

If you require help with this feel free to comment below.

 

1.3 - Port Forwarding

Spoiler

Port Forwarding is a fairly strait forward process but it's important to understand that the act of Port Forwarding opens up your network to potential threats. You generally don't want to go mad opening up ports willy-nilly. Which ports you open can also cause you to expose yourself unnecessarily to more frequent threats. I will go into more detail as we go through the setup.

 

Start by finding your way to your Port Forwarding menu in your Router. This is usually under Firewall Settings or Access Control. The major fields that need to be configured include:

• IP of the Server/NAS
• UDP, TCP, or Both
• Internal Port Number(s)
• External Port Number(s)

Specifying the IP is fairly self explanatory.  Enter the IP that was assigned to the Server/NAS.

 

UDP, TCP, or Both is dependent on the service you plan on running. For our needs use TCP.

 

The Internal Port Number(s) can be set to 22. If your Router asks for a range of ports enter 22 for both the beginning and ending internal port numbers. This is the port our router will use when talking to the Server/NAS.

 

The External Port Number is where you may want to be careful. This is the port you will use when you want to connect to your Server/NAS from outside your network. The reason you want to be careful is there are bots on the Internet that hackers use to scan blocks of IP's for open ports. If a bot finds an open port it will attempt to connect to the device behind the router and break into your network. For this reason I recommend using a port >30,000. Most bots don't scan this high. You can reference a TCP/UDP Port Allocation list to pick a port that isn't being used by any services that rely on it. Do note, this isn't a full-proof means of security, it's a means of security through obfuscation where the bots simply don't know where the open port is.

 

After you have all of these defined, save it, and start the service (if applicable). Your router is now ready.

 

If you require help with this feel free to comment below.

 

 

2. Generating a Public/Private Key Pair

Spoiler

When hosting your own Server/NAS security is important. Most people are use to what's known as password authentication where-in a user is authenticated with a password. All forms of authentication that will be covered here will include an additional layer of security known as Public/Private Key Authentication. PPKA has two forms of authentication in itself, these are Password-less PPKA & Password Protected PPKA. PL-PPKA can be used in situations where you need a system to be able to login automatically over a secure connection. This may be used when having one Server/NAS back-up data to another over the network or Internet without human intervention to enter a password. PP-PPKA is a sort of 2FA where when you want to connect to your Server/NAS you must first provide the Private Key then you must provide the Private Key password. This is an easy way to increase the security of your Server/NAS when exposing it to the Internet.

 

2.1 - Generating a Public/Private Key Pair on Windows 10 (2004)

Spoiler

 Go to Start -> Settings -> Apps -> Optional Features -> OpenSSH Client, for me this is already installed but if it isn't for you install it. This will require a system restart.

 

 

From here open up Windows PowerShell by right-clicking Start -> Windows PowerShell

 

 

 

 

Windows PowerShell is a very powerful CLI utility for administrative maintenance and task automation. We're not going to do anything too fancy with it today though. We're just going to use it to generate our public/private keys.

 

To get started run the following command:

ssh-keygen

 

This will make our keys. After running it a couple of prompts will come up.

1. It will ask you where you want to save the key. Just press enter.
2. It will ask you for a passphrase. This is the difference between PL-PPKA & PP-PPKA. If you want to manually remote into your Server/NAS then I recommend you create a passphrase.
   1. It will ask to confirm the passphrase.
3. It will then generate our key pair.

Optionally you can now run the command:

copy .\.ssh\id_rsa .\Desktop\

 

This will copy the Private Key we created to your Desktop for convenience sake. Keep this hidden and don't lose it.

 

Now run the command:

Get-Content .\.ssh\id_rsa.pub

 

This will print to the console the contents of the public key file. As it's name implies everyone knows what the public key is. This doesn't need to remain hidden. Copy this somewhere safe, keep this window open, or remember this command for later as you will need to pull up this file again.

 

 

 

2.2 - Generating a Public/Private Key Pair on Debian, Arch, & RHL/RHEL

Spoiler

Open a terminal and run the command:

ssh-keygen

 

If for whatever reason your distribution says the command is not available OpenSSH can be installed using the following sudo command appropriate for your distribution:

// Debian (Ubuntu/PopOS)
sudo apt install openssh-client

// Arch
sudo pacman -S openssh

// RHEL (CentOS)
sudo yum install openssh-clients

// Fedora
sudo dnf install openssh-clients

 

You'll be prompted with the following:

Generating public/private rsa key pair.
Enter file in which to save the key (/home/username/.ssh/id_rsa)

Just hit enter. The default directory is fine.

 

Next it will ask you for a passphrase:

Generating public/private rsa key pair.
Enter file in which to save the key (/home/username/.ssh/id_rsa)
Enter passphrase (empty for no passphrase):

Depending on your needs you can choose PP-PPKA or PL-PPKA. For the purposes of this tutorial we will use PP-PPKA.

 

After you enter your passphrase it will ask you to confirm it:

Generating public/private rsa key pair.
Enter file in which to save the key (/home/username/.ssh/id_rsa)
Enter passphrase (empty for no passphrase):
Enter same passphrase again:

 

After you enter your passphrase again it will generate the PPKP:

Generating public/private rsa key pair.
Enter file in which to save the key (/home/username/.ssh/id_rsa)
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/username/.ssh/id_rsa
Your public key has been saved in /home/username/.ssh/id_rsa.pub
They key fingerprint is:
SHA256:e9yVr6YxZridRASJk/qFjH8BpkM6B9bamk92i/y9lPk username@computer
The key's randomart image is:
+---[RSA 3072]----+
|     .   o..     |
|    o o * ..     |
|   . * * +  .    |
|    + B o o.   . |
|     = +S. .. o  |
|    o o +o.* . . |
|     = o.oB B   .|
|      + .+ B +.. |
|       .. +.Eo.  |
+----[SHA256]-----+

 

To view the contents of our id_rsa.pub key file use the command:

cat .ssh/id_rsa.pub

Keep this open as we will be referring to it later.

 

 

3. Server Setup

Spoiler

Now that we have our public/private keys we need to setup the public key on what will be our remote host. How you do this is entirely dependent on the OS you installed on the system.

 

The following method will work for:

• CentOS 7
• Fedora 32
• FreeNAS / TrueNAS CORE
• Ubuntu Server

It will not work for:

• Open Media Vault

From a Microsoft Windows 10 client you can copy the contents of your id_rsa.pub key file to your Server/NAS using the following commands:

ssh username@server "mkdir .ssh && touch .ssh/authorized_keys && chmod 600 .ssh/authorized_keys"
type .\.ssh\id_rsa.pub | ssh username@server "cat >> .ssh/authorized_keys"

From a GNU/Linux or MacOS client you can copy the contents of your id_rsa.pub key file to your Server/NAS using the following command:

ssh-copy-id username@server

 

Both methods on their respective platforms copy id_rsa.pub into the respective users .ssh/authorized_keys file.

 

Alternatively the below instructions include other methods that are available for each distro including how to disable password authentication which is a necessary second step. It's very important that we disable this. If we don't what will happen is when there's a failure to authenticate with the private key the system will still ask for your user account password as a secondary method. We don't want that.

 

3.1 - CentOS 7 / Fedora 32

Spoiler

 3.1.1 - Disable Password Authentication

Spoiler

To disable password authentication we need to edit sshd_config. Start by remoting into the server and opening the file:

sudo vi /etc/ssh/sshd_config

 

Press the letter i key on your keyboard. Now edit the line PasswordAuthentication from yes to no:

...
PasswordAuthentication no
...

 

To save/exit hit ESC then type:

:wq

Then hit Enter.

 

To update the changes to the running configuration restart the SSH service: 

sudo systemctl restart sshd.service

The next time you go to authenticate, the server won't offer you password authentication as a backup to PPKA.

 

 

3.2 - FreeNAS / TrueNAS CORE

Spoiler

3.2.1 - FreeNAS

Spoiler

 

3.2.1.1 - Other PPKA Setup Method

Spoiler

From the FreeNAS Web Console navigate to Accounts -> Users -> Username -> Edit.

 

Under Authentication the SSH Public Key field is presented. Here copy the contents of id_rsa.pub.

 

 

Afterwards click Save.

3.2.1.2 - Disable Password Authentication

Spoiler

From the FreeNAS Web Console navigate to Services then select the Configure pencil to the right of SSH.

 

 

Now un-tick Allow password authentication then Save.

 

 

 

  

3.2.2 - TrueNAS CORE

Spoiler

3.2.2.1 - Other PPKA Setup Method

Spoiler

From the TrueNAS CORE Web Console navigate to Accounts -> Users -> Username -> Edit.

 

Under Authentication the SSH Public Key field is presented. Here copy the contents of id_rsa.pub.

 

 

Afterwards click Save.

 

3.2.2.2 - Disable Password Authentication

Spoiler

From the TrueNAS CORE Web Console navigate to Services then select the Configure pencil to the right of SSH.

 

 

Now un-tick Allow password authentication then Save.

 

 

 

 

3.3 - Open Media Vault

Spoiler

 3.3.1 - PPKA Setup

Spoiler

From the Open Media Vault Web Console navigate to Access Rights Management -> User -> Username -> Edit -> Public keys -> Add.

 

OMV wants the Public Key in RFC 4716 SSH format. To produce this from your id_rsa.pub key file run the command:

// For Windows
ssh-keygen -e -f .\.ssh\id_rsa.pub

// For GNU/Linux & MacOS
ssh-keygen -e -f .ssh/id_rsa.pub

Then copy/paste the output into the Public Key field:

 

 

Save, Apply.

 

 3.3.2 - Disable Password Authentication

Spoiler

From the Open Media Vault Web Console navigate to Services -> SSH. Un-tick Password authentication. Now Save, then Apply.

 

 

3.4 - Ubuntu Server

Spoiler

 3.4.1 - Disable Password Authentication

Spoiler

Run the command:

sudo nano /etc/ssh/sshd_config

 

Find the line:

#PasswordAuthentication yes

and change it to:

PasswordAuthentication no

From here Ctrl+O, Ctrl+X.

 

Now restart the SSH service:

sudo systemctl restart ssh

 

 

 

 

4. Client Software

Spoiler

This is, by no means, an exhaustive list of all remote access software but this list will suit a variety of use cases that fit different users needs and may work for you. All below suggestions can be used for free. Some do have paid versions but don't have to be purchased to serve their primary functions.

 

The below suggestions also been divided into three categories to help narrow your search. These categories include Command-Line Interface (SSH), Graphical User Interface (SFTP), & Remote Desktop methods of remote access.

 

4.1 - Secure Shell (SSH) | CLI

Spoiler

4.1.1 - Windows, GNU/Linux, MacOS Command-Line

Spoiler

The three major OS contenders all have remote access functionality from their respective command lines:

• Windows: Command Prompt, PowerShell
• GNU/Linux: Terminal
• MacOS: Terminal

Accessing the CLI on each Operating System:

1. To access the Windows PowerShell hold Shift+Right Click. From the pop-up menu select Open PowerShell window here.
2. To access the GNU/Linux Terminal right click on the desktop. From the pop-up menu select the Terminal
3. To access the MacOS Terminal navigate to Applications -> Utilities -> Terminal

 

 

4.1.2 - Windows Subsystem for Linux

Spoiler

WSL grants you the features of a bash shell within Windows using a variety of available distributions:

 

 

To start you have to install the Windows Subsystem for Linux. You can do this by going to Start -> Type: Windows Features -> Hit: Enter. From the window that pops up scroll down to Windows Subsystem for Linux.

 

 

Tick the box and hit OK. It will tell you you need to restart your computer to apply the changes. After the restart visit https://aka.ms/wslstore to reach the Microsoft Store page for WSL. From here click on your preferred distribution and click Get then Install. Windows will prompt you with options to share this across multiple devices and may ask you to login to your Microsoft account but these are not required to download & install a distribution. Once it's done hit Launch.

 

Initial configuration of a Ubuntu 20.04 LTS terminal running on Windows 10

 

 

4.1.3 - PuTTY

Spoiler

Platform Availability:

• Windows

PuTTY is a nice, fairly simple to use remote access utility that starts out with a GUI but once you login to your server brings up a Terminal window and is CLI Only.

 

 

To login to a server using PPKA with our id_rsa file we must first convert it manually to the .ppk format using PuTTYgen which was installed alongside PuTTY. You can find this in your Start Menu.

 

 

Go to Conversions -> Import key then navigate to C:\Users\Username\.ssh\. Select our id_rsa file and click Open. You'll be prompted to input your passphrase for the file. After this click Save private key. You can name it whatever you like but I'll just use id_rsa.ppk (don't overwrite your old file). We can now go back to PuTTY.

 

From here start by entering the Host Name (or IP address) and the Port (number). Next in the Category menu go to Connection -> (+) SSH -> Auth -> Browse... From here navigate to your C:\Users\Username\.ssh\ directory where we kept our id_rsa.ppk file. Select it. Now click Open.

 

If you would like to save this configuration for use later go back to Category -> Session. Write a name under Saved Sessions then click Save.

 

To login to your server/NAS click Open. You'll be prompted with who you want to login as. It will authenticate your Private Key. You will provide the passphrase, and it will let you into the server.

 

 

4.1.4 - Git

Spoiler

Platform Availability:

• Windows
• GNU/Linux
• MacOS

A quote from the Git project website:

Quote

Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency.

 

 

As stated Git is mainly designed for the purpose of coding and project management however it can be used for remote access purposes if desired. It also has direct access to the Windows file tree which is a very nice feature.

 

 

4.1.5 - Cygwin

Spoiler

Platform Availability:

• Windows

A quote from the Cygwin project website:

Quote

Cygwin is:

• a large collection of GNU and Open Source tools which provide functionality similar to a Linux distribution on Windows.
• a DLL (cygwin1.dll) which provides substantial POSIX API functionality.

Cygwin is not:

• a way to run native Linux apps on Windows. You must rebuild your application from source if you want it to run on Windows.
• a way to magically make native Windows apps aware of UNIX® functionality like signals, ptys, etc. Again, you need to build your apps from source if you want to take advantage of Cygwin functionality.

 

 

What we're interested in is the fact it has remote access functionality but it also has the ability to access the Windows file tree through the directory:

/cygdrive/c
/cygdrive/d
etc...

 

 

At the core of all of the above suggestions (except for PuTTY) is a utility known as OpenSSH. The following commands can be used on all three platforms except for some small key differences such as when specifying file paths.

 

Depending on what type of connection you want to make the command can be broken down to something as simple as:

ssh username@server

 

The username is an account that needs to exist on the remote system and has permission to be accessed remotely with a password. server can be either an IP or Domain Name. If you need to specify a Port other than 22 (default) use the -p argument:

ssh username@server -p 31000

 

If you only have one id_rsa key file when the remote system presents you with the public key your system may offer it to the server automatically. If not or alternatively you have multiple id_rsa key files and the system doesn't know which one to present to the server you can specify which key file with:

ssh username@server -i /path/to/id_rsa

 

An example on Windows would be:

ssh linustech@192.168.0.105 -p 31000 -i .\.ssh\id_rsa

 

An example on GNU/Linux would be:

ssh linustech@192.168.0.105 -p 31000 -i .ssh/id_rsa

 

Both of these examples are executed from the home directory of the user. If you have moved to a directory that isn't home these commands will fail stating they cannot locate the PPKA file.

 

4.2 - Secure File Transfer Protocol (SFTP) | GUI

Spoiler

4.2.1 - WinSCP

Spoiler

Platform Availability:

• Windows

WinSCP is an SFTP client that gives you a GUI for transferring files to and from a remote server. It includes a CLI option that integrates with PuTTY.

 

 

To login to a server using PPKA start by specifying the Host name (IP or Domain), Port number, and User name.

 

 

Now click on Advanced and go down to SSH -> Authentication. From here click the three dots to the right of Private key file and navigate to C:\Users\Username\.ssh\ where our id_rsa file is located. The directory will appear empty because WinSCP is looking for a Private Key file ending in .ppk. The one we generated using OpenSSH does not. In the bottom-right corner of the window you'll see PuTTY Private Key Files (*.ppk) open the drop-down and select All Private Key Files (*.ppk;*.pem;*.key;id_*). Now our id_rsa file can be chosen.

 

This is going to prompt a little confirm window:

 

 

Just click OK. This will copy our id_rsa file and convert that copy to a .ppk format that WinSCP can interpret. It will ask you to provide the password if you opted for PP-PPKA. When it asks you where you want to save the file the default directory is your .ssh folder which is fine. Just hit Save. Then OK. Then OK on the Advanced Site Settings menu. If you'd like to save the site information for re-using this configuration later hit Save on the login window. Here you can name your Site and it will be added to the left column on the login page for later use.

 

When you click the Login button and your server/NAS responds it will prompt you for the Key passphrase you setup. When you enter this you should see your local Documents directory on the left and your remote server directory on the right:

 

 

 

4.2.2 - FileZilla

Spoiler

Platform Availability:

• Windows
• GNU/Linux 
• MacOS

FileZilla is a free FTP/SFTP client for performing file transfers between a server and a client using a GUI.

 

 

In order to login to a server using PPKA go to File -> Site Manager -> New Site.

 

From here:

• Name your Site
• Change Protocol: FTP -> SFTP
• Specify your Host
• Specify your Port
• Change Logon Type: Normal -> Key file
• Specify your User
• Browse... for our Key file "id_rsa" in C:\Users\Username\.ssh\
  • Change PPK files -> All files (bottom right corner of window). Select our file -> Open
    • Convert key file -> Yes
      • Enter key file password -> OK
        • Name the new key file (don't overwrite the original) -> Save
          • Select the .ppk file that was created -> Open

When you're ready to save your new site your setup should look similar to this:

 

 

Click OK. FileZilla will prompt you if you'd like to save passwords. This is up to your own digression but if you can remember the password you chose well enough I would recommend not saving them.

 

From here click the arrow next to the icon under File. This will list your sites.

 

 

Clicking on your desired site you should be prompted with a page to enter your password for your Private Key file. Once the system lets you in you should see a page like the following with your local directories on the left and your server directories on the right.

 

 

 

 

4.3 - Remote Desktop

Spoiler

4.3.1 - VNC Connect & TightVNC

Spoiler

VNC Connect Platform Availability:

• Windows
• GNU/Linux
• MacOS

TightVNC Platform Availability:

• Windows
• GNU/Linux

VNC Connect developed by RealVNC is a remote desktop tool designed primarily for local administration without the need to sit in front of the system/server. Although it is possible to use over the Internet it isn't recommended without a Client-to-Site VPN.

 

 

The client is free to download from RealVNC but the target system driver that enables remote access is behind a paywall. This is where TightVNC comes in. TightVNC is a free to use alternative driver that just so happens to work flawlessly with VNC Viewer. Just install TightVNC into your target system then connect from your desktop with IP:5900. Note at first you will receive a message that the connection is not encrypted. This is usually fine since this connection is strictly over your LAN.

 

 

If desired you can suppress future warnings. Then click Continue. This will immediately bring up the desktop of the remote server allowing you to control whatever you need.

 

If you don't like how open the connection is for people to potentially access the system TightVNC does have a configuration menu:

 

 

Many variables here can be changed to suit your needs including limiting access based on IP addresses and requiring the use of a password before being allowed to connect.

 

4.3.2 - TeamViewer

Spoiler

Platform Availability:

• Windows
• GNU/Linux
• MacOS

TeamViewer is a very well known and widely used GUI remote access client. It works on an honor system of free to use for personal use but for commercial use you are suppose to pay.

 

 

Under Your ID will appear a 9 or 10 digit numerical code which from a remote location you would enter under Partner ID. From here you would enter the Password.

 

From the Extras -> Options -> Security menu you can specify your own secure password instead of the provided 6 digit code. TeamViewer has a number of different modes but for file transfer purposes you can select the File transfer bubble before you hit Connect. This will allow you to move any number of files between you and your remote server.

 

4.3.3 - AnyDesk

Spoiler

Platform Availability:

• Windows
• GNU/Linux
• MacOS

AnyDesk is a remote desktop client for use with a keyboard & mouse.

 

 

It can be used for remote management of one of your own systems, file transfers, or by providing remote assistance:

 

 

 

4.3.4 - PARSEC

Spoiler

Platform Availability:

• Windows
• GNU/Linux
• MacOS

PARSEC is a more gaming focused remote desktop application but as such has the added perk of GPU acceleration. By using a GPU installed in the server/system it makes for a much smoother remote desktop experience.

 

 

 

4.3.5 - Microsoft RDP

Spoiler

Platform Availability:

• Windows

RDP or Remote Desktop Protocol is a feature built into the Windows operating system for the use of remotely accessing clients on a LAN. Although it is possible to use over the Internet it isn't recommended without a Client-to-Site VPN.

 

To enable RDP on Windows go to Start -> Options -> System -> Remote Desktop, and toggle the Enable Remote Desktop option from Off to On.

 

 

To use RDP click Start -> Type: "Remote Desktop Connection" -> Then select Remote Desktop Connection

 

 

From here enter both the name of the computer and the user you wish to login as then click Connect.

 

NOTE: In this configuration you will only be able to connect over your LAN.

 

 

 

5. Conclusion

Spoiler

With any luck this tutorial was helpful to you. If not there's still a plethora of other software out there that may meet your needs.

 

If anything wasn't explained clearly enough or you still have questions feel free to comment below.

 

 

[AbydosOne]

First glance suggestion: include a section on RDP (the Windows protocol) under 4.3.

[Windows7ge]

1 minute ago, AbydosOne said:

First glance suggestion: include a section on RDP (the Windows protocol) under 4.3.

Huh, I completely forgot about RDP. Will add this when I find the time.

[Electronics Wizardy]

1 minute ago, Windows7ge said:

Huh, I completely forgot about RDP. Will add this when I find the time.

Don't make this public though, microsoft keeps getting big CVE's on it. Id put all of these behind a vpn if you can.

[ProjectBox153]

22 minutes ago, Windows7ge said:

Huh, I completely forgot about RDP. Will add this when I find the time.

I agree with @Electronics Wizardy. If you include RDP make sure it's with a VPN. 

[Windows7ge]

34 minutes ago, Electronics Wizardy said:

Don't make this public though, microsoft keeps getting big CVE's on it. Id put all of these behind a vpn if you can.

12 minutes ago, ProjectBox153 said:

I agree with @Electronics Wizardy. If you include RDP make sure it's with a VPN. 

I've never used RDP personally. Does it not have any encryption options?

 

I can't include instructions for a public VPN just so I can add RDP. I do have a tutorial on how you can host your own VPN which would encapsulate all of RDP's traffic but it'd still be a direct client-to-site connection. Not sure if that's worthwhile.

[Electronics Wizardy]

1 minute ago, Windows7ge said:

I've never used RDP personally. Does it not have any encryption options?

 

I can't include instructions for a public VPN just so I can add RDP. I do have a tutorial on how you can host your own VPN which would encapsulate all of RDP's traffic but it'd still be a direct client-to-site connection. Not sure if that's worthwhile.

It has encryption, and thast mostly fine, but there have been many remote execution flaws, so Id always reccmoend running it behind a vpn or other remote desktop gatway. Same with ssh and other services, but not as important. Also putting a vpn in there makes it so an attacker has to get past your vpn then into ssh/rdp.

[Windows7ge]

3 minutes ago, Electronics Wizardy said:

It has encryption, and thast mostly fine, but there have been many remote execution flaws, so Id always reccmoend running it behind a vpn or other remote desktop gatway. Same with ssh and other services, but not as important. Also putting a vpn in there makes it so an attacker has to get past your vpn then into ssh/rdp.

Sitting and thinking about it for a minute the most I can do in that regard is add a disclaimer that I'd recommend a VPN globally regardless of what remote software they go with. Beyond that it's up to the users discretion.

[ProjectBox153]

10 hours ago, Windows7ge said:

I've never used RDP personally. Does it not have any encryption options?

 

I can't include instructions for a public VPN just so I can add RDP. I do have a tutorial on how you can host your own VPN which would encapsulate all of RDP's traffic but it'd still be a direct client-to-site connection. Not sure if that's worthwhile.

It does, but it's still very easy to get into it. I have a couple machines accessible through it on the internet (just testing machines that are isolated from my main network, so nothing important), and the only thing stopping someone from getting into them is my password. That's it. Just recommending that you run a VPN that your RDP hosts can stay behind would be sufficient. 

[Windows7ge]

12 minutes ago, ProjectBox153 said:

It does, but it's still very easy to get into it. I have a couple machines accessible through it on the internet (just testing machines that are isolated from my main network, so nothing important), and the only thing stopping someone from getting into them is my password. That's it. Just recommending that you run a VPN that your RDP hosts can stay behind would be sufficient. 

It's a similar situation with VNC Connect. You really shouldn't Port Forward it. Weak security.

 

As far as a VPN goes are the vulnerabilities compensated for with any public VPN service or is specifically a Client-to-Site VPN necessary?

[ProjectBox153]

21 minutes ago, Windows7ge said:

It's a similar situation with VNC Connect. You really shouldn't Port Forward it. Weak security.

 

As far as a VPN goes are the vulnerabilities compensated for with any public VPN service or is specifically a Client-to-Site VPN necessary?

I know, that's what annoys me about RDP. On the one hand it works very well (or at least it does for me), and it works with a wide range of computers and devices (Windows has supported accessing RDP servers for years now with an included program), but on the other hand it's so insecure. 

 

From my understanding a Client-to-Site VPN would be necessary. RDP normally only works within a local network, and port forwarding just extends that to the internet. If you had a VPN that would connect to your home network then it should also work fine, and that would eliminate the need to forward port 3389. 

[Windows7ge]

1 hour ago, ProjectBox153 said:

I know, that's what annoys me about RDP. On the one hand it works very well (or at least it does for me), and it works with a wide range of computers and devices (Windows has supported accessing RDP servers for years now with an included program), but on the other hand it's so insecure. 

That's probably why (how) it works with a wide range of computers & devices.

 

1 hour ago, ProjectBox153 said:

From my understanding a Client-to-Site VPN would be necessary. RDP normally only works within a local network, and port forwarding just extends that to the internet. If you had a VPN that would connect to your home network then it should also work fine, and that would eliminate the need to forward port 3389. 

I can work with this then. I have the Pritunl Client-to-Site tutorial. I'll come up with a way of incorporating this into the guide. 

[soldier_ph]

@Windows7ge Under RDP you forgot to mention that you need at least Windows 10 Pro (/probably would also need at least the Pro Version of Windows 11). Otherwise cool little Guide.