This is a very special blog entry for many reasons. First of all because it’s been jointly written with my great Scottish friend, James Morrison, and secondly because it’ll help us to keep him as a Linux user even though his laptop breaks after any update process. Now I’m able to travel to Scotland very quickly and in a secure manner (Secure SHell to the rescue!).

The point is he’s using a brand new laptop and it happens that the WiFi network card is not supported by the kernel version shipped with Manjaro Linux back in October (Linux 5.1). I had to follow a recipe to build the driver for that kernel and we have the uncertainty of what will happen once the Operating System is updated to a newer version of the Linux kernel. If I was able to be there if this happens, we would be much more relieved… and this is what this blog entry is all about: traveling to Scotland by SSH (first class accommodation of course) to help my friend James with his computer.

The process can be summarized as follows:

1. The OpenSSH service is installed in Manjaro by default but it’s not enabled. First of all we need to enable and start the service by typing the following commands:

   $ sudo systemctl enable sshd.service
   $ sudo systemctl start sshd.service

   

2. James’ laptop is now accessible via SSH but only within his local network, that is everything connected to his WiFi router. But it happens I’m not there most of the time, even though I’d like, so we need to find a way to let me access from Spain which is the country I spend most of my time 🙂 Here is where the NGROK service comes in handy and will help out. James has created a new free acount and he’s entitled to download a binary file which creates a “tunnel” helping the outside world get access to his laptop. This tunnel won’t be enabled all the time but only when we need it, so the tunnel won’t help the whole outside world get access to his laptop but me:Once the zipped file is downloaded, the following commands will help to uncompress it, configure it and make it work:

   $ cd $HOME
   $ cd Downloads
   $ unzip ngrok-stable-linux-amd64.zip
   $ ./ngrok authtoken <James' personal token>
   $ ./ngrok tcp 22

   
   
   

3. The tunnel is finally created and anyone knowing James’ credentials can get access to his laptop by using a SSH client:

   $ ssh jmorrison@0.tcp.ngrok.io -p 14174

   

4. Even though James’ laptop can be accessed by the outside world, that doesn’t mean his computer is vulnerable to cyber attacks. Three things have to happen in order to have the bad guys accessing James’ laptop: (1) the SSH service is enabled and up and running, (2) NGROK creates the tunnel and (3) the attacker knows James’ password. NGROK can be terminated by hitting the combination of keys CTRL + C, James’ password is a tough one so we can be relaxed as they won’t figure it out and, the SSH service can be stopped and disabled by typing the following commands:

   $ sudo systemctl stop sshd.service
   $ sudo systemctl disable sshd.service

And finally, here you have the edited video with the all the steps we’ve performed to come up with this blog entry. It’s been a super funny Sunday chat as it usually is, but this time it’s been nice seeing James acting as a Linux expert typing commands like hell 🙂

I hope we don’t have to use this recipe very frequently but if we need, here it is.

Bye future James and self 😉

Raúl