Debian虚拟机远程访问设置

SSH Remote Access
SSH (Secure Shell) is a secure, text-based method for remote command-line access to your Debian virtual machine (VM). It encrypts all traffic, making it ideal for managing the server securely.

• Install OpenSSH Server: Run sudo apt update & & sudo apt install openssh-server to install the SSH server package.
• Start and Enable SSH Service: Execute sudo systemctl start ssh to start the service immediately and sudo systemctl enable ssh to ensure it boots automatically on startup.
• Configure Firewall (if UFW is enabled): Allow SSH connections by running sudo ufw allow ssh. Verify the rule with sudo ufw status.
• Get VM’s IP Address: Use ip addr show or hostname -I to find the VM’s IP address (e.g., 192.168.1.100).
• Connect via SSH Client: On your local machine, use an SSH client like PuTTY (Windows) or the built-in ssh command (Linux/macOS) to connect. For example: ssh username@192.168.1.100 (replace username with your Debian VM’s username).
• Security Best Practices:
  • Change the default SSH port (22) in /etc/ssh/sshd_config to a non-standard port (e.g., Port 2222) and update the firewall rule accordingly.
  • Disable root login by setting PermitRootLogin no in /etc/ssh/sshd_config and use sudo for administrative tasks.
  • Use SSH key-based authentication (recommended over passwords) for enhanced security. Generate keys on your local machine with ssh-keygen, copy the public key to the VM using ssh-copy-id username@192.168.1.100, and disable password authentication in /etc/ssh/sshd_config (PasswordAuthentication no).

VNC Remote Access (Graphical Interface)
VNC (Virtual Network Computing) allows graphical remote access to your Debian VM’s desktop environment. Common VNC servers include TightVNC and TigerVNC.

• Install VNC Server and Desktop Environment: Run sudo apt update & & sudo apt install tightvncserver xfce4 (XFCE is a lightweight desktop environment; replace with GNOME if preferred).
• Configure VNC Server:
  • Set a VNC password: Run vncpasswd and follow prompts (this sets the password for VNC connections).
  • Create a systemd service for auto-start: Create a file at /etc/systemd/system/vncserver@:1.service with the following content (replace your_username with your Debian username):

    [Unit]
    Description=Remote desktop service (VNC)
    After=syslog.target network.target
    
    [Service]
    Type=forking
    User=your_username
    Group=your_username
    WorkingDirectory=/home/your_username
    ExecStartPre=/usr/bin/vncserver -kill :%i >
         /dev/null 2>
        &
        1
    ExecStart=/usr/bin/vncserver -depth 24 -geometry 1280x800 :%i
    ExecStop=/usr/bin/vncserver -kill :%i
    
    [Install]
    WantedBy=multi-user.target
    

  • Reload systemd and start the VNC service: sudo systemctl daemon-reload & & sudo systemctl enable vncserver@:1.service & & sudo systemctl start vncserver@:1.service.
• Configure Firewall: Allow VNC traffic on port 5901 (for display :1) with sudo ufw allow 5901/tcp.
• Connect via VNC Client: On your local machine, use a VNC client like TightVNC Viewer or RealVNC Viewer. Enter the VM’s IP address followed by the display number (e.g., 192.168.1.100:5901) and the VNC password you set earlier.

xrdp Remote Access (Windows-Compatible Remote Desktop)
xrdp enables remote desktop protocol (RDP) access to your Debian VM, allowing you to use Windows’ built-in Remote Desktop Connection (RDC) or other RDP clients.

• Install xrdp: Run sudo apt update & & sudo apt install xrdp to install the xrdp server.
• Start and Enable xrdp Service: Execute sudo systemctl start xrdp to start the service and sudo systemctl enable xrdp to enable auto-start on boot.
• Configure Firewall: Allow RDP traffic on port 3389 with sudo ufw allow 3389/tcp.
• Connect via Remote Desktop Client: On your Windows machine, open the Remote Desktop Connection tool (press Win + R, type mstsc), enter the VM’s IP address (e.g., 192.168.1.100), and click “Connect”. Log in with your Debian VM’s username and password.

VirtualBox Port Forwarding (For External Access)
If your Debian VM is hosted in VirtualBox and you want to access it from an external machine (outside the host), configure port forwarding in VirtualBox’s network settings.

• Steps:
  1. Shut down the Debian VM.
  2. Open VirtualBox, select the VM, and click “Settings”.
  3. Go to the “Network” tab, select “Advanced”, and click “Port Forwarding”.
  4. Add rules for SSH (port 22), VNC (port 5901), or xrdp (port 3389):
     • For SSH: Name = “SSH”, Protocol = TCP, Host IP = (leave empty), Host Port = 2222 (or any unused port), Guest IP = (VM’s IP, e.g., 192.168.1.100), Guest Port = 22.
     • For VNC: Name = “VNC”, Protocol = TCP, Host IP = (leave empty), Host Port = 5901, Guest IP = (VM’s IP), Guest Port = 5901.
     • For xrdp: Name = “xrdp”, Protocol = TCP, Host IP = (leave empty), Host Port = 3389, Guest IP = (VM’s IP), Guest Port = 3389.
  5. Click “OK” to save settings.
• Connect Using Forwarded Ports:
  • SSH: ssh -p 2222 username@host_machine_ip (replace host_machine_ip with your host’s IP address).
  • VNC: 127.0.0.1:5901 (in your VNC client).
  • xrdp: host_machine_ip (in your Remote Desktop client).

Security Recommendations for All Methods

• Use Strong Passwords: Ensure all user accounts on the Debian VM have strong, unique passwords.
• Limit Access: Restrict SSH, VNC, and xrdp access to trusted IP addresses using firewall rules (e.g., sudo ufw allow from 192.168.1.0/24 to any port 22).
• Enable Encryption: For SSH, use key-based authentication instead of passwords. For VNC, consider tunneling it through SSH (e.g., ssh -L 5901:localhost:5901 username@192.168.1.100) to encrypt traffic.
• Keep Software Updated: Regularly run sudo apt update & & sudo apt upgrade to patch vulnerabilities in the OS and installed packages.

声明：本文内容由网友自发贡献，本站不承担相应法律责任。对本内容有异议或投诉，请联系2913721942#qq.com核实处理，我们将尽快回复您，谢谢合作！