Tuesday, July 31, 2018

Secure Screen Sharing with Linux Ubuntu 18.04 LTS

To share screen from Ubuntu Workstation securely, we need to configure the pre-installed VNC server Vino and then we also need to install ssh server if we have not already done so. 

Server side configuration are as follows:
  1. Configure Vino server
  2. Install and configure ssh server 

We have 2 methods of launching VNC client. They are as follows:

Method 1
  1. Established ssh connection over VNC port
  2. Launch VNC client over ssh tunnel

Method 2
  1. Using a VNC client that can perform both at the same time.


Server Side Configuration

Configure Vino Server

Install and Configure SSH Server

Please refer to this post
Install and Configure SSH Server on Linux


Client Side Connection

Method 1A: Launching VNC from Linux/Mac OS X

Established SSH Tunnel from Client
At this point we assume that we have installed and tested the ssh server. To established secure ssh tunnel over VNC port, we must have the ip address of the VNC server and the port number it is using.

We can use the following command to established connection:

ssh -f -L 5999:localhost:5900 ipAddress -l username sleep 60

We have obtain the above command from the man page. The details are as follows:
  • -f is to ask the ssh to fork a separate process. This way the terminal will be free up. We can use ps -A | grep ssh to see if the process is still alive.
  • -L 5999:localhost:5900 This is the most important option. It tell ssh to use port 5999 as the local port for our local host and the ssh is to forward the data from local port to port 5900 at the remote host. Local port 5999 can be any unused port number. 5900 is the port used by the VNC server. If your VNC server uses different port, please change accordingly.
  • ipAddress is the ip of the VNC server
  • -l username is for us to login with username 
  • sleep 60 tell ssh to keep alive the connection for 60 seconds if there is no network activity. This way we  do not need to kill the process when we are done.
We also have tested the following command:

ssh -L 5999:localhost:5900 -N -f -l username ipAddress

We have obtained this command via web search. It is pretty much the same. The option -N ask ssh not to execute a remote command as the connection is for port forwarding only. Therefore sleep command cannot be used with -N. The ssh connection will be there until we kill it.

We would recommend to use the first command, unless you prefer to establish a permanent connection.


Launch VNC Client
To use VNC client over ssh, we need to use localhost and the local port number established earlier. Simply, we can use the following command:

vnc://localhost:5999

Whatever VNC client we use, we must configure such that the VNC server will be localhost or 127.0.0.1. The port number will be 5999 or whichever local port number you have configured using ssh.

Method 1B: Launching VNC from Windows

We need to download and install Putty. Putty is a remote connection tool. The setting is similar, if in doubt please research the web for information. Then you need to launch your VNC client using localhost and local port number you have configured in Putty.


Method 2: Launching VNC with SSH from VNC Client

We can perform both function using certain VNC client. Currently we only can confirm that the app Remmina can support this function. Remmina is only available in Linux platform. Open the app and create a new connection.


Enter the name of connection, server with port number, username and password. Then click on the third tab named SSH:


Over here we can configure the SSH settings.

Once the settings is done, we can click save and connect to established VNC connection. If you are on Linux platform, we would recommend Remmina.




***








Sunday, July 29, 2018

Simple Screen Sharing on Linux Ubuntu 18.04 LTS

Ubuntu already has a VNC server Vino pre-installed. So no additional VNC server installation is required.

Configuring VNC Server

To share screen from Ubuntu, we need to perform a few steps:

To share screen go to Settings > Sharing


Turn ON the OFF button on the top right corner


Click on Screen Sharing. Turn ON the OFF button on the top left corner and set a password.


Resulting screen is as follows:


Once it is completed. We need additional command line to configure so that it works. Apparently, the default encryption does not work well will any VNC client. To get VNC to accept incoming connection, open a terminal and execute the following command:

gsettings set org.gnome.Vino require-encryption false

Once this setting is done, we have one more step to do before we are good to go.  We need to enable auto-login so that screen sharing can work. Go to Settings > Details > Users


On the top right corner, click Unlock and enter your password. Then turn ON auto-login as shown below:


Now we are good to go. Before we move on, please obtain the IP address either from the GUI or command ifconfig.

Note: I could not get Ubuntu to launch screen sharing without user login. If you happen to have the solution, please let us know in the comment.


Working with VNC Client

VNC Client on Windows

If you are connecting from Windows, we would recommend you to download RealVNC viewer. It is free. Just type the ip address follow by the port number at the VNC viewer. By default Vino uses port 5900.


VNC Client on Mac OS

If you are connecting from Mac, we can use the built-in VNC viewer. Under Finder, select Go > Connect to Server and then type in the following vnc://ipaddress:5900

Alternatively, you can still download RealVNC viewer for Mac. The connecting process is the same.

VNC Client on Linux
For other Linux distribution, we have Remmina which come pre-installed in Ubuntu. Please search the web for other VNC client. 


Security

Please note that VNC connection is Not Secure. As shown earlier, we have to disabled encryption to get Vino to work. However, there are other possible option. The most common approach is to use ssh to secure the VNC connection. Alternatively, we can explore other VNC server.

Please refer to the following post if you need to established secure connection over VNC. 

Please refer to the following post for installing RealVNC on Ubuntu.

Install and Configure RealVNC in Linux Ubuntu 18.04 LTS

Please refer to the following guide for configuring various VNC server in Linux




***

Saturday, July 28, 2018

Install and Configure SSH Server on Linux

Update: 3 Aug 2018
We have included additional systemd command and also command to install ssh in Fedora

Install SSH on Ubuntu 


We are using Ubuntu 18.04 LTS Workstation, SSH was not installed by default.  Use the following command to install OpenSSH server:

Update System

We need to update the system before starting to install SSH server. use the command below:

sudo apt-get update

sudo apt-get upgrade

Install OpenSSH Server

To install OpenSSH server use the command below:

sudo apt install -y openssh-server


Install SSH on Fedora

Update System

Before installation, perform a system update first:

sudo dnf update

Install OpenSSH Server

To install OpenSSH server use the command below:

sudo dnf install -y openssh-server


Configure SSH with Systemd

Check SSH Services

To check if ssh daemon is running, use the command:

sudo systemctl status sshd


Starting SSH 

To start the service use the command below:

sudo systemctl start sshd

Configure SSH Server

If we need to change any settings such as port number, use any favorite editor vi, vim or nano with the following command:

sudo nano /etc/ssh/sshd_config

Once the config file is open, make the changes you want. Then we need to restart the service.

Restart SSH Daemon
To restart ssh daemon, use the command:

sudo systemctl restart sshd.service

Check if SSH Server Runs on Boot

To check is SSH daemon runs on boot use the command:

sudo systemctl is-enabled sshd.service 

If it is disabled, we need to enable it so that the daemon will start when system boots up.

Set SSH Daemon to Run on Boot

To enable the daemon so that it start when system boots up, use the command:

sudo systemctl enable sshd.service


Test SSH

To test if the ssh is working, go to a remote workstation and use the following command:

ssh username@serverIpAddress

If you are using different port number please use the following command:

ssh username@serverip -p <port_numbrt>

We should be able to login to the server.


Reference

For details of configuration please refer to the following guide:


***

Friday, July 27, 2018

Revive Old Mac Mini (2009) with Linux


We have an old Mac Mini (late 2009 version) lying around. The latest Mac OS X it could support was Mac OS X El Capitan. The machine is still good although the DVD drive does not worked anymore.  Apple will drop security update for El Capitan very soon. Running OS X El Capitan without any security update is not an option. 



Instead of disposing a good piece of hardware, we can install Linux. However, before we start playing around with the Linux installation, we need to take stock of the hardware capability. We might need to upgrade some hardware so that we can run Linux smoothly.

Mac Mini 2009 Specification

This Mac has Core 2 Duo CPU (P8700) running at 2.53GHz. It support PC3-8500 DDR3 RAM running at 1066MHz. This Mac Mini has a Nvidia Geforce 9400M video card. It support 2 display output. Wifi specification is 802.11a/b/g/n. This is pretty high end at the time.  However, this WiFi uses Broadcom chipset (BCM4321), which is not very well supported in Linux since it is an older chip. The down side for this machine is that it support only 5x USB 2.0 and the Bluetooth is using protocol 2.1+EDR.


Upgrading Hardware

The most important upgrade will be RAM and the storage. If you use Bluetooth device heavily, then you might consider buying a Bluetooth 4 USB adapter. Please bear in mind that this system only support up to USB 2.0.

The most important upgrade will be SSD if you are still using traditional HDD. If you are on a budget or if you do not wish to spend too much money on the old machine. We would recommend you to upgrade traditional HDD to SSD first. You can have the choice of 128GB, 256GB or higher capacity SSD. The upgrade will make a big difference in the user experience. For instruction to upgrade, please check out website from iFixit or OWC. These website also sell RAM and SSD together with upgrade kit.

According to the specification, this Mac Mini uses PC3-8500 DDR3 with 1066 MHz. This RAM is no longer in the PC building market. However, we might still able to obtained it via Mac upgrade company such as iFixit or OWC. Alternatively, we can obtained from 2nd hand market via eBay or craigslist. Officially, Apple support 4GB of RAM for this Mac Mini, however, Mac OS X is able to support up to 8GB. We are not sure if the chipset is able to support 16GB of RAM if we are to use Linux. It is recommended to to upgrade to 8GB. However, if you have 16GB of DDR3 with 1066MHz lying around, you might want to try it and let us know if Linux could recognize 16GB RAM.

We have previously upgraded the RAM and SSD for this Mac Mini. As far as we can remember, we do not need any special kit to upgrade RAM or SSD. Please checkout the following upgrade video from OWC and iFixit.


Possible Hardware Issue and Preparation

Please note that for Mac Mini (late 2009), we need to install third party drivers for Nvidia Geforce 9400M and Broadcom wifi. These two hardware will constantly cause us much of the conflict, headache and time during installation of Linux. 

For some Linux distribution, the open source video driver did not work well and we need to install Nvidia drivers.

The Broadcom third party driver is also not very reliable,  the driver works intermittently. The wifi could not detect available wifi host occasionally. A lan cable is required during Linux installation. After installation of third party driver, some time the wifi could not detect any network. We need to reboot a few time in order to get wifi connected. If wifi is a must for you, We would recommend that you buy an USB wifi adapter.

In addition, we would recommend you to use a wired mouse and keyboard during Linux installation. Wireless mouse and keyboard only works well when Linux is installed in the main drive and patched. 

Please also note that if we are going to switch between different Linux distribution, the Mac Mini or the bootable USB drive might not able to boot properly. In this case, we have to clear SMC or reset PRAM or perform both.

Please also prepare a couple of USB drive if you plan to try out different Linux distribution.


Different Class of Linux Distribution

Before, we start talking about which Linux distribution to install, we might want to classified different Linux distribution into different class. Each class of distribution uses the same type of OS. Usually they are forks or variant of the original Linux distribution. The based operating system is the same except that different distribution might use different user interface. 

Debian/Ubuntu class of Linux distribution are based on Debian/Ubuntu. There are many distribution that are based on Debian/Ubuntu. Some distributions are named as *buntu such as Xubuntu and Kubuntu. Popular distribution in this class are Debian, Ubuntu, ElementryOS, MX Linux, Zorin and Linux Mint.

Fedora/Red Hat class of linux distribution consist of Red Hat Enterprise Linux, Fedora and CentOS. Arch Linux class of distribution consist of Arch Linux,  Manjaro and Antergos. OpenSUSE and Solus are built independently. 


Which Linux To Install

Based on our experiment, Ubuntu class of Linux distribution is the best choice with no extra steps involved in installing additional drivers. It also give us less problem while booting up. The only problem that Ubuntu give is the Broadcom wifi issue. If you are only using wired network then it will be no issue at all. Other OS such as Elementary OS and Debian provide more stable wifi connection.

For Fedora class of Linux distribution, we could not install additional third party driver while installing the main OS. We could only add additional repository after the main OS is installed. Similarly, the wifi behaves intermittently. CentOS also present similar problem.

Manjaro is more of a headache. When mange to install Manjaro, however,  sometimes the OS could not boot properly due to system hang or video driver issue. In addition, Manjaro do not work well with other distribution for dual boot.

Word of advice, if you do not have much time to spent, just install any of Ubuntu class Linux distribution. This guide contain instruction on installing Ubuntu on Mac Mini. 

Making Bootable USB Drive

Downloading and Verify Linux Distribution 

Downloading of various distribution is straight forward. Go to Distrowatch.com and select your favorite Linux distribution. Follow the download instruction from the website. For verification of downloaded package, we use shasum in Mac OS X to perform verification.

Use the following command:
                          sudo shasum -a 256 xxxxx.iso

The option -a follow by a number tell the shasum to compute using sha 256 algorithm.  For sha1 no option is required.

The above command will generate a checksum which we can check against the website.

Alternatively, we can download a checksum file. Checksum file is a text based file that contain all the checksum from a download site. Please put checksum file and the image file in the same folder. Use the following command:

sudo shasum -a 256 -c checksum.txt

The system will run through the list in the checksum file and compare against the iso on the list. Those verified package will return OK. 


Preparing USB Drive for Mac Mini

Downloading of various distribution is straight forward. But due to the nature of our Mac Mini, some distribution could not boot. Please note that our Mac Mini uses 32-bit EFI. We must configure the USB drive such that it is bootable from our Mac Mini. Some Linux distribution make it easy to boot from 32bit EFI while it is impossible to boot on some Linux distribution.


Preparing Ubuntu USB

Ubuntu website has a tutorial for making a bootable USB for Mac system. See links below. The preparation involves in downloading an open source software called Etcher. 


We would recommend to uses the same method to make a bootable USB drive for all Debian/Ubuntu class of Linux distribution.

Preparing Fedora USB

When you try to download the latest Fedora workstation distribution, you will down the Fedora Media Writer instead. This is a useful tool to make bootable USB drive. To make Fedora USB drive, just run the media writer and download Fedora. Once download is completed, we can choose to copy the distribution to an USB drive. We recommend to use the same media writer for making USB drive for CentOS.

Preparing USB for Other Linux

The best method to make bootable drive for Manjaro is to use dd command. We will explore the details of making bootable drive in separate post.


Booting from Mac Mini

Booting from Mac Mini is quite straightforward. When the Mac Mini chimes, press option key (Alt key for Windows keyboard). Then, we choose to boot from the USB drive.

We did not encounter any problem when we try to boot Ubuntu. However, after multiple switching of Linux distribution, multiple partitioning and reboot; the system could not boot and hangs occasionally. The only way is to reset SMC, or PRAM or both. Listed below is the support document for resetting SMC and PRAM.


If you still encounter issue booting up the USB drive, please check the downloaded package or change the USB drive.

Please check the list below on other startup shortcut for Mac product:


In the following section, we will go through the steps in installing Ubuntu on Mac Mini late 2009.


Installing Ubuntu on Mac Mini (late 2009)

Please note that we had upgrade the Mac Mini hardware previously. Currently our Mac Mini hold 8GB of RAM and it has 128GB of SSD. Please follow the previous section on preparing Ubuntu USB drive after you have downloaded the latest version of Ubuntu from the web.

Booting USB on Mac Mini

Once you have the USB drive ready, insert it to your Mac Mini and start the machine. Press “option” (or “Alt” for windows keyboard) when you hear a chimes from the Mac Mini. The key press must be either earlier or together with the chimes. The system will show a few drives which you can boot from. Ubuntu USB drive always produce 2 bootable drives. Select either one and the system will bring you to a boot page. Select “Try Ubuntu Without Installing”. Ubuntu should be able to boot up. If for some reason the USB drive could not boot up, please clear SMC and/or PRAM. If you are still not able to boot up, please check the iso image or change USB drive.

Installing Ubuntu

Once you are in the system, you can select Install Ubuntu to start the installation process. 



The installation app will appear with the screenshot as shown below:



Select your appropriate language and click Continue.


Select your keyboard layout and click Continue.


Select the type of installation. We would recommend minimal install if you have very limited disk space, otherwise use the default. For third party driver, we suggest that you select to install third party driver. However, you can choose not to install third party driver as shown below:


Click Continue.


We can choose to install Ubuntu along side other OS. For fresh installation, select the option Erase disk and install Ubuntu. Click Install Now to proceed with the installation. A dialogue box will appear to inform us how the system is going to partition the drive. Since our Mac Mini uses 32bit EFI, the system will create a boot partition mounted as /boot/efi formatted using FAT32. The root partition will be formatted as ext4. Click Continue.


The next screen  allow us to select the time zone.


Select the appropriate time zone and click Continue.


Next we need to create our default account. Enter userID and password. Since this is an experimental box, I choose to auto login. Click Continue to proceed.


The system will start its installation process. Once it is completed. The dialogue box appear as below. 


You can choose to continue testing with the USB version or choose to reboot the Mac.

Post Installation

After the system is rebooted, we need to update the system. The system will automatically launch the Software Update app. Click Install to update the patches.


Alternatively we can use the command from the terminal:

sudo apt-get update

Follow by:

sudo apt-get upgrade

Personally, I would like to keep the dock at the bottom. You can set the dock under Settings > Dock.


For additional software installation, we use Ubuntu Software app. Click the All tab and click on the search icon. We prefer to install gparted and vlc. Search for gparted as shown below:


Click on the gparted result. 


Click Install.

Similarly, we also search for vlc and click install as shown below.


To install Chrome, we activate Firefox and search for Chrome.

 

Click to download and install.


Choose the first option For Debian/Ubuntu and click Install down the scroll box.



The system will launch the Ubuntu Software app as shown above. Click Install.

After installation of all the app we want, we can go to Settings > Details > Default Application to set the default app for video playing and web browsing.



Important: Please note that when we launch Chrome or VLC for the first time; the system will take a while to launch the app. Sometimes, we may need to wait for 1 min or more for the initial launch. There is nothing wrong with the installation. 

Please also note that when we launch Chrome, we must set password for the keyring in Linux. Chrome uses Linux keyring to store password. Every time when we rebooted the system Chrome will ask for keyring password. However, it will only asked once when the system is booted.

Video Driver Issue

The current 18.04 LTS Ubuntu do not have video problem. By default, it uses open source nouveau video driver. It does not create any problem. However, if you use dmesg to look at the message, you will see some error relating to nouveau video driver.

You can choose to install Nvidia video driver. It will reduce video related error in the dmesg. To install third party driver, got to Software & Update app. Select the tab Additional Drivers.


Select "Using Nvidia...." driver and click Apply Changes.

If you are happy with the video you can leave it as default.

Update 29 July 2018

We have discovered that Nvidia driver does not work well with RealNVC in Ubuntu. If you intended to install VNC server, we would suggest that you keep existing driver.

Our testing with Linux Mint also shows that if Nvidia driver is installed, Linux Mint would not launch X windows session during boot up, if monitors are not detected. This creates problem if you intended to boot your box without monitor attached.

If you intend to use the box with VNC server or to boot without monitor, use the original open source video driver, DO NOT install Nvidia driver.

Broadcom Wifi Issue

This is the only persistent problem with some of the Ubuntu distribution. In fact, if you search the web there are many issue relating to Broadcom wifi driver, especially on older chipset. Our Mac Mini uses BCM4321 wifi chip.

If you are happy with just wired network connection. You can just ignore this section and you are good to go.

If you prefer to make the wifi work, You can choose to install the third party driver. Go to Software & Update app. Select the tab Additional Drivers.  Click on "Using Broadcom..." and click Apply Changes.


We have tried using this driver. The system is able to detect the wifi after installation of the driver. The wifi is also able to scan and detect all the routers. We manage to established connection with our router. However, subsequent reboot shows that the wifi is not able to established connection consistently. Sometimes, the wifi is able to established connection, sometimes it don't. To resolve the issue, we have to reboot the system few times until the wifi works.

There is a detail troubleshooting post on solving Broadcom wifi issue. the links is below.

https://askubuntu.com/questions/55868/installing-broadcom-wireless-drivers

Based on the linked post above, there are 2 drivers for BCM4321. We will present both drivers for you to test.

The two drivers are bcmwl-kernel-source and firmware-b43-installer.

Install Broadcom Drivers bcmwl-kernel-source
To install bcmwl-kernel-source, you just need to use the additional drivers from the GUI. We suggest you test with this driver first.

Install Broadcom Drivers firmware-b43-installer
To install firmware-b43, we must first remove the bcmwl driver. To remove it use the command below:

sudo apt-get remove --purge bcmwl-kernel-source

Then install the driver as follows:

sudo apt-get install firmware-b43-installer b43-fwcutter

After that we need to make change to a block file as this driver is currently being blocked. Edit the file using the command below

sudo nano /etc/modprobe.d/blacklist.conf

Comment by adding # in front of the line blacklist bcm43xx

Restart the machine.

Our Test and Conclusion
We have tried the method recommended in the post and we also tried installing firmware-b43. However, the wifi still connects intermittently. Unfortunately, it is very hard to troubleshoot intermittent behavior.

Final resort is to get another wireless adapter which does not cost much according to Amazon website.


Making Use of the Revived Box

Now that Ubuntu is running on this Mac Mini, what can we do with it? Mac Mini has the reputation of low power consumption. So it is ideal to run this box 24x7.

Media Server
Perhaps we can use it as a media server. If you can attached an external USB drive to this Mac Mini, perhaps we can try to install Plex Server or Kodi. We can get a mini Display port to Display port cable and connect them to a TV.

Network Server
Perhaps we can use the box to run VPN server. Using Mac Mini as a router is not an option since router need more than 1 network interface.

Please let me know in the comment if you have any more ideas on how to make use of this box.


Related Post

Please also check out the summary result of testing various Linux distribution on Mac Mini (late 2009).
Install Linux on Mac Mini (late 2009) Result Summary



***