How I Safely Connect to My Desktop From Across the Internet

My everyday ThinkPad X250 laptop is a mobile road warrior, but unfortunately it – as laptops usually do – is not the powerhouse that my desktop at home is. This makes sense; laptops trade power for mobility, and desktops trade mobility for power. However, you can get the best of both with some quick IT know-how!

Motivation

Anyone who knows me knows that I don’t like PowerPoint nor do I like traditional slideshows. Instead, I prefer to make animations and interactive presentations because I believe that learning visually is extremely effective when used correctly. Unfortunately, rendering animations is non-trivial for my laptop. I’m at school most of the day, so I need to utilize the computational power of my desktop computer while simultaneously only having access to my laptop computer.

My solution is to create an Internet-facing VPN server, start an SSH server on my desktop, and connect my laptop to my desktop remotely through the VPN. I usually send render jobs remotely and then just scp back the final renders to my laptop for viewing.

Setting up the VPN

The VPN is the Internet-facing network that the internal-facing SSH server will be connected to. This shields the home network and desktop computer from an ungodly torrent of attacks happening on the Internet and gives us some peace of mind security-wise.

I personally rent my servers from Vultr. It doesn’t really matter what kind of server is used as long as it’s running Linux – I prefer Debian for these purposes. I’m not sponsored by Vultr (though that link is a referral code, at no penalty to you); I’m just a happy customer who has never had problems with them.

Once the server is deployed, SSH into the server. We want to make sure of of two things:

  1. The VPN server will only allow SSH key based logins.
  2. We have a valid SSH key to log in.

In order to assure the first item, /etc/sshd/sshd_config should include the following settings on the VPN server:

AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication no

In order to assure the second item, we should make sure that our ~/.ssh/id_rsa.pub public SSH key is present on the VPN server.

Then, we can use openvpn-install to quickly set up a VPN server.

$ wget https://git.io/vpn -O openvpn-install.sh && bash openvpn-install.sh

Follow the instructions and generate two VPN profiles: one for the desktop, and one for the laptop.

Setting up SSH

On the desktop computer, an SSH server daemon should be running. This is typically installed either by default or through the system’s package manager. You can check whether or not it is running with:

$ systemctl status sshd

If it isn’t running, you can start it with:

$ systemctl start sshd

If you would like to enable it so that it’s always running, even across restarts, then you can enable it with:

$ systemctl enable sshd

Then, just make sure that it’s configured for SSH key login only using the same procedure as before with the VPN server, and make sure that the laptop’s ~/.ssh/id_rsa.pub public SSH key is in the desktop’s ~/.ssh/authorized_keys file.

Connecting

Now, the laptop can connect to the VPN using the profile generated earlier by openvpn-install and then SSH into the desktop from across the Internet. Again, I usually use this setup to send render jobs to my desktop and then just scp back the resultant animations for viewing.

Happy hacking!