Tag: Windows

Hardware

My Intel Core i7 Build: Putting It Together

Recently I decided it was finally time to upgrade my gaming computer. I had skipped over Intel’s recent spate of chipsets, as well as Windows Vista, so my computer – still based on the Intel x975 chipset and Windows XP Pro – was definitely in need of an upgrade.

This is the second post documenting my upgrade to an Intel Core i7 Lynnfield system. In my first post I discussed the components I selected and why. In this post I’ll talk about assembling the system and the challenges I encountered. In my final post I’ll cover my attempts at overclocking the new system.

The Build

I like to build systems outside of the case. Then, when I’m sure everything is running well, I’ll place the components in the case and dress up the wiring (See Figure 1). Similar to other motherboard manufacturers, Intel has finally taken to mounting the SATA II ports horizontally, facing the back of the case, instead of vertically. Good thing too because the video card would likely have prevented me from using the first couple of ports. I’m using two 36GB Western Digital “Raptor” drives configured for Raid 0 to hold the OS. I placed these on SATA ports 0 & 1. I also have a pair of 74 GB Raptors will be configured for Raid 0, but these will become my d:\ drive and hold only data files. I placed these drives on SATA ports 2 & 3. My CD/DVD drive then ends up on port 5.

 Screenshot of my Core i7 build outside of the computer case

Figure 1

I decided to get a new power supply for this rig. The existing PC Power & Cooling Silencer 750 that I originally intended to use for this upgrade I felt could best be used elsewhere. I’m partial to the single 12 VDC rail design for PC power supplies so I ended up picking up Corsair’s’s 750TX.

Intel offers several methods for updating their BIOS, including updating directly from the OS using a utility called “Express BIOS Update.” Sans OS though, your choice is to use Intel’s tried and true “IFLASH2” utility and the BIOS file from a bootable floppy, USB or optical disk, or use a bootable ISO image to update the BIOS firmware. I chose the latter and it was a breeze. Burn the image to a CD-R, boot to it, and in 5 minutes your BIOS firmware is updated.

In order to build the RAID arrays, I navigated to Advanced -> Drive Configuration -> Configure SATA and made sure that the RAID option was selected, then rebooted and entered Intel’s Raid configuration utility (using CTRL-l). I chose the default stripe size of 128 KB for my two RAID 0 arrays. Returning to the BIOS, I made some additional preliminary tweaks before installing the OS, including disabling the 1394 port (never use it), disabling CPU and System fan control (I prefer to run them wide open), and turning off the Event Log (this is a feature?). Adjustments to Performance section of the BIOS will be saved for when I start overclocking the system. I then booted into Memtest86+ (v4.00) and ran it for 2-3 passes to verify that the RAM was solid. Sweet, no errors.

Windows 7 comes with native support for RAID, so rather than choosing to install my own via the usual “F6” method I let Windows use its own. After the OS was fully operational though, I installed Intel’s RAID driver, as well as the essential audio, LAN and graphics drivers; activated the OS and downloaded Microsoft updates. I then installed applications and performed the my usual OS performance tweaks. With the exception of a few applications, such as Guild Wars and Quake 3 Arena, which I made run using compatibility mode, all my applications installed and ran just fine on Windows 7 Pro 64-bit.

My Canon i560 printer had me scratching my head though. First, Canon’s Windows 7 64-bit driver for the i560 does not work; and, to complicate things, my printer is parked on a D-link print server. To install a driver that would allow this PC to see the printer, I first had to connect the printer directly to the PC via USB. Then, instead of messing further with the flaky Canon driver, I let Win 7 find and use its own native driver. Then I deleted that printer and put the printer back on the print server. I created a new printer, but this time configured for a proper TCP/IP port. When it came time to load a driver, I simply reused the one Win 7 added when the printer was directly connected.

The Temp

Almost immediately after I get a new system up and running on the bench I navigate to the BIOS’s hardware monitor to verify the temperature(s) it’s reporting for the CPU so as to ensure I have the heatsink and fan installed and working correctly.

Back in the good old days (you know, before Core i7), you would typically pay attention to the “CPU temperature” the motherboard was reporting. This is the processor’s Tcase temperature, the temperature at the geometric center of the topside of the integrated heat spreader as measured (or estimated) by a sensor IC. This temperature value is routinely used by utilities such as Everest, SpeedFan, as well as ones provided by the motherboard manufacture, to report the thermal condition of the processor. According to Intel, Tcase should be maintained at or below the thermal threshold listed in the processor’s datasheet. For the Core i7 860 processor for example, that value is 72.7C. Given a reasonably accurate measurement of Tcase and the not-to-exceed threshold value provided by Intel, you knew exactly where you stood with respect to your processor’s temperature.

Enter core temperatures. Unlike Tcase, the processor’s core temperature is the temperature measured by the processor’s Digital Thermal Sensor (DTS). This value is always relative to what Intel feels is the maximum core temperature threshold for a given processor model, a parameter Intel calls TjMax. Nominal core temperature values, as reported by utilities such as Core Temp and Real Temp, would be an equally reliable way of representing processor temperature if you knew with certainty the value of TjMax. Knowing that value would provide you with a fairly reliable way to calculate your core temperature, and by extension, how much margin you have before encountering TjMax:

Core Temperature = TjMax – DTS reading

Unfortunately, Intel treats the TjMax value as if it were a matter of national security, and so these utilities are left to essentially guess what the TjMax value is in order to report the nominal core temperature values. In other words, core temperatures, while nice to know, aren’t terribly useful because: 1) Their accuracy is suspect; and 2) there is no direct correlation to the nominal value of Tcase and it’s threshold as provided by Intel in the processor’s specification.

On the Intel DP55KG that I’m using for this upgrade, the situation seems to have gotten even murkier. On this motherboard there are two temperature readings reported in BIOS: Internal and Remote. Instead of Tcase, this Internal temperature is apparently meant to represent the processor’s core temperatures. This was confirmed when, after installing Real Temp, the temperatures reported by that utility matched the one reported by the BIOS within about one degree. Speedfan’s readings also closely matched these readings. And the “Remote” temperature reported by the BIOS? Since it routinely reports temperatures 2-5 degrees below those reported by the Internal reading, I suspect its readings come from a thermal sensor near the processor, whose job it is presumably to keep track of the internal case temperature.

It appears then that Intel now seems to be more interested in focusing on core temperatures and their relative difference from TjMax. But how does this help me ascertain how much headroom I have with respect to the Core i7 860’s thermal profile value of 72.7C? In short, it doesn’t. So I guess I’ll need to trust that Intel will keep the processor from exceeding whatever it feels are its critical thermal thresholds, Tcase or otherwise. My job, it appears, is merely to keep the core temperatures as low as possible.

The DP55KG’s BIOS was reporting that the processor’s core temperature was idling at ~36C (ambient room temperature is routinely ~20C). I felt I could probably do better than this so I went in search of a heatsink to replace the Arctic Cooling Freezer 7 Rev.2 I was using for this build. As mentioned in my initial post, even finding a suitable heatsink for an LGA1156 CPU was a challenge. While there were plenty of options for 1366-based boards at the time I was pulling the parts together for this build, very few of the more reputable heatsink manufactures had yet to put out parts made specifically for with newer LGA1156. The second time out though I ran into a Maximum PC article regarding the Cooler Master Hyper 212 Plus air cooler.

I picked one up, replaced the Freezer 7, and was able to lower the idle temperature to 30C. Needless to say I’m quite happy with it. As you can see though, the heatsink does land very close to the RAM modules (See Figure 2).

 Screenshot of proximity of the heatsink to the RAM

Figure 2

This brings up another issue that would be a good to mention here and that’s the best procedure I found for applying the thermal compound. Arctic Silver suggests applying their Arctic Silver 5 product in a line over the CPU heatspreader horizontally, but not spread the line out. Instead, when you place the heatsink on top of heatspreader of the CPU, the line of Arctic Silver 5, they suggest, will “spread out just like an oval pancake.” Well, it did spread out a bit and it may resemble an oval pancake (See Figure 3), but this method does not yield the best results. I tried several variations of this pancake method and compared the results with the more traditional method of placing a small amount of compound in the center of the processor and spreading it thinly and evenly so it covers the entire top of the processor, and in each case the latter method produced the best results.

 Screenshot of the Core i7 860 and the result of applying a thin horizontal line of thermal compound

Figure 3

I think the problem with Arctic Silver’s method is that it actually places too much compound on the processor resulting in poorer heat transfer, not better. But perhaps a more significant factor leading to poorer results in my case is the unique design of the Cooler Master 212’s heatsink itself. Instead of the typical smooth copper surface, this heatsink is built in such a way as to allow its heat pipes to rest directly on the processor. Consequently, the heatsink surface is not smooth but instead has ridges where the heat pipes nestle against a nickel plate. These ridges seem to be preventing the thermal compound from spreading out as well as Arctic Silver intended (See Figure 4).

 Screenshot of the Core i7 860 and the result of applying a thin horizontal line of thermal compound

Figure 4

Final Thoughts

After putting each of these speed bumps behind me I was ready to place all of the components in the NZXT Tempest mid tower case. I decided to forego using the case’s side fan in order to improve positive air flow, but even with one less fan, it was immediately apparent that I was going to run out of fan headers. No worries though, I typically run the fans wide open anyway so I simply wired 12VDC to each of them. The Tempest isn’t the easiest case to dress up wiring in but I managed hide some of it behind the motherboard (See Figure 5).

 Screenshot of the Core i7 860 and the result of applying a thin horizontal line of thermal compound

Figure 5

In the next post I’ll share my experiences with overclocking the DP55KG and Core i7 860.

Hardware

My Intel Core i7 Build: The Parts

I’m fortunate (or cursed) enough to be able to upgrade the desktop computers here at the iceflatline compound fairly often. The way this usually works is that my personal desktop computer gets overhauled and then the older parts are used to build, upgrade and/or maintain the other machines in the house – call it the “trickle down” method of upgrading.

Recently I decided it was time to start this cycle again. I had elected to skip over Intel’s X38 and X48 chipsets (and p45/p55 chipsets too) and Windows Vista, and so my computer – still based on the x975 chipset and Windows XP Pro was definitely in need of an upgrade.

This will be the first in what I intend to be three related posts documenting this upgrade – the parts I selected for it and why; the assembly of the system and the challenges I encountered; and finally, the steps taken to overclock the system.

The Parts

I’ve built a good many PCs over the years. Everything from bleeding-edge, fire breathing, water-cooled dragons to systems just fast enough to run Puppy Linux. My goal this time was to use the best quality components I could find for a low price, and build a fast, reliable machine for right around $1000 – $1500. In other words, build a machine that’s a good value. Since this was an upgrade, I also had a couple of other objectives in mind. First, since this machine, like its predecessor, would be used primarily for PC gaming and the occasional video/audio project, I wanted to upgrade the graphics capability; second, I wanted to significantly increase the amount of system memory; and finally, I wanted to use Windows 7.

The case – I’ve been a fan of Lian Li cases for some time; however, while they look great and their quality is second-to-none in my opinion, they’re not what you would characterize as a “gamer” or “enthusiast” case. This is primarily because they typically lack good cooling. I’m currently using water cooling in one of their tower cases and so the lack of good case cooling has not really posed a problem for me. However, I wanted to try and save on what I anticipated would be the cost for a new water cooling solution to fit a new motherboard and instead go with air cooling if I could. That steered me towards a mid-tower case with good air flow. I decided on the NZXT Tempest case. I had built a system for one of my kids with this case and really liked it. The three 12cm fans provide good air flow; it’s easy to work in, and it looks good.

The power supply – This was an easy one. I almost exclusively use power supplies from two manufacturers. For lower cost builds I use Fortron and for everything else I use PC Power & Cooling. I was already using a Silencer 750 in my current system so my solution here is to simply reuse this unit.

The CPU – This was a tough choice. Being somewhat of an Intel fan boy I had more or less settled on going with one of their Core i7 products. But Intel has presented a very challenging decision for the gamer/enthusiast building a new system today. Intel’s newest CPUs – code-named Lynnfield – include the 2.93GHz Core i7-870, the 2.83GHz Core i7-860, and the 2.66GHz Core i5-750. Lynnfield chips use essentially the same “Nehalem” 45 nm architecture as Intel’s other Core i7 CPUs, code-named “Bloomfield.” However, the Lynnfield CPUs are incompatible with existing Bloomfield-based Core i7 motherboards. The most notable difference is Intel’s decision to use a new socket for the Lynnfield CPUs – LGA1156, which is incompatible with the current Bloomfield-based CPUs. To make matters even worse, the fan/heatsink mounting holes for each socket type are also incompatible.

A significant advantage in using Bloomfield is Intel’s use of tri-channel DDR3 memory (to save cost, Intel uses dual-channel DDR3 for Lynnfield). So then why go with Lynnfield if a bigger memory bus is arguably better? I want a fast rig right, and I have to get a new motherboard in either case. Well, for one thing, LGA1366 motherboards aren’t cheap. Those added traces from the socket to the RAM slots to support tri-channel RAM mean more layers and pricier motherboards. Yet another factor to consider is that while Lynnfield is cheaper and gets you 90 percent the performance of a Bloomfield system, Intel will purportedly introduce a yet another new CPU skew in 2010 (“Gulftown”). This architecture supposedly adds two more physical cores to the CPU, add to that hyper-threading, and that’s 12 threads available to the OS. But alas, it will only be available on the Bloomfield/LGA1366 platform.

But, after weighing all these factors and the desire to stay true to be goal of pulling together the best system for the money, going with a Lynnfield build made the most sense to me. I chose the 2.83GHz Core i7-860, which should overclock quite well and, for ~$280.00, would seem to be the sweet spot for price versus performance. I also save at least $100 on the board and a little more on the RAM. However, I arguably give up a clearer upgrade path by passing on a Bloomfield-based system.

The Motherboard – I’ve traditionally used ASUS motherboards but then started to run into reliability problems with them. I also grew tired of the growing list of “features” their boards began to offer that I had no use for (e.g. WiFi, Bluetooth, etc.), resulting in time spent trying to disable them somehow. For my last build I used Intel’s D975XBX2, the so called “Bad Ax” board, and really liked it. No it didn’t have all the candy-ass features and overclocking capabilities of say an ASUS or Gigabyte motherboard at the time, but it turned out to be sufficiently overclockable for my needs and has been 100% reliable. Given this experience, I decided to go with an Intel motherboard again and chose their DP55KG.

The Heatsink – The Corsair Nautilus 500 water cooling solution I’m currently using, while it has served me well, wouldn’t be useable on the new LGA1156 motherboard. Besides, Intel’s latest CPUs run cooler than their predecessors and air cooling has gotten significantly more effective. So, there just wasn’t any reason in my mind to hassle with another water cooling solution for this build. However, finding a suitable fan/heatsink for an LGA1156 CPU turned out to be somewhat of a challenge. As I mentioned, the fan mounting holes for LGA1366 and LGA1156 motherboards are incompatible. So while there were plenty of options for 1366-based boards at the time I was pulling my parts together, very few of the more reputable heatsink manufactures had yet to put out parts yet that were made specifically for with newer.LGA1156. I ended up choosing the relatively inexpensive Arctic Cooling Freezer 7 Rev.2 with the hope of finding something a perhaps a bit more effective in a couple of months when other companies started to release parts for the LGA1156 motherboards. I also chose Arctic Silver 5 for the thermal compound.

The RAM – One of my goals for this build was to double my system memory. That meant 8GB for this build. After all, this is supposed to be an upgrade right? I was looking for either an 8GB kit (2x4GB) or two 4GB (2x2GB) kits with the timings as low as possible. Another factor that I was glad I considered ahead of time was whether the RAM would fit under the CPU’s fan/heatsink due to the close proximity of the RAM slots to CPU. I ended up eliminated a couple of products (Corsair Dominator I’m looking at you…) because they were too tall to fit. I ended up selecting two 4GB DDR3-1600 Mushkin Redline kits from which run at 1.65v with timings that spec at 7-7-7-18.

The Graphics – I have no allegiance to either AMD or Nvidia and was willing to go with either depending on price versus performance. I ended up going with AMD this time around though and chose a Radeon 5870 from ASUS. For ~$380, I felt it provided the best performance for the money.

The Optical Drive – Believe it or not I actually had to buy one of these. The Lite On drive I’m currently using is IDE and I needed one with a SATA interface. Sadly, I guess it really is time to move on. Here’s how much time I spent shopping for it though – I went to Newegg.com, navigated to the CD/DVD burners, selected “Best Rating” from among the search options and dutifully paid for the one that was at the top of the list. I think it was from Samsung :).

The Hard Drive – This was a tough decision too. I really really wanted to get a solid state drive but with prices so high and firmware support for features like Trim so fluid I decided to stick with with my trusty Western Digital Raptors that I currently have set-up in Raid 0. I fully expect that SSD performance will improve and prices will come down soon so I plan on revisiting this at a later time.

The OS – Not much of a surprise here. I went with Windows 7 Pro 64-bit. Why the pro version and not Home Premium? Remote Desktop. Home Premium doesn’t support it and I really wanted this feature so I could easily access this machine remotely.

Final Thoughts

Well, that’s it for the parts list. Most of which I elected to get from Newegg.com. Cost, not including shipping, came in right around ~ $1400.00. Next time I’ll share my experiences with assembling the system and the challenges I encountered.

Linux

How to Install VirtualBox Linux Guest Additions

(20140911 — The steps in this post were amended to address changes in recent versions of software. Minor editorial corrections were also made — iceflatline)

This post will describe how to install VirtualBox Guest Additions on your Linux guest operating system.

Oracle’s VirtualBox is a general-purpose x86 machine virtualizer that runs on Windows, Linux/Unix, and OpenSolaris hosts. It supports a large number of guest operating systems, including Linux (kernel versions 2.4 and 2.6) and the usual Windows flavors. Guest Additions consist of drivers and kernel modules that improve the usability and performance of the guest operating system, including the ability to share the mouse pointer seamlessly between the guest and host systems without the need to free the pointer from the guest OS first; the ability to share the clipboard between the guest and host OS; and, better video support through the use of guest drivers for the X Window system that provide higher (and non-standard) video modes as well as accelerated video. VirtualBox and its Guest Additions addon are free software licensed under the GNU GPL.

The versions for the software discussed in this post were as follows:

  • CrunchBang Linux v11
  • VirtualBox v4.3.14
  • Windows 7 Pro

So, let’s get started.

Download and Mount

VirtualBox Guest Additions are designed to be installed to the guest OS after it has been installed. So, if you haven’t already installed your Linux guest OS make sure you do that first.

VirtualBox Guest Additions is provided as a single image. To install, you mount this image as your guest OS’s virtual CD/DVD-ROM drive and install it directly from the drive from within the guest OS. Start your guest OS and release your mouse pointer. Navigate up to the top of the window and select Devices->Install Guest Additions CD Image. The image should automatically mount as your guest OS’s virtual CD/DVD-ROM drive. (you may see a disk icon of some sort on your guest OS desktop). Now, let’s install the Guest Additions. Open up a terminal and navigate to the directory where your virtual CD/DVD-ROM is mounted (e.g.,/media/cdrom0). List the contents of the directory and you’ll notice several scripts. You’ll want to run the Linux script from this directory with the following command:

The script will do a self-check to verify the integrity of the image, then it will proceed with uncompressing files, building new kernel modules, and installing drivers. After the script finishes, you should reboot your guest OS to ensure that Guest Additions is actually used.

Troubleshooting

One problem I’ve encountered is that the installation will fail, complaining that headers for the current kernel were not found. To fix this problem make sure to first update your packages, then install the necessary kernel headers. For example, in CrunchBang, Ubuntu, and other Debian-based distributions, run the following commands:

Conclusion

I’m starting to use VirtualBox a lot now to help test and evaluate various BSD and Linux distributions in a more flexible way. Guest Additions is easy to set up and makes working in your guest OS a much better experience.

Commentary

Why I need to use Windows 7 Professional

Here at the old iceflatline compound there are a lot of Windows desktops running. Enough to where I actually looked into volume licensing at one point. I’m able to access all of these machines from the comfort of wherever I happen to be. Sure I could, and even may, switch some of these over to *nux, but last I checked, I wasn’t going to be able to count on playing, say, Dragon Age or Mass Effect on Ubuntu, or whatever, any time soon (so sad).

Imagine then how pleased I was when a Redmond announced their “family pack” option for Windows 7, which will allow users to upgrade three PCs to the Home Premium edition of the operating system for $149. Great I thought, when I get around to upgrading these machines, I’m going to save a ton of scratch, right? Then something in the back of my mind said hold on minute, what features might you be giving up? The answer: Remote Desktop. This feature is not available in home premium, only in Windows 7 versions starting with Professional. Oh sure you can access another Windows desktop (assuming it is using XP pro or Vista/Win 7 Pro and above) using Home Premium, but you won’t be able to access a Home Premium install remotely. Would it have killed them to put that feature in Home Premium making it…um… premium?

Networking

Remote Access To Your Ubuntu Server Using PuTTY, Hamachi and SSH

(20130205 – This post has been amended to reflect the most recent version of LogMeIn Hamachi — iceflatline)

This post will describe how to set up a secure virtual private network (VPN) to your Ubuntu home server using the Linux version of LogMeIn Hamachi. Once configured, you’ll be able to use secure shell (SSH) to access and manage your server from anywhere outside of your home network without the need to forward ports or make any other configuration changes on your home network gateway/router.

LogMeIn Hamachi is a hosted VPN service that is capable of establishing secure LAN-like links between computers, even if they’re behind Network Address Translation (NAT) devices. You can use it to create secure virtual networks on demand, across public or private networks. In order for LogMeIn Hamachi to work, a “mediation server,” operated by the LogMeIn, is required. The mediation server stores machine nicknames, statically allocated IPv4 (IP) addresses in the 25.x.x.x range and the associated authentication token of the user. An overview, including protocol-level details of the security architecture employed by LogMeIn can be found at LogMeIn Hamachi.

LogMeIn Hamachi provides three network types for flexibility in meeting diverse use case scenarios. They differ mainly in network topology. LogMeIn Hamachi clients can be members of any network; however, depending on the network owner’s LogMeIn Hamachi subscription, networks have the following limitations:

  • Free subscription allows you to have five members in a network
  • Standard subscription allows you to have 32 members in a network
  • Premium subscription allows you to have 256 members in a network
  • Multi-network subscription or a LogMeIn Central subscription allows you to have 256 members in all your networks

Further information regarding the subscription types can be at LogMeIn Hamachi.

SSH is a open source program for logging into a remote machine and, in most cases, for executing commands on that machine. It provides secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. It is intended as a replacement for rlogin, rsh and rcp, and can be used to provide other applications with a secure communication channel. To use SSH, you will need to install an SSH client on the computer you connect from (most Linux distributions and Unix variations include an SSH client), and an SSH server on the computer you connect to. The most popular open source SSH client and server are maintained by the OpenSSH project.

The versions for the software used in this post were as follows:

  • LogMeIn Hamachi (Linux) v2.1.0.86-x64 (beta)
  • LogMeIn Hamachi (Windows) v2.1.0.284
  • OpenSSH Server v1:5.9p1-5ubuntu1
  • PuTTY v0.62
  • PuTTYgen v0.62
  • Ubuntu server v12.04 (x64)

So, let’s get started.

Installing the SSH Server

As you may recall, the OpenSSH server is an option you have the opportunity to select when you installed and setup your Ubuntu server. If you did not select that option, you’ll need to install the OpenSSH server manually:

If the SSH server was already installed apt will let you know, otherwise the installation will proceed. When complete, the SSH server daemon will start automatically. To check to make sure it’s running, use the following command:

Install and Configure LogMeIn Hamachi on the Ubuntu Server

The LogMeIn Hamachi Linux client comes as a single executable binary compiled for the platform of your choice. This binary includes the Hamachi daemon, the control application, and the setup utility. However, before we can successfully install LogMeIn Hamachi on our Ubuntu Server we must first install the Linux Standard Base (LSB). LSB is a standard Linux core system that some third-party applications written for Linux, like LogMeIn Hamachi, use for successful implementation across a variety of distributions:

With that dependency out of the way, let’s download the 64-bit Linux version of LogMeIn Hamachi to our Ubuntu server.

Then install it:

After LogMeIn Hamachi is installed it will start up as a background process (daemon) automatically. However, you can stop, start or restart the Hamachi daemon manually from the command line with the following commands:

When the Hamachi daemon is run for the first time it stays offline. Let’s bring it online:

You can change its status back to offline at any time using the following command:

Note that the daemon remembers its state if the Ubuntu server it is shutdown or if shutdown using the sudo /etc/init.d/logmein-hamachi stop command. So if its state was online, it will automatically go online when started next time. If it was offline, it will stay offline.

Next, let’s create a nickname for our Ubuntu server so that we can identify it easily from a remote client machine:

Now, let’s create our LogMeIn Hamachi network. In this step you’ll need to enter a unique name for your network as well as a password for it. If your network name is already in use you’ll need to keep trying until you select one that’s unique. If you’ve previously setup a LogMeIn Hamachi network and want to simply add your server to it, then substitute join for create in the following command:

That’s it. Your LogMeIn Hamachi VPN should be up and running with your Ubuntu server added as one of its member hosts. You can display the status of LogMeIn Hamachi at any time by running the command sudo hamachi without any arguments. To display a full list of all the LogMeIn Hamachi command options, use sudo hamachi -h.

Install and Configure LogMeIn Hamachi on a Linux Client

Now that we’ve installed LogMeIn Hamachi on our Ubuntu Server and created a secure VPN, it’s time to install LogMeIn Hamachi on any Linux-based machines you’d like to use to access your server remotely. You can follow the steps explained above for the Ubuntu server in order to download and install LogMeIn Hamachi on your Linux macbine. Once installed, bring the logmein-hamachi daemon online:

Create a nickname for your remote client machine:

Then join the network you created at the server:

Let’s check to make sure we can see our Ubuntu server on our LogMeIn Hamachi VPN. The following command will your networks (and their hosts) that you are a member of:

Assuming that LogMeIn Hamachi is running on your Ubuntu server, you should see the nickname you created for the Ubuntu server listed, as well as the IP address assigned to it by LogMeIn (e.g., 25.x.x.x). An asterisk next to a host indicates that corresponding machine is currently online (Note: you will not see the machine your’re running the command from listed). Now that we have our Ubuntu server and our remote Linux client machine online, let’s see if we can initiate a terminal session with the server using SSH:

You may receive a warning concerning the authenticity of the host you’re trying to reach along with a fingerprint of its public RSA key, and asked if you’re sure you want to continue connecting. If you’re absolutely sure that you are indeed connecting to your Ubuntu server, accept by typing yes and you’ll be presented with the login and password prompt. The public key from your Ubuntu server is stored in ~/.ssh/known_hosts. If you don’t want to have to remember the LogMeIn Hamachi IP address each time you want to run an SSH session with your server, simply add the IP address along with a name (e.g. home-server-ssh) to your hosts file (/etc/hosts). Next time you use LogMeIn Hamachi/SSH to connect to your server, use the name instead of the IP address and the host file will resolve the IP address for you.

Install and Configure LogMeIn Hamachi on a Windows Client

Configuring a Windows machine to access your Ubuntu server remotely is easy too. Download and install the Windows version of LogMeIn Hamachi. When you fire up the application for the first time, LogMeIn Hamachi will be in the offline state. Select the Power On icon on the top left of the application). A pop-up screen will appear asking you to enter the nickname to assign to your remote machine. After it is entered, the application will go online; however, we won’t see our Ubuntu server just yet, we first must add ourselves to the network we created. Select the “Join an existing network” and fill in the name of the network and the password you created when setting up the Ubuntu Server and select “Join”. You should see the name of the LogMeIn Hamachi network we created, as well the LogMeIn Hamachi IP address and nickname for our Ubuntu server appear in the screen (See Figure 1). Once installed, the LogMeIn Hamachi application will start whenever Windows starts and the user has logged in. You’ll find various configuration settings for the application under System->Preferences.

Screenshot of the Hamachi Application

Figure 1

We’re almost there. Now we need to download and install an SSH application (Windows doesn’t support SSH natively). There are many out there to choose from, but the one I typically use is PuTTY, a free implementation of Telnet and SSH for Win32 and Linux/Unix platforms. Download PuTTY.exe (or the Installer version if you’d prefer) and run it. Enter the LogMeIn Hamachi IP address for your Ubuntu server in the Host name field, make sure to select the SSH radio button, and then select “Open” (See Figure 2).

Screenshot of the PuTTY Application

Figure 2

You may receive a warning concerning the authenticity of the host you’re trying to reach along with a fingerprint of its public RSA key, and asked if you’re sure you want to continue connecting. If you’re absolutely sure that you are indeed connecting to your Ubuntu server, accept by selecting Yes; a terminal emulator will open and you’ll be presented with the login and password prompt.

If you don’t want to have to remember the LogMeIn Hamachi IP address each time you want to run a session with your server, then simply add the address along with a name of your choice (e.g. home-server-ssh) to your hosts file (/windows/system32/drivers/etc/hosts). Next time you use SSH to connect to your server, use the name instead of the IP address and the hosts file will resolve the IP address for you.

Additional Security

As you may have noticed, we’re using conventional password authentication in order to prove to our Ubuntu server who we claim to be. That may be an acceptable level of authentication considering we’re also authenticating over SSH and a secure VPN tunnel. However, you may want to have a more secure form of authentication. Public key authentication is an alternative means of identifying yourself to your Ubuntu server. Instead of typing a password, you generate a key pair, consisting of a public key (which your server is allowed to know) and a private key (which you keep secret and do not give out). The private key is able to generate signatures. A signature created using your private key cannot be forged by anybody who does not have that key; but anybody who has your public key can verify that a particular signature is genuine. Public key authentication is more secure and more flexible, but a little more difficult to set up. We’ll walk through the steps on both a Linux and a Windows client machine in the follow examples, but in essence what is involved is generating a key pair on our remote client machine, and copying the public key to the Ubuntu server. Then, when the server asks to prove who we are, the SSH application can generate a signature using your private key. The server can verify that signature (since it has your public key) and allow you to log in.

    Linux Client

Let’s set up our remote Linux client for public key authentication. We first need to generate the public/private key pair:

By default the RSA keys are 2048 bits. You can increase this to 4096 bits if desired with the -b option:

You’ll be asked by the script where it should store the keys (~/.ssh is the default), and then asked to enter in a passphrase in order to encrypt the private key that will be stored in this machine. If you don’t want to be asked for a passphrase each time you connect, just press enter. It is up to you to decide whether or not you should password encrypt your key when you create it. However, if you don’t, then anyone gaining access to your private key will automatically have SSH access to the server. After you enter a passphrase and confirm it, or simply hit enter, your encrypted private key (id_rsa) and your public key (id_rsa.pub) are generated and stored in ~/.ssh (assuming you accepted the default directory).

Now that our keys are generated, let’s move the public key to our Ubuntu server. Ensure that LogMeIn Hamachi is running, then enter the following command:

This command will copy your public key to ~/.ssh/authorized_keys on your Ubuntu server. That’s it. Now, next time you use SSH/LogMeIn Hamachi to initiate a session with your server you’ll be asked to provide the passphrase (if you provided one when you generated the keys) for your private key instead of your server password. Congrats, you’re now using public key authentication to login to your server. Once you know your key pair works back up both the public and private keys files to an offline media, such as a USB flash drive or CD.

    Windows Client

Configuring our remote Windows client for public key authentication requires a little more work. First, we need a Windows application that can generate the public/private key pair. We’ll use PuTTYgen, PuTTY’s key generation utility, to perform this task. PuTTYgen is installed automatically if you use the Windows installer version of PuTTY, else you can simply download and use the standalone version of PuTTYgen.

Start PuTTYgen and verify that “SSH-2 RSA” is selected and change the “Number of bits in a generated key” field to 2048 (or more). Select “Generate” where you’ll be asked by PuTTYgen to move your mouse over the applications blank area in order to generate “randomness.” PuTTYgen will then proceed to create your public/private key pair (See Figure 3).

Screenshot of the PuTTYgen application after generating a public/private key pair

Figure 3

You may now enter a passphrase for you private key and confirm it. Again, it’s up to you to decide whether or not to protect your private key with a passphrase. However, electing not to means that anyone gaining access to your private key will have SSH access to the server. You also have the opportunity to modify the “Key comment” field. The default entry is the key type and the date it was created. If you intend on creating additional keys, you may wish to populate this field with something different in order to help you differentiate between the various keys.

When complete, select “Save private key” and choose a file name and a location to save the *.ppk file. Next, carefully copy the text contained in the “Public key for pasting into OpenSSH authorized_keys file” box into a text file and save it. Using a program like WinSCP copy the text file to your user account on the Ubuntu server. Now, login to this account and append the contents of this text file to the file ~/.ssh/authorized_keys and make sure permissions are set correctly:

We’re done with PuTTYgen so let’s exit the program. Now fire up PuTTY and navigate to Connection->SSH->Auth. Under Authentication parameters select the Browse button and select the *.ppk file you saved in the previous step (See Figure 4). Now, navigate back up to Session and enter the LogMeIn Hamachi IP address for your server in the Host name field, make sure to select the SSH radio button, and then select Open (of course, LogMeIn Hamachi should be running). You may receive a warning concerning the authenticity of the host you’re trying to reach along with a fingerprint of its public RSA key, and asked if you’re sure you want to continue connecting. Accept by selecting Yes; you’ll be asked to provide the passphrase (if you created one) for your private key instead of your server password. Congrats, you’re now using public key authentication to login to your server. Once you know your key pair works back up both the public and private keys files to an offline media, such as a USB flash drive or CD.

Screenshot Showing the Private Key Load Screen in the PuTTY Application

Figure 4

Now that we have public key authentication set up, you may be wondering if you can still logon to the server without a private key? In other words, can you still use your server username and password? The answer is yes. However, that can be changed. After you’re sure that public key authentication is working on the remote machines you’ll be using to access your Ubuntu server, you may want to consider shutting down password authentication. To do that, logon on to your server and open the OpenSSH server’s config file (/etc/ssh/sshd_config). Look for the line #PasswordAuthentication yes and change it to PasswordAuthentication no (Make sure to uncomment the line). Then restart the SSH server with the following command:

Conclusion

Good times eh? Using some open source tools and LogMeIn Hamachi, we set up a secure VPN between remote Windows and Linux clients, and our Ubuntu server. And, we didn’t have to touch our home gateway/router. We also improved the security of the network by using public key authentication.

References

https://help.ubuntu.com/community/SSH/OpenSSH/Keys
http://the.earth.li/~sgtatham/putty/0.60/htmldoc/
http://www.openssh.com/
http://www.ibm.com/developerworks/library/l-keyc.html