This is the fourth part of a multi-part tutorial describing how to configure the "perfect" Kodi media centre running on top of ubuntu server.
Other parts of the tutorial may be found here:
- Introduction and Overview
- Part 1: Kodi installation and configuration
- Part 2: NFS file sharing
- Part 3: Auto-mounting hard drives with Udev
- Part 4: Remote administration with SSH
- Part 5: Transmission torrent client
- Part 6: VPN connection
- Part 7: Firewall configuration with UFW
This section contains some tips on how to enable remote login and administration with SSH, and some ways to secure it against abuse.
Remote administration with SSH
Sometimes it's nice to set a torrent running when you're out and have it completed by the time you get home. The most reliable and secure way to do this is to enable secure shell so you can log in remotely.
The secure shell daemon is probably already installed, but if not you can install it now:
sudo apt-get update sudo apt-get install openssh-server
In its default configuration, SSH allows users to login using their system username and password. For increased security, it's a good idea to disable password authentication (to prevent brute force attacks by bots) and require publickey authentication. If you don't have a publickey, you can learn how to create one here. Not sure if you have one? Check with
ls ~/.ssh/*.pub on your workstation (not the server). If you have one you should see something like
Assuming you already have a publickey, copy them to the server by running this command from your workstation (not the server):
126.96.36.199 is the IP address of the kodi box on the LAN. If you have multiple keys and you would like to copy a specific one:
ssh-copy-id -i ~/.ssh/sam_at_samhobbs.co.uk.pub email@example.com
Now log in:
or to use a specific key:
ssh -i ~/.ssh/sam_at_samhobbs.co.uk firstname.lastname@example.org
Once you have verified that publickey authentication works, you can disable password based authentication. Find the following
PasswordAuthentication setting in
/etc/ssh/sshd_config and change it to match the following:
You may need to uncomment the setting. While you are here, check you have the following lines too:
Now restart SSH:
sudo service ssh restart
Finally, set up port forwarding in your router. You need to forward port 22 from WAN to the local static IP of your kodi box. Then if you run ssh
kodi@WAN_IP you will be able to log in to the kodi box. If your WAN IP address is dynamically assigned, you may want to set up dynamic DNS so that you can
ssh email@example.com instead of using an IP address.
You may choose to forward a non-standard port to reduce the number of login attempts by bots, in which case a client config can be useful, e.g.
~/.ssh/config on the workstation:
Host subdomain.yourdomain.com User kodi Port 2222
Now you only need to type
ssh subdomain.yourdomain.com without typing the username and port each time.
Once you are happy everything is working, continue to the next part of the tutorial.