Ubuntu:Karmic cn

From

Jump to: navigation, search

Ubuntuguide翻译成中文的谷歌

如果只是部分的网页翻译,请点击重新载入(刷新)按钮,把更多的。

Kubuntu?
Using KDE-based Kubuntu?
Go to your correct guide
Placing Requests
You can place your requests in the
requests section of the guide.




Ubuntu 9.10 (Karmic Koala)

Introduction

  • Ubuntu 9.10 (Karmic Koala) is NOT an LTS (Long Term Support) release and is no longer supported with security updates (as of April 2011). It is recommended to upgrade to the current version of Ubuntu.
This guide is maintained at the Linux Center of the University of Latvia.
Please help test and perfect this guide. To edit pages you need to register.


Contents


General Notes

General Notes

  • This is the original Ubuntuguide. You are free to copy this guide but not to sell it or any derivative of it. Copyright of the names Ubuntuguide and Ubuntu Guide reside solely with this site. This Ubuntu help guide is neither sold nor distributed in any other medium. Beware of copies that are for sale or are similarly named; they are neither endorsed nor sanctioned by this guide. Ubuntuguide is not associated with Canonical Ltd nor with any commercial enterprise.
  • Ubuntu allows a user to accomplish tasks from either a menu-driven Graphical User Interface (GUI) or from a text-based command-line interface (CLI). In Ubuntu, the command-line-interface terminal is called Terminal, which is started: Applications -> Accessories -> Terminal.
Text inside the grey dotted box like this should be put into the command-line Terminal.
  • Many changes to the operating system can only be done by a User with Administrative privileges. 'sudo' elevates a User's privileges to the Administrator level temporarily (i.e. when installing programs or making changes to the system). Example:
sudo bash
  • 'gksudo' should be used instead of 'sudo' when opening a Graphical Application through the "Run Command" dialog box or as a menu item. Example:
gksudo gedit /etc/apt/sources.list
  • Many file management tasks can be accomplished with root Administrative privileges by starting the Nautilus file manager in a similar fashion. (Use 'gksudo' if starting Nautilus from a menu item.)
gksudo nautilus
or
sudo nautilus
  • "man" command can be used to find help manual for a command. For example, "man sudo" will display the manual page for the "sudo" command:
man sudo
  • While "apt-get" and "aptitude" are fast ways of installing programs/packages, you can also use the Synaptic Package Manager, a GUI method for installing programs/packages. Most (but not all) programs/packages available with apt-get install will also be available from the Synaptic Package Manager. In this guide, when you see
sudo apt-get install package

you can search for package in Synaptic and install it that way.

  • Many instructions use the text editor "nano" (which is universally available in Linux). However, it is often easier to use the text editor "gedit" in Ubuntu instead.
  • "Applications" means the bottom-left (or upper-left) button, akin to the Start button in Microsoft Windows.
  • If you are using the 64-bit version, replace any "i386" with "amd64"

Package Installation and Updates

Apt and Package Basics

Most new users will use the Synaptic Package Manager to install packages. These instructions are for installing packages from the command-line Terminal. Terminal can be started:

Applications -> Accessories -> Terminal
  • Install packages:
sudo apt-get install packagename
  • Example:
sudo apt-get install mpd sbackup
  • Remove packages:
sudo apt-get remove packagename
  • To remove all dependencies:
sudo apt-get autoremove
  • Example:
sudo apt-get remove mpd sbackup
  • Search for packages:
apt-cache search <keywords>
  • Examples:
apt-cache search Music MP3
apt-cache search "Text Editor"
sudo apt-get update
  • Upgrade packages:
sudo apt-get upgrade
  • Upgrade the entire distribution (e.g. from Intrepid to Jaunty):
sudo apt-get dist-upgrade

Installing .deb packages

Debian (.deb) packages are the packages that are used in Ubuntu. You can install any .deb package in your system. .deb files can generally be installed from your file manager (Nautilus) merely by clicking on them, since file associations with the default installer is already set in Ubuntu. These instructions are for those who wish to install packages from the command-line terminal (Terminal).

  • Install a downloaded Debian (Ubuntu) package (.deb):
sudo dpkg -i packagename.deb
  • Remove a Debian (Ubuntu) package (.deb):
sudo dpkg -r packagename
  • Reconfigure/Repair an installed Debian (Ubuntu) package (.deb):
sudo dpkg-reconfigure packagename
*Example:
sudo dpkg-reconfigure mpd

Handling (Tar/GZip) and (Tar/Bzip2) archives

(Tar/GZip) archives end in ".tar.gz" and (Tar/Bzip2) archives end in ".tar.bz2". Bzip2 is the newer, more efficient compression method. These files can generally be automatically extracted by merely clicking on them from your file manager (Nautilus), since file associations with the appropriate archival utilities are set by default in Ubuntu. These instructions are for those who wish to use the command line Terminal.

  • To extract:
tar xvf packagename.tar.gz

Note: tar is an application which can extract files from an archive, decompressing if necessary.

-x means extract.
-v means verbose (list what it is extracting).
-f specifies the file to use.
  • Decompressing ".gz" files
gunzip file.gz
  • Decompressing ".bz2" files
bunzip2 file.bz2
Note: You can also decompress a package first by using the command gunzip (for .gz) or bunzip2 (for .bz2), leaving the .tar file. You would then use tar to extract it.
  • To create a .gz archive:
tar cvfz packagename.tar.gz folder
  • To create a .bz2 archive:
tar cvfj packagename.tar.bz2 folder

Installing a package from source

  • Make sure you have all the necessary development tools (i.e. libraries, compilers, headers):
sudo apt-get install build-essential linux-headers-$(uname -r)
Note: "uname -r" lists the current kernel you are using
  • Extract the archive that contains the source files:
tar xvf sourcefilesarchive.tar.gz
  • Build the package using the package's script (in this case the configure script), compile the package (make), and install the compiled package into your system (make install):
cd /path/to/extracted/sourcefiles
./configure
sudo make
sudo make install
Note: typing ./ before a filename in the current folder allows the Linux shell to try and execute the file as an application even if it is not in the path (the set of folders which it searches when you type a command name). If you get a "permission denied" error, the file is not marked as being executable. To fix this:
sudo chmod +x filename
Example: In the above instructions, configure is the shell script to build the package from source. To be sure the configure script is executable:
sudo chmod +x configure
Create a .deb package from source files

If your build from source is successful, you can make a Debian (Ubuntu) package (.deb) for future use:

  • Install package tools:
sudo apt-get install checkinstall
  • Rebuild package using "checkinstall":
cd /path/to/extracted/package
./configure
sudo make
sudo checkinstall
  • Keep the resulting ".deb" file for future use. It can later be installed using:
sudo dpkg -i packagename.deb

Note: These are basic instructions that may not always work. Some packages require additional dependencies and optional parameters to be specified in order to build them successfully. Also see these Ubuntu wiki instructions.

Aptitude

Aptitude is a terminal-based package manager that can be used instead of apt-get. Aptitude marks packages that are automatically installed and removes them when no packages depend on them. This makes it easy to remove applications completely. To use Aptitude, replace apt-get with aptitude in the command line. Example:

sudo aptitude install packagename
sudo aptitude remove packagename
sudo aptitude update
sudo aptitude upgrade

For an ncurses-based graphical user interface, type

sudo aptitude

For more information, see the aptitude documentation.

Synaptic Package Manager

While "apt-get" and "aptitude" are fast ways of installing programs/packages, you can also use the Synaptic Package Manager (System -> Administration -> Synaptic Manager), a GUI method for installing programs/packages. Most (but not all) programs/packages available with apt-get install will also be available from the Synaptic Package Manager. This is the preferred method for most desktop users. In this guide, when you see

sudo apt-get install package

you can simply search for package in Synaptic and install it that way.

  • System -> Administration -> Synaptic Package Manager
  • Search for the name of the program/package. You can also search for a word in its description.
  • Check the box "Mark for Installation"
  • Click the "Apply" button.
  • The selected program(s) will be automatically installed, along with its dependencies.

Add/Remove Programs

Not all packages available from apt-get, aptitude, and Synaptic Package Manager are available in Add/Remove Programs. However, it is the easiest interface for new users of Ubuntu and directs them to preferred packages.

  • Applications -> Add/Remove Programs
  • Search for the sort of program you want to add. Example: type MP3 to see a list of mp3 software.
  • Check the box "Mark for Installation"
  • Click the "Apply" button.
  • The selected program(s) will be automatically installed.

Manual Updates

  • Manually, from Terminal (command line interface):
sudo apt-get update
sudo apt-get upgrade
or
  • Use Synaptic Package Manager:
System -> Administration -> Synaptic Package Manager -> "Reload" then "Mark all upgrades"
If there are packages available for updating, you will be prompted whether to install them.

Automated Updates

  • Use Synaptic Package Manager:
  • System -> Administration -> Synaptic Manager -> Settings -> Preferences -> General -> Reloading Outdated Package Information -> Automatic


Utilities

Utilities facilitate everyday tasks, such as keeping the clock up to date, archiving utilities, and more.

Archiving Utilities

ZIP

The command-line terminal utility ZIP creates files that are compatible with the time-honored PKZIP and WinZip. It is included in (K)Ubuntu by default. Extracting zip files can be done with the unzip utility. using the -P option allows using a password for the files:

zip -r -P mypassword desination.zip *

Note: The -r option indicates to include all subdirectories recursively.

FileRoller (Archiving GUI)

FileRoller is a GUI for many types of archival utilities.

X-archiver (Archiving GUI)

Xarchiver is a GTK-based GUI front-end for many archiving utilities. Install:

sudo apt-get install xarchiver

BChunk

BChunk is a command-line utility that allows you to convert .cue and .bin files into an .iso file (so that they can be opened and manipulated in Ubuntu). Warning: If the bin/cue image has audio tracks, they will be lost.

Get BChunk

sudo apt-get install bchunk

To convert .cue and .bin files, navigate to the folder and run this command (replacing filenames with your own):

bchunk inputfilename.bin inputfilename.cue outputfilename.iso

After the file is converted into ISO you can mount it using:

sudo mount -o loop outputfilename.iso /media/output

Navigate to /media/output and you should see all the content there. You can then copy it anywhere.

To unmount:

sudo umount /media/output

HJSplit Files Joiner/Splitter

HJSplit for Linux (Java version).

  • Make sure you have Java Runtime Environment installed:
sudo apt-get install sun-java6-jre
  • Download the HJSplit JAR file:
wget http://www.freebyte.com/download/hjsplit/hjsplit_g.jar
  • Create the directory for HJSplit:
sudo mkdir /opt/hjsplit
  • Move the file to an appropriate directory:
sudo mv hjsplit_g.jar /opt/hjsplit/ 
  • Run:
cd /opt/hjsplit/ && java -jar hjsplit_g.jar 
Note: You could also make a terminal shortcut (menu item) in K Menu Editor.

Rar

Rar archives files into the proprietary .rar format.

sudo apt-get install rar

This application is a 40-day trial.

Unrar

Unrar extracts files archived with the proprietary .rar format. A free version can be installed:

sudo apt-get install unrar-free

or the proprietary version (also free for noncommercial use) can be installed with the ubuntu-restricted-extras package or with:

sudo apt-get install unrar

7-Zip

The open-source 7-Zip archive format was originally designed for Windows (and DOS) but is also available for Ubuntu. The GNU/Linux version of 7-Zip does not come with a GUI, but Ark can hook into 7-Zip to handle 7z archives. Install:

sudo apt-get install p7zip-full

Hard Drive Utilities

KDiskFree (Hard drive properties monitor)

KDiskFree is a KDE utility for monitoring free disk space, etc.

sudo apt-get install kdf

Clock Utilties

Screensavers

Partition Managers

Also see these tips for partitioning scheme suggestions, other partitioning tools and methods, and usage of multiple partitions for multiple OSs.

GParted Partition Manager

Gparted is a GTK (Gnome)-based partition manager that can also be used with KDE.

  • This utility works best when run from a LiveCD. Recent versions of the Ubuntu LiveCD have a copy of GParted on them. Start the Ubuntu LiveCD in demo mode (not in install mode) and then start GParted:
Menu -> System -> Administration -> GParted
  • You can also install the package into your OS (once it is installed on your hard drive):
sudo apt-get install gparted

User Administration

  1. System -> Administration -> User Management -> Administrator Mode

Add New Users

  1. "New" button
  2. Change the "Login Name" to the desired username
  3. Click the "Passwords and Security" tab
  4. Enter the desired password

Modify Users

  1. Select the user you wish to modify
  2. Click the "Modify" button

Removing Users

  1. Select the user you wish to remove
  2. Click the "Delete" button

Change your user groups

It is quite often necessary to have extra privileges to do certain tasks. These privileges are assigned to your user by belonging to certain groups. The tasks are allowed to be performed by any user belonging to the group associated with that task.

Example: a "sudoer" is a user who can perform certain administative tasks, such as updating the system. To become a "sudoer" a user must belong to the "sudo" group.
Applications menu -> System -> User Manager -> user -> Groups --> check sudo

To become an administrator, you must belong to the adm, admin, and sudo groups. To be a virtualbox user, you must belong to the virtualbox group. To change printer settings you must belong to lpadmin. To use the cdrom, you must belong to cdrom. To use hot-pluggable devices, you must belong to plugdev. To share Samba folders (on a Windows-based network), you must belong to sambashare. To access NTFS files using the virtual filesystem fuse, you must belong to the fuse group. To use many games, you must belong to the games group. The list is long, and not always obvious.

Unfortunately, while this is the feature that gives Linux such a high-level of security, it can also take diligence to remember to add your user to certain groups. It is not uncommon for programs and functions on your system not to work merely because you don't have privileges to do so because you forgot to add your user to the appropriate group(s).

Of most importance, you must already be an administrator in order to change membership in groups. Therefore, if you create a new user and intend to give that user administrative privileges (by assigning the user to the administrative groups), you must do so from your original administrator account (the one you set up at installation) or from another administrative user account.

Timekpr (Parental controls)

Timekpr is a program to track and control the computer usage of user accounts.

  • If updating, remove any prior versions:
sudo dpkg --purge timekpr
sudo add-apt-repository ppa:nedberg
  • Install:
sudo apt-get install timekpr
When prompted which default display manager to use, select "gdm"
  • Start:
System -> Administration -> Timekpr Control Panel

Web content filtering

DansGuardian provides web filtering capability, similar to NetNanny. It is useful for limiting objectionable content in publicly accessible workstations, or for filtering objectionable content for younger users. It integrates with ClamAV, and uses several criteria for filtering websites (which is difficult to modify). It is used with Tinyproxy (best for individual users) or the Squid proxy (best for a network server). Install:

sudo apt-get install dansguardian tinyproxy
or
sudo apt-get install dansguardian squid

See these installation instructions for setup details. In brief,

  • Edit the dansguardian configuration file:
sudo nano /etc/dansguardian/dansguardian.conf
comment out the UNCONFIGURED line:
#UNCONFIGURED
If using tinyproxy instead of Squid, change the proxyport to 8888:
proxyport 8888
  • Reinstall dansguardian:
sudo apt-get install --reinstall dansguardian
  • Set your browser to use the localhost:8080 proxy. For example, in Firefox:
  • Firefox -> Edit -> Preferences -> Advanced -> Network -> Settings
  • Manual proxy configuration -> HTTP proxy: localhost -> Port: 8080

System Administration

Automating Tasks

  • Cron is a system daemon that runs tasks in the background according to instructions found in a crontab file. To edit the crontab file for the current user:
crontab -e

Tasks that normally require administrative (sudo) privileges should be added to the root user's crontab:

sudo crontab -e

Add commands using the format specified here (or see the Ubuntu Community Help). The crontab command format can also be found using:

man crontab
  • Scheduled/automated tasks (cron events) can also be edited using the GNOME schedule GUI interface.
Menu -> System -> Administration -> Task Scheduler
  • If the GNOME Schedule task scheduler is not installed, install it:
sudo apt-get install gnome-schedule

Boot Menu

Login Menu settings

You can change the Login menu settings from the GUI interface:

System -> Administration -> Advanced -> Login Manager

You can choose an integrated theme or select individual components of the login screen/process.

Automating bootup options

StartUpManager is a GUI to manage settings for Grub (Grub Legacy), Grub 2, Usplash, and Splashy.

  • Install:
sudo apt-get install startupmanager

GRUB boot manager settings

Grub2

Karmic comes with Grub2, which is a difficult boot manager to customize. (Grub2 is also known as grub-pc.) See the evolving instructions at the Ubuntu wiki or Ubuntu forums. In brief, some settings can be edited:

sudo nano /etc/default/grub
sudo update-grub
  • You can also use this command:
sudo grub-mkconfig --output=/boot/grub/grub.cfg
GRUB Legacy

The older version of GRUB ("Grub Legacy") is available, for use with a boot partition, for example. Install:

sudo apt-get install grub
  • If you have multiple operating systems (OS) on your computer, you may be using the GRUB Legacy boot manager (in a boot partition, for example). You can edit the options for GRUB Legacy in the menu.lst configuration file. (See this detailed info.)
sudo nano /boot/grub/menu.lst
(gedit can also be used instead of nano as the text editor.)
Chainloading Grub2 from Grub Legacy

To chainload Grub2 (installed in this example in the /dev/sda7 partition) from Grub Legacy, use an entry of this format in the Grub Legacy menu.lst configuration file (stored in a boot partition, for example):

title Kubuntu Karmic OS (chainloader)
rootnoverify (hd0,6)
kernel /boot/grub/core.img

Default Applications

You can choose which program to use as your default program for a specific task.

System -> Administration -> Default Applications

Kill a process

Sometimes a program (or "process") just freezes. To "kill" (or end) the program/process:

System -> Administration -> System Monitor -> highlight the errant process -> Kill process

From the command line:

sudo killall process
where process is the name of the frozen program, such as firefox.

Enabling NUM LOCK On Startup

System -> Administration -> Keyboard & Mouse -> Keyboard ->"turn on Numlock on Startup"

Working with Menus

Create an encrypted folder

You can create a folder whose contents are encrypted. See these instructions.

Create a symlink from a file to another location

A symbolic link (also known as a symlink) is a method in Linux of referring to a file (or directory) in one location from another location. Usage:

ln -s /path/to/source /path/to/destination

If /path/to/destination requires superuser rights, then use:

sudo ln -s /path/to/source /path/to/destination

This is similar to, but more powerful than, creating Shortcuts, with which former Windows users may be familiar.

Assign a root password

To be able to log in as root directly, you must assign a root password. This can be done with:

sudo passwd root

Afterwards, you can use

su

to get a root prompt. You would then use the root password.

Get a root prompt without using a root password

If you have not set a root password (or don't know it), you can obtain root user privileges anyway. From the command-line Terminal:

sudo -s
or
sudo su
or
sudo bash

You will use your own user password instead of a root password.

You could also get a prompt to become any other user on the computer by typing:

sudo su <username>

Use the File Manager as root

sudo nautilus
or
gksudo nautilus

Manually Mount and Unmount a device

To manually mount a device:

mount /dev/hda

replace /dev/hda with the location of the device.

To manually unmount a device:

umount /dev/hda

replace /dev/hda with the location of the device.

Windows Compatibility

Mounting NTFS Partitions (with read/write privileges)

Find out the name of your ntfs partition:

sudo fdisk -l

Method 1: In this example, the NTFS drive is listed by fdisk as /dev/sda2, but yours may differ.

Make a mount point for the drive:

sudo mkdir /media/WindowsNTFS

Edit fstab:

sudo nano /etc/fstab

Comment out the automatically added lines by Ubuntu installation:

#/dev/sda2  auto nouser,atime,noauto,rw,nodev,noexec,nosuid 0 0
#/dev/sda2 /mnt auto user,atime,noauto,rw,nodev,noexec,nosuid 0 0

and instead add the line:

/dev/sda2 /media/WindowsNTFS ntfs-3g quiet,defaults,rw 0 0

Note: There are many ways to mount the drive, depending on your needs. The fstab file controls this process. See How to edit and understand fstab and Intro to using fstab.

In this example, I indicated that the file system was an ntfs-3g filesystem, so did not use the auto option (which detects the filesystem automatically). I used rw to specify read/write privileges for all users, but umask=0 and umask=000 are accepted by some kernels.


Method 2: Edit fstab:

sudo nano /etc/fstab

When Ubuntu installation finishes, it mounts all ntfs partitions automatically with ntfsprogs, adding a line similar to the following to fstab:

UUID=8466268666267956 /media/sda1     ntfs    defaults,gid=46 0       1

Change this line to:

UUID=8466268666267956 /media/sda1     ntfs-3g    defaults,nls=utf8,locale=zh_CN.UTF-8,rw,gid=46 0       1

In this example, I have a Chinese-language Windows installation on my first partition, so I set the locale parameter (locale=zh_CN.UTF-8) so that my Chinese documents can display correctly. Setting rw (same as umask=0 or umask=000) lets me read/write the partition without sudo. gid=46 specifies that the drive will belong to the group of hot-pluggable devices (plugdev) and is not necessary unless your ntfs drive is a hot-pluggable one (such as an external USB drive). nls=utf8 is the default and is optional for most ntfs users, but there are other options for Chinese (and other specialized character-set users).

Mounting FAT32 Partitions

Follow the above instructions, but use vfat instead of ntfs-3g.

In other words, if you have made a mount point directory /mnt/WindowsFAT32 and your FAT32 drive is /dev/sda3, then edit the /etc/fstab file to include the line:

/dev/sda3 /mnt/WindowsFAT32 vfat quiet,defaults,rw 0 0

Synchronize clock to network time server

The Network Time Protocol (NTP) allows time synchronization of your computer to time servers on the Internet.To enable it:

  • Applications menu -> System Settings -> Date & Time
  • Check the "Set date and time automatically" option
  • Choose an ntp time server near you.

Printers

The new CUPS interface recognizes many printers. Specific printers not recognized can often be installed using instructions found at the Linux Foundation OpenPrinting database.

Add a Printer

System -> Administration -> Printing -> New Printer -> New Printer

Most of the time, your printer (if connected and turned on) will be detected automatically.

My network printer with its own IP address at 192.168.0.124 was correctly installed at

socket://192.168.0.124:9100.

You can also choose printers on a Windows system via Samba and other types of networked printers, in addition to directly connected printers.

Use CUPS web interface

From any web browser, go to the URL:

http://localhost:631

Hardware

CPU and motherboard

The original Linux kernel supplied with Karmic Koala implemented mandatory CPU temperature and fan speed sensor monitoring (which was optional in previous kernels). The output from the sensors was used to effect CPU scaling (throttling) in the event of "out of range" temperature values. However, not all motherboards/CPUs have sensor drivers available, and due to a bug in the feedback routine, missing sensors drivers incorrectly reported as an "out of range" error in this kernel. This threw multiple errors which were logged (using rsyslogd) to both the /var/log/kern.log and the /var/log/syslog files, filling them to multiple Gb size within a few hours. This had the effect of slowing, then freezing, the machine.

The new Linux kernels (> 31.17) have fixed this problem by disabling the feedback throttling. If your machine is affected by this problem, go ahead and install using the original kernel supplied with Karmic, but then do an update/upgrade to obtain the current Linux kernel.

Disable CPU Frequency scaling

(These instructions should not be necessary any longer, even for the problem noted above. They are maintained here for reference only.) My motherboard does not have drivers for my CPU fan sensor. Therefore, the Linux kernel cannot monitor the temperature and fan speeds properly and throttles the CPU (aka frequency scaling) inappropriately. This has the effect of slowing or freezing my computer. To turn off this behavior, I used the Debian RCConf utility:

sudo apt-get install rcconf
sudo rcconf

and unchecked the ONDEMAND item. (I also unchecked the fan control item). I then rebooted. For more info, see this.

libsensors

libsensors (libsensors3 and/or libsensors4) is a module that allows an interface (such as lm-sensors) to monitor your motherboard/CPU temp and fan speeds. You can adjust settings:

sudo kate /etc/sensors.conf
sensors -s

libsensors and lm-sensors are not used by the Linux kernel (which uses other routines).

Some hardware CPU sensors are not recognized by the Linux kernel, causing system slowdown or freezing. Here is some info about hardware/sensors problems.

Sensors-applet (Motherboard monitoring)

Sensors-applet (or xsensors) is the Gnome (Ubuntu) frontend for lm-sensors. These sensors monitor the temperature and fan-speed sensors of your motherboard.

sudo apt-get install sensors-applet lm-sensors
sudo sensors-detect
sensors-applet
  • Make sure your sensors are installed.
sensors

For more info, see this thread.

Graphics Card

Install Latest Nvidia/ATI drivers

Ubuntu uses a GUI frontend to Jockey for the installation of the proprietary nVidia drivers (and other proprietary drivers).

Menu -> System -> Hardware Drivers
  • Sometimes after a kernel upgrade a proprietary driver may stop working. In such a case, try installing the new linux-headers that match the newly upgraded kernel:
sudo apt-get install linux-headers-$(uname -r)
If dkms and build-essential have never been installed on your system, these can also be worthwhile:
sudo apt-get install dkms build-essential

Fix Intel graphics resolution problems

On a fresh install of Karmic Koala I had no problems with my onboard Intel graphics card. However, on an update from Jaunty to Karmic, I could not get higher screen resolutions -- the same problem I had in Jaunty. Therefore, my solution is the same, i.e. to revert to the old Intel drivers, as detailed here.

Screen Keeps Flickering

If you have an Intel Corporation Mobile 915GM/GMS/910GML card, your screen may flicker every 5-10 seconds. To prevent this:

  • System -> Administration -> Advanced -> Service Manager
  • Uncheck "Detect RANDR (monitor) changes"

Reconfigure xserver-xorg

sudo dpkg-reconfigure xserver-xorg

xorg.conf

Before installing any driver for ATI or nvidia, please make backup xorg.conf before following this method.

sudo cp /etc/X11/xorg.conf /etc/X11/xorg.conf.bak

If you have edited this file but would like it to be automatically updated again, run the following command:

sudo dpkg-reconfigure -phigh xserver-xorg

If you want to try this xorg.conf after installing the driver, you must back up your xorg.conf as following. And then, edit /etc/X11/xorg.conf in text editor. Add or modify this xorg.conf sample.

xorg.conf for nvidia
 Section "Screen"
 Identifier "Default Screen"
 Device "Configured Video Device"
 Monitor "Configured Monitor"
 SubSection "Display"
 Depth 16
 Modes "1280x1024" "1024x768"
 Option "AddARGBGLXVisuals" "True"
 EndSubSection

 Option "AddARGBGLXVisuals" "True"
 Defaultdepth 24
 EndSection
 Section "Module"
 Load "glx"
 Load "GLcore"
 Load "v4l"
 EndSection
 Section "Device"
 Identifier "Configured Video Device"
 Boardname "vesa"
 Busid "PCI:1:0:0"
 Driver "nvidia"
 Screen 0
 EndSection
 
 Section "Device"
 Identifier "Device0"
 BoardName "Generic Geforce 5500"
 Driver "nvidia"
 Vendorname "NVIDIA Corporation"
 Option "DualHead" "1"
 Option "ShadowFB" "1"
 Option "FPScale" "1"
 Option "TwinView" "True"
 Option "TwinViewOrientation" "RightOf"
 Option "UseEdidFreqs" "True"
 Option "Metamodes" "1024x768,1024x768"
 Option "UseDisplayDevice" "DFP"
 EndSection
 
 Section "Device"
 Identifier "Videocard0"
 Driver "nv"
 VendorName "NVIDIA Corporation"
 BoardName "GeForce 7600 GT"
 EndSection
 
 Section "InputDevice"
 Identifier "Generic Keyboard"
 Driver "kbd"
 Option "XkbRules" "xorg"
 Option "XkbModel" "pc105"
 Option "XkbLayout" "us"
 EndSection

 Section "InputDevice"
 Identifier "Configured Mouse"
 Driver "mouse"
 EndSection
 Section "ServerLayout"
 Identifier "Default Layout"
 screen 0 "Default Screen" 0 0
 EndSection
 
 Section "Extensions"
 Option "Composite" "Enable"
 EndSection

Installation of ATI and nVidia Graphics drivers

nVidia Driver

If you have problems with nVidia drivers after upgrading, check this UbuntuGeek guide for solutions to common problems with nVidia. The current nVidia drivers are automatically maintained in Jaunty, however, in

System -> Administration -> Hardware Drivers

Look for the current drivers to activate there.

  • Here are alternate manual instructions.
  • Please make a backup of xorg.conf before following this method.
sudo cp /etc/X11/xorg.conf /etc/X11/xorg.conf.bak
  • Install the nvidia-settings package:
 sudo apt-get install nvidia-settings
  • Download the nVidia driver:
wget -O NVIDIA-Linux-x86-pkg1.run http://www.nvidia.com/Download/index.aspx?lang=en-us
sudo sh NVIDIA-Linux-x86-pkg1.run

and choose yes to any verbose response. After you install the driver, reboot your computer.

ATI Driver

If you have problems with ATI drivers after upgrading, check this link for solutions to common problems with ATI.

Monitors / Displays

Turn off power saving

Even when on AC power, the power saver feature of Ubuntu sometimes changes the screen brightness to the battery setting on laptops. This was a problem with the ACPI power management module in the past, but should now be fixed. If not, change the settings:

To access the Guidance Power Manager module, click on the power icon on the desktop taskbar.
Change the brightness setting for "Battery powered" to maximum.

You can also turn off power management settings (invoked when the computer is idle):

System -> Administration -> Display -> Power Control -> uncheck "Enable display power management"

Configure Dual Monitors with nVidia

  • Make sure that the nVidia driver has been installed and is functioning properly on your first screen. Also, make sure both monitors are connected.
  • Open the command-line terminal Konsole and type:
sudo nvidia-settings
  • Select "X Server Display Configuration".
  • You should see 3 boxes (2 if your card doesn't have an S-Video out). From here you can configure all of your card's outputs.
  • Check the "(Disabled)" box.
  • Select "Configure...".
  • The most common choice is TwinView. Select it.
  • Setup the desired screen resolutions and positions of your two active displays.
  • The new display will likely have resolution set to "Auto" to match your first. Change this if you wish.
  • Leave the first screen's position as "Absolute" and set your second display's position relative to that.
  • "Clone" means the same output on both.
  • Once you are satisfied with your settings, hit Apply to test them.
  • Note: if your displays are side-by-side, the kicker may extend across both screens as well as any maximized applications. This will be corrected when the X server is restarted.
  • If everything else is ok, hit "Save to X Configuration File". Now hit Ctrl+Alt+Backspace to restart X. You now have 2 screens!
  • (The NVIDIA X Server Settings application can be also found in K -> System Settings to change settings later, but this does not always work because settings need to be changed as the root user.)
  • Troubleshooting: if the X server fails to reload you can recover your old X configuration. In a terminal:
sudo cp /etc/X11/xorg.conf.backup /etc/X11/xorg.conf

Hard Drives and USB Storage

Optical Drives

Printers & Scanners

The new CUPS interface recognizes many printers. Specific printers not recognized can often be installed using instructions found at the Linux Foundation OpenPrinting database.

Brother printers

Most Brother printers are auto-detected or can be installed directly from the CUPS interface. For information on a specific model, see the Linux OpenPrinting site.

Sound

Many programs require ALSA sound. If you are not hearing sound, try selecting ALSA as the default sound system:

System -> Administration -> System Settings -> Sound

In Jaunty, only your soundcard may be listed. Try selecting that.

Also check your program's preferences section to make sure ALSA is selected. This is necessary for many multimedia packages, for example.

Pulse Audio

Jaunty has Pulse Audio version 0.9.14 and Pulse Audio Volume control 0.97 in the repositories. On my system I had to install them:

sudo apt-get install pulseaudio pavucontrol padevchooser

I then had to enable my user to belong to the pulseaudio groups:

System -> User Manager -> user -> Groups ->
check pulse pulse-access and pulse-rt

Configure Pulse Audio:

System -> Settings -> PulseAudio Preferences Sound Audio preferences

I also had to set PulseAudio as my default sound system:

System -> System Settings -> Multimedia -> Device Preference
Note: Unfortunately, not all programs like PulseAudio. Many programs require special plugins for PulseAudio. YMMV. Pulse Audio still has many bugs. Installing PulseAudio disables ALSA for many soundcards. You may end up with no sound at all if you install PulseAudio. If this happens you may have to uninstall it.

Airport Express

Airport Express with Pulse Audio

The Airport Express (AEX) is a network device with an audio output jack that can be connected to speakers or an amplifier. You can stream audio over the network (wired or wirelessly) to (or from) this device.

These capabilities require the newest version 0.9.15 of Pulse Audio and Pulse Audio Volume Control 0.98, as well as pulseaudio-module-raop (for Airport Express). Instead of (or after) installing the default 0.9.14 packages from the Jaunty repositories, obtain them by adding the repositories from this Launchpad site:

deb http://ppa.launchpad.net/themuso/ppa/ubuntu jaunty main
deb-src http://ppa.launchpad.net/themuso/ppa/ubuntu jaunty main
then download the GPG key here
and save it as themuso.gpg.
then install the repository key and update:
sudo apt-key add themuso.gpg
sudo apt-get update

then install:

sudo apt-get install pulseaudio padevchooser pulseaudio-module-raop pulseaudio-module-zeroconf

Then configure Pulse Audio:

Menu -> Settings -> PulseAudio Preferences Sound Audio preferences -> Network Access

and check both:

Make discoverable network sound devices available locally
Make discoverable Apple Airtunes devices available locally

Note: Make sure your firewall is not blocking ports 5353, 5000, and 6000.

My AEX is discovered, but I got no sound through it until I selected it as the default sink (output) by one of two methods:

  • From the PulseAudio Volume Control:
Menu -> Multimedia -> PulseAudio Volume Control -> Output Devices
then click the arrow and set the AEX device as default
  • From the PulseAudio Device Chooser:
Menu -> Multimedia -> PulseAudio Device Chooser -> Manager -> Devices -> Sinks
I then noted the name of my Airport Express device to be raop.Base-Station-e60157.local, so I entered that as the sink:
PulseAudio Device Chooser -> Default sink -> Other -> raop.Base-Station-e60157.local

Now, any devices (or multimedia players) setup to play through PulseAudio will play through the stereo attached to the Airport Express.

GSTransmit

GSTransmit is a tool to allow GStreamer-based utilities to stream output to an Apple AirTunes Device (such as the Airport Express), without using Pulse Audio. It is available as a self-installing .deb file from the website.

raop-client

Another method to stream audio to the Airport Express without Pulse Audio uses raop-client, a tool written in Ruby. See information here.

Airfoil

You can stream media from a PC running Windows or Mac OS X that is connected to an Airport Express network to your Ubuntu Linux desktop, using Airfoil. (Unfortunately you cannot send media output from Ubuntu to the Airport Express network, only receive from it.) This can be useful in a distributed multimedia system, for example, in which your Ubuntu PC is connected to a media center. You must be running Mono. You can download the .deb package at Rogue Amoeba. Installation instructions are at Rogue Amoeba Linux support.

Mice

Activate side-mouse-buttons in FireFox

Adding two lines to xorg.conf will activate side-mouse-buttons in FireFox.

  • This should work with most brands of the 5-button mouse. Here is a list of mice that worked with this instruction.
Logitech MX310
Logitech MX510
Logitech MX518
Logitech MX700
Logitech MX Revolution
Intellimouse Explorer (first edition)
Razer Copperhead
  • Backup X.org configuration file
sudo cp /etc/X11/xorg.conf /etc/X11/xorg.conf.bak
  • Modify the X.org configuration file
kdesu kate /etc/X11/xorg.conf
  • Find the Input Device section for your mouse and add two lines as shown below.
  • You may also increase the number of buttons if your mouse has more than 7 -- just fix the rest of the section based upon the number of buttons.
Note: "back/forward", "wheel click" & "tilt left/right" all count as buttons
  • Change:
Section "InputDevice"
 Identifier "Configured Mouse"
 Driver "mouse"
 Option "CorePointer"
 Option "Device" "/dev/input/mice"
 Option "Protocol" "ExplorerPS/2"
 Option "ZAxisMapping" "4 5" 
 Option "Emulate3Buttons"       "true"
EndSection
to:
Section "InputDevice"
 Identifier "Configured Mouse"
 Driver "mouse"
 Option "CorePointer"
 Option "Device" "/dev/input/mice"
 Option "Protocol" "ExplorerPS/2"
 Option "ZAxisMapping" "4 5"
 Option "Emulate3Buttons" "true"
 Option "Buttons" "7"
 Option "ButtonMapping" "1 2 3 6 7"
EndSection

Touchpad

For Synaptics Touchpads:

sudo apt-get install gsynaptics

For more info, see the Ubuntu help wiki.

Wacom Pen Tablets

Support for the Wacom pen tablet is integrated into Jaunty by default, including for hotplugging. For more info, see the Ubuntu documentation.

Remote Controls

LIRC (Infrared Remote Controls)

LIRC (Linux Infrared Control) allows you to use most infra-red remote controls. This can be installed from Applications -> Add/Remove Packages -> Settings -> Infrared Remote Control

or
sudo apt-get install lirc

Remuco (Bluetooth and WiFi Remote Controls)

Remuco is a utility for controlling many multimedia players (such as VLC, Amarok, Rhythmbox, Audacious, and many others) using a Bluetooth or WiFi remote control. Each player has its own package. For example, the VLC package is named remuco-vlc and can be installed:

sudo apt-get install remuco-vlc

Bluetooth

BlueZ is the package that allows Bluetooth connectivity in Ubuntu Linux. This package is included within the current kernel of Ubuntu. To add utilities to check whether your Bluetooth adapter's firmware is current, install:

sudo apt-get install bluez-utils bluez-firmware

then run

sudo dfutool

WiiMote

The Wiimote (Wii Remote Control) uses both Bluetooth and Infra-red technology. It communicates with Ubuntu Linux using the incorporated BlueZ Bluetooth drivers and/or LIRC drivers. (It can function with Bluetooth alone, however.) You will need a Bluetooth receiver on your PC (such as a Bluetooth USB stick or built-in Bluetooth receiver, for example). (Note: not all Bluetooth receivers will work with the Bluez drivers. Check this list or test yours first.)

  • Install the cwiid Wiimote controller package and the lswm Wiimote discovery package:
sudo apt-get install wminput lswm
  • Install the drivers (or just reboot):
modprobe uinput
Note: You can also add uinput to the modules files so it loads automatically at bootup:
sudo echo "uinput" >>/etc/modules

Run (while pressing button 1/2 on the Wiimote):

sudo wminput

For more info, and to learn how to enable the infra-red functions, see this guide.

USB

Wireless Cards

Atheros Cards

Atheros Wireless cards should work automatically with the new kernel by installing the proprietary driver. At installation, after the first reboot, you will be prompted whether to use the proprietary drivers.

It should no longer be necessary to install the following package:

sudo apt-get install madwifi-tools 

These instructions for the Atheros 802.11 b/g integrated card are here for reference only (or if you wish to install them manually instead):

madwifi-hal-0.10.5.6-current.tar.gz
  • Extract the files
  • Make sure your linux headers and build-essential packages are installed:
sudo apt-get install build-essential
sudo apt-get install linux-headers-$(uname -r)
  • Unload any drivers already running.
sudo ifconfig ath0 down
sudo ifconfig wifi0 down
  • Change to the directory where you extracted the driver.
cd <directory_where_driver_unzipped>
  • From that directory, run the installation scripts:
cd scripts
sudo ./madwifi-unload
sudo ./find-madwifi-modules.sh $(uname -r)
cd ..
  • Complete the installation by compiling the source and installing it.
sudo make
sudo make install
  • Add the installed drivers to your system.
sudo modprobe ath_pci

Following this, Network Manager was able to see the wireless card and I was able to configure everything else (WEP / WPA key, etc.) from there.

Complete instructions are available at MadWifi UserDocs.

Atheros AR242x

Alternate instructions for installing the Atheros AR242x card are here.

3G

3G protocols allow wide area cellular communications that include not only cellphone voice transmission but also integrated broadband internet connections. This can be integrated into a single device, or communications can be received through an EVDO adapter. Examples of 3G radio interfaces include Mobile WiMax, CDMA-2000, TD-CDMA, EDGE, and DECT. For info using 3G with the Ubuntu Network Manager, see this page. For additional info on using 3G with Ubuntu, see this guide.

he220r1

he220r1 is a (K)ubuntu driver package for the Huawei e220 USB modem. It has also been found to work with other 3G devices, such as Nokia, Sony Ericsson, and Motorola. See the website for download and installation instructions.

T-Mobile Option 225 (Web'N'Walk) Stick

This website offers a driver optimised for the T-Mobile Web'n'Walk Stick/Option 225.

Virgin Huawei e169

See this Ubuntu forum solution:

sudo gedit /etc/ppp/options

find the line that says:

#-chap

and uncomment it (delete #)

-chap

this (I think) disables CHAP authentication

I also had to change the APN to VirginBroadband instead of VirginInternet which was the default, and now it's happy.

Other settings
Number *99#
Uname <your virgin username>
PW <your virgin password>

EVDO Cards

EVDO cards include USB modems and adapters to receive wide-area cellular broadband Internet connections.

Sprint

Sprint EVDO cards can be used most easily through KPPP. For instructions, read the Sprint Mobile Broadband Setup Guide. Also see the EVDO Forums.

Verizon

See this Crystal Networking guide.

Tethering your PC to your Verizon cell phone

This is a per-minute plan in which you can use Verizon broadband services through your cell phone (such as the Motorola RAZR) connected to your PC via a USB cable. See this guide.

Digital Cameras

WebCams

See the Ubuntu webcam guide for more info. Many webcams that worked in Hardy Heron may not work in Intrepid Ibex. This may be due to a migration from v4l (video for Linux) to v4l2. See this discussion.

EasyCam

EasyCam2 is a utility for finding and installing drivers for your webcam. See these installation instructions.

iSight

Linux drivers for the digital iSight camera (connected by FireWire), using ALSA for sound, are here. The video component is already supported by current kernels (see here for more information).

Luvcview (USB webcam viewer)

Luvcview can be used to view your USB webcam to test it. Install:

sudo apt-get install luvcview

View your webcam:

luvcview -f yuv

Netbooks

Ubuntu can be installed on netbooks. (See this this page for laptop and netbook compatibility reviews.) At this time the Ubuntu Netbook Remix (or equivalent) is preferred to the standard Gnome-based desktop, especially for new users. Ubuntu Netbook Remix is provided to several individual netbook manufacturers (such as Asus and Acer) to be optimised for that device. (You can contact your specific netbook manufacturer for specific details on this product.) If you already have Ubuntu Netbook Remix (or eeebuntu Netbook Remix) installed, you can choose to add the full Ubuntu (Gnome) desktop, if you wish:

sudo apt-get install ubuntu-desktop
  • Asus eeePC 1000H
  • Reduce font size one or two sizes, and set the screen DPI to 120.
  • eeebuntu Netbook Remix is available for this device.
  • Dell Mini 9
  • Ubuntu Netbook Remix runs on this device well. See this guide.
  • HP Mini 1000 Mi
  • A custom edition of Ubuntu is installed on this version of this device. No additional configuration is necessary.
  • Samsung NC10
  • Some package should be installed for keyboard functions (FN Key+functions). The procedure to install these package is available in this forum.


Another method is to install Ubuntu onto your netbook from scratch using a USB flashdrive LiveCD.


Acer Aspire One

There are several Ubuntu-based and other Linux-based OS's specially customised for the Acer Aspire One. Some of them are:

Also see the Ubuntu website for detailed tweaks and fixes. More useful information can be found in the Ubuntu Linux sub-forum at aspireoneuser.com

Palm

Other

Mobile Devices

Ubuntu Linux offers an operating system for Mobile Devices (such as the Samsung Q1 Ultra or Elektrobit MIMD) with a unique and simplified interface. For more information see the Ubuntu MID Edition site.

GPS

Tux Mobil has a list of Linux applications for use with GPS devices, and compatible hardware. Two GPS packages are available from the Ubuntu/Kubuntu respositories:

  • Viking is a free open source package to view GPS data in maps, and to plot co-ordinates. This has been reviewed as the best Linux GPS mapping program.
sudo apt-get install viking
  • GPS Drive is a free navigation software package that displays your position on a zoomable map using your GPS device. It is GTK-based but can be used in Kubuntu. It uses the gpsd daemon that interfaces with a variety of GPS hardware. A .deb package of the current version is also available from the website. Install:
 sudo apt-get install gpsdrive
  • tangoGPS is a beautiful, lightweight GPS mapping program that uses map data from the Openstreetmap project. Is is a GPL-licensed open source project. A .deb package can be found here.

MP3 / Video Players

Sansa Fuze

The Sansa Fuze is a very high quality MP3 audio as well as video player. It is recognized by default as a USB device in Ubuntu/Kubuntu. To convert videos into a format that can be copied to the player, use Video4Fuze.

  • Install prerequisites:
sudo apt-get install wine
  • Download and install:
wget http://video4fuze.googlecode.com/files/video4fuze-0.4.1_all.deb
sudo dpkg -i video4fuze-0.4.1_all.deb
  • Convert files (mpg or mp4) using Video4Fuze. Do not use the Sansa Fuze player as the output folder, but use an output folder on your computer. Once the files have been converted, then copy them directly to a Video folder on the Sansa Fuze (using Nautilus in Ubuntu or Dolphin in Kubuntu).
  • I like k9copy to extract something (that I have saved) on a DVD to an mp4 (.avi) first. The Sansa Fuze likes video at 224 x 176 and DivX 4/5, so I extract to those specifications:
Menu -> Multimedia -> k9copy -> Input: DVD -> Output: MPEG-4 encoding -> folder icon: /home/user/Videos
k9configure -> MPEG-4 -> Video -> Codec: MPEG-4 (DivX 4/5) -> Width: 224 -> Height: 176
-> Audio: mp3 (lame) -> Bitrate: 128

I then use video4fuze to convert the extracted mp4 (.avi) into the format that the Sansa Fuze likes.

  • Limitations: At this time Flash videos (.flv) cannot be converted directly by Video4Fuze. You must convert flash videos to another format (such as .mpg or mp4/.avi) prior to Video4Fuze conversion, using a converter such as mencoder or ffmpeg (e.g. with WinFF as the GUI).

Networking

Network Manager

Network Manager is the default network manager in Ubuntu. It has a tray applet that allows you to switch between Internet connections (such as wireless APs or wired connection).

Wicd Network Manager

Wicd is a GTK-dependent networking manager written in Python that can be used in all variants of Ubuntu. Some users report it to be faster and more stable than Network Manager. To avoid networking conflicts, Wicd requires the removal of Network Manager prior to installation.

sudo apt-get install wicd

Set a static IP address

I couldn't get Network Manager to accept my static IP address settings manually. Here's the alternative method (which works for wired interfaces only, not wireless):

  • Remove Network Manager:
 sudo apt-get remove network-manager
  • Edit the /etc/network/interfaces file:
sudo kate /etc/network/interfaces
  • and replace the line (ok if line is missing)
iface eth0 inet dhcp
  • with the following lines (using your own LAN settings, of course):
auto eth0
iface eth0 inet static
address 192.168.0.35
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
gateway 192.168.0.1
  • Then restart networking:
sudo /etc/init.d/networking restart
  • Check to see if your settings are now correct:
ifconfig
  • If you need a static IP address and have a wireless connection, you have 2 choices:
  • Install the newer version of Network Manager from the launchpad repository:
  • Add the repository key (you need port 11371 open in your firewall to use the keyserver):
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys BC8EBFE8
deb http://ppa.launchpad.net/network-manager/ppa/ubuntu karmic main
deb-src http://ppa.launchpad.net/network-manager/ppa/ubuntu karmic main
  • Update
sudo apt-get update
or
  • Uninstall the network manager widget and install wicd
sudo apt-get remove network-manager
sudo apt-get install wicd

Wireless

Network Manager

Network Manager has been redesigned for Ubuntu and now works quite well. You should not require other network managers, and, in fact, more than one network manager can cause conflicts.

It can be accessed from the tray icon.

Manual configuration from the command-line

3 steps for WEP:

sudo iwconfig eth[N] essid [SSID]
sudo iwconfig eth[N] key restricted s:[PASSWORD]
sudo dhclient

WPA is more complicated:

su
mkdir /etc/wpa_supplicant
cd /etc/wpa_supplicant
echo network = { > wpa_supplicant.conf
echo ssid="SSID" >> wpa_supplicant.conf
echo key_mgmt=WPA-PSK >> wpa_supplicant.conf
echo psk="PRESHAREDKEY" >> wpa_supplicant.conf
echo } >> wpa_supplicant.conf
cd /etc/network
vim interfaces

Now add after "auto eth[N] ..." & "iface eth[N] .." (press 'i'):

wpa-driver wext # or whatever driver your network card needs
wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf

Save the file ('Esc', ':x', 'Enter') and restart your system.

Internet connection sharing (DHCP server)

In most LANs, an inexpensive router is used to provide DHCP functions (internet connection sharing).

However, DHCP services can also be provided by a single host computer on your LAN if it is directly connected to the Internet. (This is useful, for instance, if you have a 3G or other wireless EVDO connection to your computer which you want to share with the other computers on your LAN). Other client computers on your LAN would then connect to the Internet through your host computer's Internet connection. The host computer now essentially performs the DHCP functions of a router.

All "client" computers on the LAN ought to be connected to a central LAN switch or router. (If using a router, it should have its own DHCP functions disabled -- you shouldn't have 2 DHCP servers on a LAN unless you know how to nest LANs). They should all be set up to obtain DHCP-assigned dynamic IP addresses and use the same LAN subnet settings (which in the example below is LAN IP range 10.0.0.1 - 10.0.0.250 with netmask 255.255.255.0 and gateway 10.0.0.1). The host computer to be used as the gateway/DHCP server is then connected (through its own ethernet port) either to one to the ports of the switch (if used), or to a LAN port of a router (don't use the WAN port). The host computer then connects directly to the Internet (WAN) through a second port (which in the example below will be a wireless (wifi) port (wlan0)).

(Note: This setup is easiest if you connect all computers on the LAN with Ethernet cables to the central switch or router. But also see using a nested wireless LAN router below.)

(Note: If you want your LAN to use the same subnet as your WAN, see network interface bridging.)

  • Install the DHCP server and firewall programs:
sudo apt-get install dhcp3-server firestarter
  • Rename the startup command (through a symbolic link) for the DHCP server. This is required or Firestarter will not know where to find it:
sudo ln -sf /etc/init.d/dhcp3-server /etc/init.d/dhcpd
  • Edit the DHCP server configuration file:
sudo nano -w /etc/default/dhcp3-server
Change the line
INTERFACES=""
to
INTERFACES="eth0"
  • Restart the DHCP server:
sudo dhcpd restart
  • Right click on Network-Manager -> Edit Connections... -> Wired -> Add
-> Connection name: Shared internet connection
-> IPv4 Settings -> Method: Manual -> Add
-> Address: 10.0.0.1 -> Netmask: 255.255.255.0 -> Gateway: 0.0.0.0
-> Available to all users: [x]
  • Attach the ethernet cable to (eth0).
Network-Manager -> Wired Networks -> Shared internet connection
  • Adjust your firewall to allow the internet connection sharing. Start Firestarter:
sudo firestarter
  • Tell the firewall which port is your direct Internet Connection:

Firestarter -> Preferences -> Firewall -> Network Settings -> Internet connected network device: (wlan0)

-> IP address is assigned by DHCP: [x]
  • Tell the firewall which port is for the LAN, and specify the details for the LAN:

Firestarter -> Preferences -> Firewall -> Network Settings -> Local network connected device: (eth0)

-> Enable internet connection sharing: [x]
-> Enable DHCP for the local network: [x]
-> DHCP server details -> Create new DHCP configuration -> Lowest IP address to assign: 10.0.0.2
-> Highest IP address to assign: 10.0.0.250 -> Name server: <dynamic>
Note: Use your own desired LAN settings (internal DHCP-assigned dynamic IP address range), of course. In this example I don't use the full IP range 10.0.0.2 - 10.0.0.255 for dynamic IP addresses because I want to reserve some LAN addresses (10.0.0.251 - 10.0.0.255) to be used as static IP addresses).
  • Notes:
  • If you wish to use this setup all the time, make the "Shared internet connection" profile your default connection profile in Network Manager.

Using a nested wireless LAN router

Many users will already have an established LAN that uses an existing wireless router and has client computers that are setup to connect wirelessly to the router. Here's how to maintain this setup and still use the internet connection sharing method of a single host computer as described above. This method is known as nested LANs. The wireless router will serve as a nested LAN for its wireless clients (only), but in turn will appear as a single device to the main LAN. The two LANs must have different IP ranges. For example, the main LAN may have an IP range 10.0.0.1 - 10.0.0.255 (with netmask 255.255.255.0), as in the above example. The router's nested wireless LAN must then use a different IP range (for example 192.168.0.1 - 192.168.0.255 with netmask 255.255.255.0).

  • Do not use your wireless router's WAN (Internet) port.
  • Connect the host computer (to be used as your main LAN gateway/router) to a LAN port (not the WAN/Internet port) of the wireless LAN router.
  • Configure your wireless router's LAN so that it appears to be a single device to the main LAN:
  • Setup your wireless router so that the Internet Connection type is "Static IP" (often in the "Internet Setup" section). Configure the settings so that its "Internet IP address" is within the static IP address range of your main LAN (e.g. 10.0.0.254), and make sure the subnet mask matches the one you chose for your main LAN (e.g. 255.255.255.0). The gateway setting should be set to match the IP address of your host computer of the main LAN (e.g. 10.0.0.1 in the example of the preceding section). Now the wireless router will appear to the host computer as just another device on the main LAN.
  • If your wireless LAN is already functioning, you probably don't have to change any settings, but double-check to make sure the schema are compatible. Configure the wireless router's settings for the nested wireless LAN. This is done by enabling the router's DHCP server functions (in "Network Setup" or some similar configuration section of the router). The router ought to have as its own wireless LAN gateway address a "local IP address" (or "LAN IP address") of 192.168.0.1 (for the IP address range used in this example), and a "starting IP address" (for the DHCP-assigned dynamic IP address range to be used for the wireless clients) to be 192.168.0.2 or greater. (Some routers ask you to specify the entire range (such as 192.168.0.2 - 192.168.0.255.)
  • Make sure all your wireless client computers are set to obtain their DHCP-assigned dynamic IP addresses from the wireless router (gateway IP 192.168.0.1) instead of from the main LAN gateway.
  • Now all communications from the wireless client computers will be routed to the wireless LAN router first, which will then in turn route them to the host computer (which is acting as the main LAN gateway/router), which will then in turn route them to the Internet (WAN).
  • Note: The host computer for the main LAN must have a static IP address (e.g. 10.0.0.1 as in the example of the preceding section) and it must match the gateway IP address configured in the wireless LAN router settings.

Network Interfaces Bridging

  • Install bridge-utils to be able to create network bridges:
sudo apt-get install bridge-utils
  • Edit /etc/network/interfaces:
sudo nano /etc/network/interfaces

The interfaces file should look like this after editing it:

auto eth0
iface eth0 inet manual
#
auto br0
iface br0 inet dhcp
#
bridge_ports eth0 wlan0
#
# The loopback network interface
auto lo
iface lo inet loopback
  • Restart networking with:
sudo /etc/init.d/networking restart

Using Dynamic IP addresses for a webserver

Normally, domain name servers (DNS) that are used publicly on the Internet match a web server's URL name with the IP address of the server's host computer. If your computer has a static IP address, then you can publish your own web server's URL as belonging to the static, unchanging IP address of your computer.

However, if your IP address is dynamic (always changing) because you use an ISP (Internet Service Provider) that constantly changes your IP address (using DHCP), then you will need a DNS service to constantly keep track of your dynamically changing IP address and match it to of your web server's URL. Fortunately, there are a few DNS services that will do this for you, either for a small fee or even for free. For more info, see this Ubuntu help article.

For specific tips on setting up this service, see this article.

Filesharing

NFS

NFS is the default networking protocol for network file sharing in *nix systems (including Ubuntu Linux).

Samba File Sharing

Samba client

Samba is a networking protocol that allows compatibility with Windows-based networks. The Samba client is installed by default in Ubuntu Jaunty and should work seamlessly (unless you have have a firewall blocking the ports).

Samba server

The following instructions are to install a Samba server (which is not installed by default). This allows you to share your files over a Samba (Windows) network to other Samba clients.

  • Install Samba:
sudo apt-get install samba samba-tools system-config-samba smbfs
Note: samba-tools, system-config-samba, and smbfs are optional.
  • Modify Samba settings.
  • Method 1:
System -> Administration -> Advanced -> Samba
(Note: this is available only if you installed system-config-samba.)

It is recommended that your user be a member of the sambashare group, as well.

  • Method 2:
Enable File Sharing Server With User Login (Very Reliable Method)
Do the following on the machine that has the files to be shared:
  • Add current user to Samba:
sudo smbpasswd -a username
(replacing username with your login username)
  • Open the samba config file:
sudo nano /etc/samba/smb.conf
  • Add the directories to be added (right at the end) in the following format:
[Pictures]
path = /home/username/<folder_to_be_shared>
(Replace username with your username and <folder_to_be_shared> with the folder you want to share)
Press CTRL+X and then Y to save.
  • Restart Samba
sudo /etc/init.d/samba restart
  • On Windows access the folder in the following format in Windows Explorer:
\\192.168.x.x
(replace 192.168.x.x with the actual IP address of your server which is serving the folder)
  • On Linux type the following in Konqueror or Nautilus:
smb://192.168.x.x
(replace 192.168.x.x with the actual IP address of your server serving the folder)

Note: If you use Sharing in KDE's System Settings panel, be aware that there is a small bug, reported here. In brief, you need to comment out/delete any instances of these two lines in /etc/smb.conf :

case sensitive
msdfs proxy

Change your Workgroup

To change your Samba (Windows network) workgroup:

sudo nano /etc/samba/smb.conf

Look for the line:

workgroup = WORKGROUUP

and change the setting to whatever your LAN workgroup is.

Recognizing Win98 machines

Microsoft networking is extremely quirky. To enable recognition of PCs with Windows 98, edit your Samba configuration file:

sudo nano /etc/samba/smb.conf

Then add the following lines to the file:

[global]
# THE LANMAN FIX
client lanman auth = yes
client ntlmv2 auth = no

Integrating into Mac OS X Network

See this guide for information on integrating Ubuntu into an existing Mac OS X Appletalk network.

Local Area Network

Modems / Dial-up

GPPP is the default modem dialing application.

Applications -> Internet -> GPPP Internet Dial-up

Remote Access

There are several methods of remote access. VNC sharing allows you to view and control a remote computer's desktop. (Windows users use a similar proprietary protocol called remote desktop protocol (RDP)). XDMCP allows a complete remote X-windows based login. Remote connections are hazardous unless proper security precautions are taken to prevent unauthorized logins and to ensure encryption of transmitted data.

SSH

Secure Shell or SSH is a network protocol that allows data to be exchanged over a secure channel (or "tunnel") between two computers. Encryption provides confidentiality and integrity of data. The OpenSSH client is installed by default in Ubuntu so you can connect to another computer that is running an SSH server.

Connect to a remote SSH server
From the command-line terminal

Install the OpenSSH client (if not already installed):

sudo apt-get install openssh-client

From the command-line Terminal type:

ssh -C <username>@<computer name or IP address>
Note: The -C option indicates compression, which speeds up transmission through the tunnel.

For example:

ssh -C joe@remote.computer.xyz
or:
ssh -C mike@192.168.1.1
or
ssh -C 192.168.1.1 -l mike
Note: -l specifies the login id.


If the SSH server is listening on a port other than port 22 (the default), you can specify that in your connection (with the -p option). For example, if the SSH server is listening on port 11022, connect:

ssh -C joe.friday@remote.computer.xyz:11022
or
ssh -C remote.computer.xyz -p 11022 -l joe.friday

If you have made a public/private key using ssh-keygen, the private key must be stored in /home/user/.ssh. The key should be accessible only to user

sudo chmod 600 /home/user/.ssh/identity
or
sudo chmod 600 /home/user/.ssh/id_rsa 

To login with the key:

ssh -C remote.computer.xyz -p 11022 -l joe.friday

Note: You can run the command as a menu item, but the command must be "run in terminal."

Port forwarding through SSH
  • In brief, use
ssh -C <remote ip> -p <SSH tunnel port> -L <local port>:<remote computer>:<remote port> -l <user>

This specifies that any communications from your computer (localhost) going out through <local port> will be transmitted securely through the the SSH tunnel port. To use VNC through the tunnel, you would use an application like Krdc or Vinagre:

krdc vnc://localhost:<local port>

Note: localhost is equivalent to (and interchangeable with) 127.0.0.1. Either can be used.

Note that for VNC, the default <local port> is 5900. In general, a remote VNC server (such as X11VNC) is also listening on the default <remote port> 5900 as well. The default <SSH tunnel port> is 22, as discussed above. All these can be changed, however, if you desire greater security.

For me, I noticed that I had to set <remote computer> to be the internal LAN IP address of the remote computer (such as 192.168.1.155) instead of the remote router's IP address, which is specified in <remote IP>. (If the remote computer has a static IP address (i.e. is directly connected to the Internet without an intervening router), then <remote computer> and <remote ip> would be the same.)

Example: For extra security, my SSH Server uses <SSH tunnel port>=11022. I want to VNC to a remote computer on a remote LAN with a router whose IP address is <remote ip> = 244.205.123.123. The remote computer to which I want to connect has a static IP address within the remote LAN of <remote computer> = 192.168.1.155. I have set up an X11VNC server on this computer that is listening on <remote port> = 6912 (instead of the default 5900). I setup port forwarding on the router of this remote LAN to forward port 6912 to this server computer. I want to VNC to this remote computer from my laptop, through the Internet. My laptop VNC client (Krdc) will use the default <local port> = 5900. My name is <user> = joe.friday. This is my story.

ssh -C 244.205.123.123 -p 11022 -L 5900:192.168.1.155:6912 -l joe.friday
krdc vnc://localhost:5900

If you have set up a private/ public key pair with a passphrase, or if your SSH server requires a passphrase, of course, you will be prompted for the passphrase after issuing the SSH command.

Note: Port forwarding assumes that the ports are also forwarded through the router(s) and through any firewalls. See the documentation for your router(s) and firewall to learn how to do this. The advantage of SSH tunneling is that only the <SSH tunnel port> needs to be open and forwarded by a router. All encrypted communications will go through your router using this single port. This is what makes the communications secure.

A combined command might be:

ssh -C -f -l joe.friday -L 5900:192.168.1.155:6912 244.205.123.123 -p 11022 sleep 5; krdc --fullscreen vnc://127.0.0.1
PuTTY

PuTTY is a GTK-based GUI client-interface for SSH connections and eases the setup for port forwarding, SSH public key authentication, and automated login. A user would run Putty to create the SSH tunnel (instead of the ssh command) and then run a program such as Krdc or Vinagre. PuTTY is available for both Linux and Windows (but for routine Linux usage OpenSSH is generally recommended instead).

sudo apt-get install putty putty-tools
  • To create a 2048-bit RSA key pair compatible with OpenSSH, it is possible to use Puttygen (part of Putty-tools). (For me the Linux version of Puttygen is occasionally buggy, however, so I recommend OpenSSH keygen for routine usage instead):
puttygen -t rsa -b 2048 -O private -o putty_rsa.ppk
puttygen putty_rsa.ppk -O public-openssh -o id_rsa.pub
puttygen putty_rsa.ppk -O private-openssh -o id_rsa
  • Move the OpenSSH-compatible keys to the ~/.ssh (i.e. the /home/user/.ssh) folder
mv id_rsa* ~/.ssh
  • Copy the public key ( /home/user/.ssh/id_rsa.pub ) to the server that is hosting the OpenSSH server, into the /home/serveruser/.ssh (for whichever user is the administrative user for the server -- generally the user that installed the server initially). If the SSH tunnel is (still) set at default port 22, you can copy the key using the utility:
ssh-copy-id serveruser@remoteserver.computer.xyz
  • Connect a VNC client (such as Krdc) through SSH using the command-line:
putty -ssh -i ~/.ssh/id_rsa -l serveruser -L 5900:127.0.0.1:5900 remoteserver.computer.xyz -P 22
krdc vnc://127.0.0.1:5900
or as a single command:
putty -ssh -i ~/.ssh/id_rsa -l serveruser -L 5900:127.0.0.1:5900 remoteserver.computer.xyz -P 22 sleep 5; krdc vnc://127.0.0.1::5900
  • Alternatively, the PuTTY SSH Client GUI can be run (from Menu -> Internet -> PuTTY SSH Client) and options configured from there.
Using keys created by Puttygen in OpenSSH

The public security key generated by Puttygen in Windows is generally not compatible with OpenSSH security keys unless it is edited. For example, the default OpenSSH key is 2048-bit RSA (SSH-2). When a 2048-bit RSA (SSH-2) PuTTY public/private key pair is generated (by Puttygen) in Windows (see this tutorial), the public key looks like:

---- BEGIN SSH2 PUBLIC KEY ----
Comment: "rsa-key-20100302"
AAAAB3NzaC1yc2EAAAABJQAAAQEAjdp567qxsGkhELlMQup2mXHdsveCWq/maU6k
unPpbkwEuhkasuOrhkAWgv5v3d8S857zdHcfnXWi2FkEaJuFxqpJ2IkFuvqRdqYD
ZCcASj2S0LoXdWpC4uon6VH8oBT31r+wkDfmI2a+K74jgXjtm1BWWxwOpKaWQHi9
YItbY/06renRex34n3ejO20JRqD/BxnFU7ND41Szo3ZMKoa0yzhevU2ntt74BCvC
bYFHdSoRbi3AH8qGInzFfhXPdrG8qA382ZKEh5Bmy8Qxb9Uen/+jjP51YxN/ykee
RwSrdSCZekB6jN6uuTLNDEXJSJizqlPU8tROqf3pYv1kxzD9bw==
---- END SSH2 PUBLIC KEY ----
  • To be used by OpenSSH, the saved public key must be edited.
  • Delete the first two lines (with the BEGIN and Comment: in them) and the last line.
  • Join the remaining lines into a single line.
  • Place ssh-rsa at the beginning.
  • It should end up looking like:
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAjdp567qxsGkhELlMQup2mXHdsveCWq/maU6kunPpbkwEuhkasuOrhkAWgv5v3d8S857zdHcfnXWi2FkEaJuFxqpJ2IkFuvqRdqYDZCcASj2S0LoXdWpC4uon6VH8oBT31r+wkDfmI2a+K74jgXjtm1BWWxwOpKaWQHi9YItbY/06renRex34n3ejO20JRqD/BxnFU7ND41Szo3ZMKoa0yzhevU2ntt74BCvCbYFHdSoRbi3AH8qGInzFfhXPdrG8qA382ZKEh5Bmy8Qxb9Uen/+jjP51YxN/ykeeRwSrdSCZekB6jN6uuTLNDEXJSJizqlPU8tROqf3pYv1kxzD9bw==
  • Once the PuTTY public key is in this format, it can be appended to the ~/.ssh/authorized_keys file on the OpenSSH server. (The private key stays on the client computer, of course). PuTTY can then connect (from Windows or Linux) to an OpenSSH server using the public/private key method.
Connect using SSH Agent

With SSH Agent you can automate the use of public key authentication and open an XDM or VNC session using a script. See this tutorial.

Also see this alternative simple approach: Connect with SSH and start an application with a single command.

Setup an SSH server
sudo apt-get install openssh-server

Note: The OpenSSH server can also be installed when doing a server installation as an option from the LiveCD.

Note: An OpenSSH server can also be set up on a Windows server using Cygwin. See these instructions.

  • Don't forget to forward the port on which your OpenSSH server is listening. The default SSH port is 22; if the default is used, the router should therefore forward port 22 to the computer on the LAN that is hosting the OpenSSH server. The OpenSSH listening port can be changed; in fact, each computer on the LAN can listen on its own unique SSH port, if desired. The router must forward each specified listening port to the correct computer. Therefore, if computer 1 has its OpenSSH server set to listen on port 22221, then the router should forward port 22221 to computer 1's LAN IP address. If computer 2 has its OpenSSH listening port set to 22222, then obviously the router must forward port 22222 to computer 2's LAN IP address. To change the listening port of the OpenSSH server, edit the /etc/ssh/sshd_config file:
sudo gedit /etc/ssh/sshd_config

and change the listening port from 22 to your desired listening port:

Port 22221

then restart the OpenSSH server:

sudo /etc/init.d/ssh restart
Limit authorized SSH users
OpenSSH Public Key Authentication

See this OpenSSH Public Key Authentication Tutorial.

In brief, it is necessary to generate a public / private key pair. On your client machine, generate the pair:

ssh-keygen

A prompt asks for a passphrase. If you wish to use OpenSSH without a password from a secure client (to which no one but you has access), leave the passphrase blank. If you enter a passphrase, you will be asked for this passphrase each time you use the SSH client. By default, a 2048-bit RSA SSH-2 key pair is generated and stored in the /home/user/.ssh folder. The private key is named id_rsa and is meant to stay in that folder. (The public key is id_rsa.pub and is meant to be copied to the OpenSSH server.)

  • The private key must only be accessible (and should be read-only) to user, the owner of the file:
chmod 600 /home/user/.ssh/id_rsa
You could also make the entire .ssh folder accessible only to user:
chmod 700 /home/user/.ssh
  • Copy the public key ( /home/user/.ssh/id_rsa.pub ) to the server that is hosting the OpenSSH server, into the /home/serveruser/.ssh (for whichever user is the administrative user for the server -- generally the user that installed the server initially). If the SSH tunnel is (still) set at default port 22, you can copy the key using the utility:
ssh-copy-id serveruser@remoteserver.computer.xyz
  • The ssh-copy-id utility only works over port 22. An alternative if you have changed your SSH port is to copy the /home/user/.ssh/id_rsa.pub key to the server manually. On the server make sure the directory /home/serveruser/.ssh exists and that there is a file authorized_keys (with write privileges) in that folder. If not, create such a file while logged into the server as serveruser (the touch command creates an empty file):
mkdir ~/.ssh
cd ~/.ssh
touch authorized_keys

Then concatenate the id_rsa.pub key you have copied to the ~/.ssh folder. (Make sure the owner of id_rsa.pub, after copying, is serveruser.):

cd ~/.ssh
chown serveruser id_rsa.pub
cat authorized_keys id_rsa.pub >> authorized_keys
  • Make sure the OpenSSH server knows to look for the key file. On the remote server, edit the OpenSSH configuration file:
sudo nano /etc/ssh/sshd_config
  • Uncomment the line (i.e. remove the # at the beginning of the line):
#AuthorizedKeysFile %h/.ssh/authorized_keys
  • Remove the ability to login to the OpenSSH server using password authentication:
 sudo nano /etc/ssh/sshd_config
  • Change the line
#PasswordAuthentication yes
to
PasswordAuthentication no
  • Restart the OpenSSH server:
sudo /etc/init.d/ssh restart
  • Now you can connect securely with an SSH tunnel without requiring a password, logging in as serveruser.
ssh -l serveruser -L 5900:127.0.0.1:5900 remoteserver.computer.xyz -p 22
Connect with SSH and start an application with a single command
  • If you have created an OpenSSH key pair (without a password), you can start both the SSH tunnel and a VNC program (such as Krdc or Vinagre) to run through the SSH tunnel with a single command:
ssh -f -l serveruser -L 5900:127.0.0.1:5900 remoteserver.computer.xyz -p 22 sleep 5; krdc vnc://127.0.0.1::5900
  • Alternatively (and probably preferably) you can create a Menu Item / Shortcut with the above command.

Note: This command is a command-line mini-script. The SSH option -f option tells the SSH client to fork into the background after starting. (This option is not available in the PuTTY client.) This allows the command line to continue to proceed to the next command(s) listed on the command line mini-script. The 5 second wait ("sleep") timeout allows time for the SSH tunnel to be created before proceeding to the next command. (This can be lengthened if necessary.) After the wait period, the program (Krdc VNC in this example) is started.

  • Of course, any program could be started (to be run through the SSH tunnel) in this fashion, not just a VNC program.

VNC

Virtual Network Computing (VNC) mirrors the desktop of a remote ("server") computer on your local ("client") computer (it is not a separate remote login, as is XDMCP). A user on the remote desktop must be logged in and running a VNC server (such as X11VNC, Vino, or Krfb). Keyboard and mouse events are transmitted between the two computers. VNC is platform-independent —- a VNC viewer on one operating system can usually connect to a VNC server on any other operating system.

Vino Remote Desktop VNC server

Vino-server (the Gnome VNC server) is included by default in Ubuntu. Start:

System -> Preferences -> Remote Desktop

  • You can accept uninvited connections in the Security section. You can require a password for these connections.
  • This implementation of Vino does not allow changing the default listening ports (which start at 5900). If you wish to customize your VNC connection, use X11VNC instead.
How to securely use VNC with SSH tunneling

It is less secure to leave the VNC listening port open to the Internet, even with a password. (This can expose you to password cracking attempts.)

It is more secure to use SSH to tunnel your VNC connection. Under SSH port forwarding, the VNC listening port is the <remote port>. To increase security, this listening port can be changed from the default 5900. Only the VNC server and the SSH client need to specify the <remote port> in a secure connection.

X11VNC Server

While Vino is easy to use, X11VNC allows far more customization and therefore can be used more in situations where greater security is needed.

  • Install an X11VNC server to share your desktop with other computer:
   sudo apt-get install x11vnc
  • Run X11VNC without a password:
x11vnc -forever -rfbport 5900
Note: -rfbport 5900 specifies the port to listen on. The port number can be changed. This option is not required if the default port 5900 will be used. Don't forget to open/forward this port in your firewall/router. By default X11VNC server exits after the first client disconnects. To keep it running (and allow future connections), use the -forever option. See here for more command line options.
  • Create a password to use with X11VNC:
mkdir ~/.vnc
x11vnc -storepasswd YOUR_PASSWORD ~/.vnc/x11vnc.pass
  • X11VNC can then be started with a password:
x11vnc -forever -rfbport 5900 -rfbauth ~/.vnc/x11vnc.pass -o ~/.vnc/x11vnc.log -loopbg -display :0
  • You can create a startup script so that X11VNC is automatically loaded at startup (with password settings):
echo "/usr/bin/x11vnc -forever -rfbport 5900 -rfbauth ~/.vnc/x11vnc.pass -o ~/.vnc/x11vnc.log -loopbg -display :0" > ~/.config/autostart/x11vnc.sh
chmod +x ~/.config/autostart/x11vnc.sh
  • You can test the startup script:
~/.config/autostart/x11vnc.sh
Using VNC with SSH

See Port forwarding through SSH for additional information.

Vinagre VNC client

Vinagre is the default Gnome-based VNC client used in Ubuntu.

  • Applications -> Internet -> Remote Desktop Viewer
Terminal Server Client

The Terminal Server Client is an Ubuntu/Gnome frontend for rdesktop (for RDP connections to Windows computers) and one of several vncviewer clients (for VNC connections). In can be used instead of Vinagre.

  • Applications -> Internet -> Terminal Server Client
  • To use it with VNC, one of the VNC clients must be installed first. For example, install the TightVNC client:
sudo apt-get install xtightvncviewer
  • Note that the TightVNC client can be used from the command line (or as a menu item) directly:
vncviewer 192.168.0.12::5900
where 192.168.0.12 is an example host location that is running a VNC server on port 5900. For more command-line options, use
man vncviewer
Krdc VNC client

Krdc is the default VNC client in Kubuntu/KDE. It can be used for both VNC and RDP connections.

  • K-Menu -> Internet -> Krdc
  • The command-line connection (for use as a menu-item, for example) is:
krdc vnc://<remote IP>
  • If the remote (Krfp) VNC server is using a <remote port> other than the default 5900 port, use
krdc vnc://<remote IP>:<remote port>
  • Krdc can also connect to a Windows server using RDP (Remote Desktop Protocol).
krdc rdp://<remote IP>:<remote port>
Using a VNC client with SSH

See this howto for an automated setup using a script (it did not work for me, but it might for you).

In brief, you would initiate an SSH tunnel with port forwarding using Putty or the command line:

ssh -C <remote ip> -p <SSH tunnel port> -L <local port>:<remote computer>:<remote port> -l <user>
then you would start a VNC client such as Krdc:
krdc vnc://localhost:<local port>

<local port> will usually be the default 5900, in which case you could simply use

krdc vnc://localhost
XVNC4Viewer VNC Client

XVNC4Viewer is an alternative to Vinagre or the Terminal Server Client (vncviewer). Install:

sudo apt-get install xvnc4viewer

FreeNX

FreeNX is a remote desktop display server/client solution that natively incorporates SSH tunneling (unlike VNC). It is therefore more secure than VNC (unless VNC is coupled with SSH tunneling).

FreeNX Server

The Free server .deb package can be downloaded from No Machine free server downloads.

sudo add-apt-repository ppa:freenx-team
  • Install the package:
sudo apt-get update
sudo apt-get install freenx
FreeNX Client

Download the self-installing .deb file from No Machine Client downloads.

XDMCP

XDMCP allows a separate remote login by an authorized user. This login is separate from the local user.

  • XDMCP is not secure over the Internet and should only be used within a LAN. It cannot be tunnelled through SSH. It is turned off by default in Ubuntu. To enable it, edit the configuration file:
gedit /etc/gdm/custom.conf
  • Find and change (or add) the line from false to true so that it reads:
[Xdmcp]
Enable=true

Telnet

VPN clients

A VPN (Virtual Private Network) allows a secure encrypted connection ("tunnelling") over the Internet between a client (either standalone or on a separate LAN) and a home or corporate LAN server.

VPN through Network Manager
  • The default Network Manager in Ubuntu/Kubuntu has a VPN client available. This includes support for IPSec and Cisco-compliant VPN connections. Install:
sudo apt-get install network-manager-vpnc
  • To connect to a VPN network using OpenVPN (SSL), install the plugin:
 sudo apt-get install network-manager-openvpn
  • To connect to a VPN network using PPTP (MS Windows servers), install the plugin:
sudo apt-get install network-manager-pptp
  • Configure:
Network Manager icon (in system tray) -> VPN Connections -> Configure VPN
Other VPN clients

Standalone VPN clients based on protocol are available (but not necessary if using Network Manager):

  • vpnc, grml-vpn -- for Cisco-compliant (IPSec) VPN networks
  • openswan -- for IPSec (OpenSwan) VPN networks
  • pptp-linux -- for PPTP (MS Windows-compliant) VPN networks
  • openvpn, gadmin-openvpn-client -- for OpenSSL (OpenVPN) VPN networks

VPN servers

OpenVPN

OpenVPN is a free, GPL-licensed open-source cross-platform VPN solution based on OpenSSL (not IPSec). Install the server (then see the website for further installation instructions):

sudo apt-get install openvpn bridge-utils

A GUI configuration utility (GTK-based) is available:

sudo apt-get install gadmin-openvpn-server

Also see these installation tips.

Poptop (PPTP Server)

Poptop is a free open-source PPTP-based VPN server compatible with MS-windows PPTP clients. Install:

sudo apt-get install pptpd
OpenSwan

OpenSwan is the open source implementation of IPSec-based VPN connections for Linux (and is a successor to FreeSwan). Install:

sudo apt-get install openswan linux-patch-openswan

WebDAV

WebDAV is a method for allowing remote access to local folders via an HTTP-based web browser. This can be combined with user authentication (using LDAP or other password mechanism).

Security

Ubuntu by default is a fairly safe system. However, if you intend to use Ubuntu as a server, or for critical applications in which loss of data (by accident or by malicious intrusion) would be disastrous, you should learn how to make Ubuntu more secure. A good introduction to Ubuntu Security Best Practices is available. Recommended reading includes the book Cyber War by Richard Clark.

Firewall

Network communications go through "channels" called ports. You can restrict which ports are available ("open") for network communications, creating a barricade to unwanted network intrusion. Firewalls do this job for you. But I guarantee that if you install one before you know how to use it that one or more networking programs on your system will stop working. Read every bit of documentation about a firewall before installing it -- you won't regret the time invested. All of these packages modify iptables, which is the set of rules that controls network access in and out of your computer. (You can modify iptables manually from the command line, as well, but if you are that much of an expert, you probably don't need this guide.) Also see the official Ubuntu documentation.

Firestarter

Firestarter is an intuitive firewall manager used to set the iptables values which provide firewall capabilities in Linux (including Ubuntu). It has a very easy-to-use GUI.

sudo apt-get install firestarter

Guarddog

Guarddog is a GUI firewall configuration utility that has been used for KDE. It has a complex array of configuration, and is difficult to use for some beginners.

sudo apt-get install guarddog

Uncomplicated Firewall

Uncomplicated Firewall is installed in Ubuntu by default, but all ports are open initially. It is configurable through the command-line interface. See this forum thread, or this usage tutorial, or Ubuntu community help for tips on how to set up and use it. If not installed, it can be installed:

apt-get install ufw
Gufw

Gufw is a graphical user interface for Uncomplicated Firewall. Install:

sudo apt-get install gufw

Anti-virus

If you are running a file server, interface frequently with Windows drives, or use virtualization, you will want a virus checker for your Windows files.

ClamAV

ClamAV is the open source virus tool for Linux. To install ClamAV:

sudo apt-get install clamav

AVG

AVG offers a free virus scanner for Linux in a .deb package. Download and install from the website.

Avast

Avast offers a Linux edition (for home users only) in a .deb package. Download and install from the website.

Anti-spam

Spam Assasin

SpamAssasin is written in perl, and is mostly for use with a server (such as a groupware server or Apache). Install:

sudo apt-get spamassassin

Rootkit checkers

Rootkits are malicious trojan-like programs to allow an intruder to become a root user and therefore have complete administrative control over the system. There aren't many rootkits in the wild for Linux. Still, this is a growing security problem (especially in other operating systems) and it is a matter of time before more rootkits appear in Linux. Checking for rootkits isn't always successful from a system that is already infected. Your rootkit checker should therefore be run from another system, or a USB pendrive with a Ubuntu LiveCD installation. See the rootkit checker manuals for instructions how to do this. If you are infected with a rootkit, you must backup all your files and re-install your system. (Thank goodness this is easy with Ubuntu, unlike with other operating systems).

Chkrootkit

Chkrootkit checks locally for signs of a rootkit. See the chkrootkit manual for usage instructions.

Install:
sudo apt-get install chkrootkit
Run:
sudo chkrootkit

Rootkit Hunter

Rootkit Hunter is compatible with (K)ubuntu systems. See the usage instructions.

Install:
sudo apt-get install rkhunter
Run:
sudo rkhunter

Malicious commands to avoid

There are many malicious commands to be avoided in Linux (as in all operating systems). It is worthwhile to be aware of these dangerous commands so that they are not executed by accident or by malicious advice. The list of dangerous commands is also posted here for reference since this is important information to stay aware of.

Servers

Many server packages (such as Apache2, MySQL, PHP, etc.) can be installed individually, on either a Desktop edition or a Server edition (using the tasksel command described below). It is not necessary in general, therefore, to install Ubuntu Server if you only wish to use an occasional server package on a Desktop edition. Most of the instructions for individual server packages will work on the Server edition, on the Desktop edition, or on a Server edition that has had an Ubuntu or Kubuntu desktop installed on it.

Nevertheless, the Server edition is optimised for speed and ease of monitoring and maintenance when implemented in large networks and is therefore recommended. (For complete information see the Ubuntu Server Guide.) It is always possible to add an Ubuntu (Gnome) or Kubuntu (KDE) GUI desktop to an Ubuntu Server at any time.

Note that Karmic Koala is not a long-term support version, and there are changes from Hardy Heron to Karmic Koala (including an occasional new bug). Unless new features, such as Xen (virtualization) support or the Tomcat (Java) server, are desired, some users recommend the most recent Long Term Support (LTS) version (8.04 Hardy Heron) for stability.

(If you are attempting to create a dual-boot or multi-boot configuration with multiple operating systems on your computer, then see these tips.)

(Tip: During installation of the server, an initial user / password is created. Many servers are intended to run unattended with little subsequent intervention and it can be easy to forget the original user / password pair that is created at installation. I suggest writing this information down and taping it to the inside of the computer case cover for later reference. (Lock the computer case if you desire extra security.))

There are many server packages that are available to be installed during the Server edition installation process (from the LiveCD menu). It is not critical to install them at the outset, however, because they can also later be added (as a one-step task) using the tasksel command. For a list of server packages that can be installed at any time using the tasksel command:

sudo tasksel --list-tasks

Ultimate Server Walkthrough

  • Here is an installation walkthrough of an ultimate server for Ubuntu. Using instructions from Ubuntuguide, this ultimate server has two wikis (MediaWiki), two Drupal websites, a Moodle online learning website, a BigBlueButton teleconferencing server, an Ubuntu desktop, and dynamic DNS access from the web. All components can be expanded and/or additional servers added.
  • To run multiple servers on multiple computers on a LAN using only a single IP address and router, see this solution using reverse proxies in Apache.

Add a desktop to an Ubuntu Server

Packages that require server capabilities (such as Drupal with Apache, etc.) are often happier when a Server edition is installed as the base OS. However, adding a desktop can make the administration and maintenance of many packages easier for many users (albeit with a cost of reduced server speed). Add an Ubuntu (Gnome) or Kubuntu (KDE) desktop to a server using:

sudo apt-get install ubuntu-desktop
or
sudo apt-get install kubuntu-desktop

LAMP server installation

During server installation, you will have the option of installing a LAMP (Linux, Apache, MySQL, pHp) server stack. Many (but not all) open source servers use this integrated server stack. Drupal, for example, needs to have a LAMP server installed. If you intend to install a groupware server, however, make sure it is compatible with a LAMP server stack before choosing this option. Many groupware servers will install LAMP (or their own variation) automatically, so you do not need to install the LAMP stack. Others will install and use postgreSQL instead of MySQL, so you would not need to install a LAMP server.

Apache2 + MySQL + PHP

This is the preferred method:

sudo tasksel install lamp-server

(Tip: During installation of the LAMP server, an initial MySQL "root" user password is created. This information will sometimes be needed when installing other server packages that use MySQL. I suggest writing the MySQL password down and taping it to the inside of the computer case cover for later reference. (Lock the computer case if you desire extra security.))

Other servers

During server installation, you can choose other servers to install, as well. These include a Mail server (Postfix with Dovecot), a DNS server (bind9), the OpenSSH server, a print server, a Tomcat Java web server, a Samba file server (for use with Windows networks), and a virtual machine host (Xen). Again, if you are using a groupware solution, you should be careful about installing these services, as they may conflict with similar (but competing) servers which the groupware solution will install by default.

eBox (server and network manager)

eBox is a web-browser based server management platform that is useful in managing multiple servers and networking functions in a small to medium business. It is modular so that as the network grows and more networking functions or servers (such as the ones listed below) are added, eBox can manage those, as well. Install:

sudo apt-get install ebox

OpenSSH server

OpenSSH allows encrypted communications through a designated secure port. The OpenSSH server also can be installed as an option during the Ubuntu Server LiveCD installation. Also see setting up an SSH server. Install:

sudo tasksel install openssh-server

Postfix (Mail Server)

Postfix is a free open source mail server. It can be installed as the "Mail server" option when installing the Ubuntu server from the LiveCD. It interfaces directly to Dovecot, the free open source IMAP and POP3 server.

Bind9 (DNS server)

BIND DNS servers are the most commonly used on the Internet. Bind9 is the current edition and is installed by selecting the "DNS server" option when installing Ubuntu server from the LiveCD. See the usage instruction here.

Apache Tomcat (Java server)

Tomcat is a free open source platform from Apache which provides a "pure Java" HTTP web server environment for Java code to run (see here for more info).

It is not part of the Apache2 web server. Installation can be done by checking the "Install Tomcat server" option at the time of the initial Ubuntu server installation from LiveCD.

Xen virtual machine host

Xen is a free open source virtualization platform that allows the host to run "guest" operating systems simultaneously (see here for more info). Xen implementation in the (K)ubuntu server is based on integration with KVM, the kernel-based virtualization platform in Linux. KVM integrates with QEMU components, which have been merged with Xen.

Note: KVM requires a 64-bit processor with a virtualization extension, i.e. an Intel VT or AMD-V CPU, therefore this package currently is successful only with the 64-bit Ubuntu server installation and on those CPUs.

Installation can be done by checking the "Install virtual machine host" option at the time of the initial Ubuntu server installation from LiveCD.

Print server

Ubuntu uses the CUPS print server, which is integrated into the desktop. Installing a print server in Ubuntu Server is necessary only if you do not intend to use a desktop (i.e. you intend a "headless" server). Because this guide is orientated towards users who will install a Ubuntu desktop on top of the server, please see Ubuntu server documentation for this option.

Apache2 Webserver with PHP and Perl support

To install an Apache webserver (but not the entire LAMP stack) with both PHP and Perl CGI support, see this guide.

OpenLDAP

OpenLDAP is a community-based LDAP server that allows directory querying over TCP/IP, generally for organizations arranged by domain. Ubuntu uses the slapd daemon for the OpenLDAP server. See the official Ubuntu documentation for more information about installation and setup.

NOTE: Karmic's OpenLDAP installation (2.4.18-0ubuntu1) is significantly different from the one from Jaunty. Updated instructions are needed.

Cluster (cloud) computing

Eucalyptus is a project from University of California Santa Barbara to facilitate cluster computing on Ubuntu servers that have Xen enabled. It has been included in the Karmic Koala server edition, but is very much in development. It is not meant for mission-critical deployments at this time. See the website for details.

Enterprise Network Firewall

IPCop

IPCop is a free open source (GPL-licensed) firewall solution for use as an independent appliance (on a dedicated PC) in an enterprise network. It allows remote management and can protect multiple servers, including web and email servers. IPSec-based OpenVPN is supported. The CD image .iso and other files can be downloaded here. Installation instructions are on the website.

SmoothWall

SmoothWall Express is an award-winning, free, open source (with a GPL license) firewall solution for use as an independent appliance (on a dedicated PC) in an enterprise network. Download the installation CD .iso image here (server OS included), burn onto a CD, and install on a new, dedicated PC. Many features, however, such as VPN server, database access authentications, and content filtering are only implemented in a commercial version, however, and are not available in the community version.

Endian

Endian is a very robust, free, open source universal threat management appliance similar to IPCop and Smoothwall. It also incorporates OpenVPN. Like Smoothwall, Dansguardian is used for content filtering (and is included in the community edition). Commercial and hardware versions with some additional features, automatic updates, and professional support are available. See the website for details.

LTSP (Thin client support)

LTSP (the Linux Terminal Server Project) adds thin-client support to Linux servers. The package is free, GPL-licensed, and the client can be used to run programs on either Linux or Windows LTSP servers. There is a module for classroom management (ltsp-controlaula) as well. Installation instructions are here. The alternate LiveCD can also be used to install a terminal server, as indicated in these instructions.

LTSP Server

Install:

sudo apt-get install ltsp-server ltsp-manager

LTSP Client

Install:

sudo apt-get ltsp-client

iTALC (Thin client for Education)

iTALC is a free, open source (GPL-licensed) thin client solution that supports both (K)Ubuntu Linux and Windows XP. It has been used widely in educational settings to monitor, share, and control multiple workstations. See the website for download and installation instructions.

Internet Cafe software

Internet Cafe (or CyberCafe) software is specialized LAN-administration software that includes time usage monitoring, billing, and administration. It can also be used in schools, libraries, and organizations with multiple monitored workstations requiring usage limits.

OutKafe

OutKafe is a free, open-source, GPL-licensed cybercafe solution based on a postgreSQL database server stack. It is run on hundreds of sites. It is GTK-based but can be run with Kubuntu (KDE).

OpenKiosk

OpenKiosk is a free open source multi-platform server/client solution for administering and monitoring groups of workstations, such as in libraries, school labs, and internet cafes. Installation is from source files. See the website for details.

CafePilot

CafePilot is a free multi-platform Java-based server/client solution for real-time monitoring and billing of Cybercafe workstations. A complete custom Ubuntu-based LiveCD server/multiple-client solution (including OS and many applications for unlimited workstations) is available for $100 here.

Pessulus (Lockdown Editor)

Pessulus is a GTK (Gnome)-based utility that allows an a computer administrator to restrict acccess to several administrative functions, including the command-line Terminal and many other functions. This is useful on public kiosk PCs, for example. Install:

sudo apt-get install pessulus

Miscellaneous solutions

This thread discusses several other solutions, including:

Network Attached Servers

FreeNAS

FreeNAS allows a PC with several hard drives to function as a self-contained network attached storage RAID device. It is a very small, fast system, so that an older PCs could function quite well as an NAS.

Setup RAID in Ubuntu/Kubuntu

See this thread for a discussion how to set up RAID on an Ubuntu/Kubuntu server.

Databases

There are several free enterprise-strength databases that can be used in (K)Ubuntu Linux.

PostgreSQL

PostgreSQL is a free standards-compliant enterprise-strength open-source database, initially developed at UC Berkeley. See the PostgreSQL Server documentation for server configuration information. Install:

sudo apt-get install postgresql-8.3
or
sudo apt-get install postgresql

MySQL

MySQL is one of the most widely-used relational databases, and has been licensed under the GPLv2. It has now been bought by Oracle as part of the purchase of Sun. It has long been integrated into co-ordinated server platforms using the LAMP stack, but it can also be installed separately.

sudo apt-get install mysql-server
Personal tools
Sponsor
Going Tribal