Skip to main content

Remote Access Runbook

Overview

This runbook covers all methods of remotely accessing your Arch Linux PC, transferring files, running commands, and managing your system from anywhere.

SSH Access

Basic SSH Connection

ssh username@hostname-or-ip
Examples: 
ssh john@arch-desktop           # via Tailscale hostname
ssh john@100.64.1.5             # via Tailscale IP
ssh john@192.168.1.100          # local network only

SSH with Different Port

If you’ve changed SSH from default port 22: 
ssh -p 2222 username@hostname

Keeping SSH Sessions Alive

Add to ~/.ssh/config on your client machine: 
Host *
    ServerAliveInterval 60
    ServerAliveCountMax 3
This sends a keepalive packet every 60 seconds.

Running Single Commands

No need to stay logged in: 
ssh user@host 'command-to-run'
Examples: 
ssh user@arch-desktop 'df -h'                    # check disk space
ssh user@arch-desktop 'systemctl status sshd'    # check service
ssh user@arch-desktop 'uptime'                   # check uptime

SSH Keys (Passwordless Authentication)

Generate SSH Key Pair (if you don’t have one)

On your client machine: 
ssh-keygen -t ed25519 -C "your-email@example.com"
  • Press Enter to accept default location (~/.ssh/id_ed25519)
  • Set a passphrase or leave empty for no passphrase

Copy Public Key to Arch PC

Easiest method: 
ssh-copy-id username@arch-desktop
Manual method: 
cat ~/.ssh/id_ed25519.pub | ssh username@arch-desktop 'mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys'
From Windows (PowerShell): 
type $env:USERPROFILE\.ssh\id_ed25519.pub | ssh username@arch-desktop "cat >> ~/.ssh/authorized_keys"

Test Passwordless Login

ssh username@arch-desktop
Should connect without asking for a password.

File Transfer

SCP (Secure Copy)

From remote to local: 
scp user@arch-desktop:/path/to/remote/file.txt ~/local/destination/
From local to remote: 
scp ~/local/file.txt user@arch-desktop:/path/to/remote/destination/
Copy entire directory: 
scp -r user@arch-desktop:/path/to/remote/dir/ ~/local/destination/

SFTP (Interactive File Transfer)

sftp user@arch-desktop
Common SFTP commands: 
ls              # list remote files
lls             # list local files
cd /path        # change remote directory
lcd /path       # change local directory
get file.txt    # download file
put file.txt    # upload file
get -r folder/  # download directory recursively
put -r folder/  # upload directory recursively
exit            # quit

SSHFS (Mount Remote Filesystem)

Install on client machine:
  • Arch/Linux: sudo pacman -S sshfs
  • Mac: brew install macfuse && brew install sshfs
  • Windows: Use WinFsp + SSHFS-Win
Mount remote directory: 
mkdir ~/remote-arch
sshfs user@arch-desktop:/home/user ~/remote-arch
Unmount: 
fusermount -u ~/remote-arch    # Linux
umount ~/remote-arch           # Mac

Rsync (Efficient Sync)

Sync local to remote: 
rsync -avz --progress ~/local/folder/ user@arch-desktop:/remote/folder/
Sync remote to local: 
rsync -avz --progress user@arch-desktop:/remote/folder/ ~/local/folder/
Flags:
  • -a = archive mode (preserves permissions, timestamps)
  • -v = verbose
  • -z = compress during transfer
  • --progress = show progress
  • --delete = delete files on destination that don’t exist in source

Remote Desktop Access

GNOME Remote Desktop (VNC/RDP)

On Arch PC:
  1. Install:
sudo pacman -S gnome-remote-desktop
  1. Enable in GNOME Settings:
    • Open Settings → Sharing
    • Turn on “Remote Desktop”
    • Set a password
    • Enable “Allow connections to control the screen”
  2. Check it’s running: 
systemctl --user status gnome-remote-desktop
From Client:
  • Linux: Use Remmina, GNOME Connections, or vinagre
  • Windows: Use built-in Remote Desktop Connection (RDP) or TightVNC
  • Mac: Use built-in Screen Sharing or Microsoft Remote Desktop
Connect to: arch-desktop (via Tailscale) or 100.x.x.x

X11 Forwarding (Run GUI Apps)

Connect with X11 forwarding: 
ssh -X user@arch-desktop
Run any GUI application: 
firefox
gedit
nautilus
evolution
The app appears on your local screen but runs on the remote machine. For better performance: 
ssh -X -C user@arch-desktop  # -C enables compression

VNC Server (Alternative)

Install TigerVNC: 
sudo pacman -S tigervnc
Start VNC server: 
vncserver :1 -geometry 1920x1080 -depth 24
Connect from client:
  • Use any VNC viewer (TightVNC, RealVNC, etc.)
  • Connect to arch-desktop:5901
Stop VNC server: 
vncserver -kill :1

Persistent Terminal Sessions

Install: 
sudo pacman -S tmux
Start a session: 
ssh user@arch-desktop
tmux new -s work
Detach: Press Ctrl+b then d Reattach later: 
ssh user@arch-desktop
tmux attach -t work
List sessions: 
tmux ls
Common tmux shortcuts:
  • Ctrl+b then c = create new window
  • Ctrl+b then n = next window
  • Ctrl+b then p = previous window
  • Ctrl+b then " = split horizontally
  • Ctrl+b then % = split vertically
  • Ctrl+b then arrow keys = move between panes

screen (Alternative)

sudo pacman -S screen
screen -S mysession
# detach with Ctrl+a then d
screen -r mysession  # reattach

System Management Commands

Check System Status

# System uptime
ssh user@arch-desktop 'uptime'

# CPU and memory usage
ssh user@arch-desktop 'htop'

# Disk space
ssh user@arch-desktop 'df -h'

# Running processes
ssh user@arch-desktop 'ps aux'

# System logs
ssh user@arch-desktop 'sudo journalctl -xe'

# Recent logins
ssh user@arch-desktop 'last'

Package Management

# Update system
ssh user@arch-desktop 'sudo pacman -Syu'

# Install package
ssh user@arch-desktop 'sudo pacman -S package-name'

# Search for package
ssh user@arch-desktop 'pacman -Ss search-term'

# List installed packages
ssh user@arch-desktop 'pacman -Q'

Service Management

# Check service status
ssh user@arch-desktop 'sudo systemctl status service-name'

# Start service
ssh user@arch-desktop 'sudo systemctl start service-name'

# Stop service
ssh user@arch-desktop 'sudo systemctl stop service-name'

# Restart service
ssh user@arch-desktop 'sudo systemctl restart service-name'

# Enable service at boot
ssh user@arch-desktop 'sudo systemctl enable service-name'

Port Forwarding

Local Port Forwarding

Access a service on the remote machine via your local machine: 
ssh -L 8080:localhost:80 user@arch-desktop
Now http://localhost:8080 on your local machine accesses port 80 on the remote. Practical example - Remote web server: 
ssh -L 3000:localhost:3000 user@arch-desktop

Remote Port Forwarding

Expose a local service on the remote machine: 
ssh -R 9090:localhost:8080 user@arch-desktop
Now port 9090 on the remote machine forwards to port 8080 on your local machine.

Dynamic Port Forwarding (SOCKS Proxy)

ssh -D 1080 user@arch-desktop
Configure your browser to use localhost:1080 as a SOCKS5 proxy. Now all browser traffic goes through your Arch PC.

Wake-on-LAN (Power On Remotely)

Prerequisites

  • Motherboard must support WoL
  • Must be enabled in BIOS/UEFI
  • Network cable must be connected (doesn’t work over WiFi typically)

Enable WoL on Arch PC

  1. Check if supported:
sudo ethtool enp3s0 | grep Wake-on
(Replace enp3s0 with your network interface - find it with ip link)
  1. Enable WoL:
sudo ethtool -s enp3s0 wol g
  1. Make it persistent: Create /etc/systemd/system/wol.service:
[Unit]
Description=Wake-on-LAN
After=network.target

[Service]
Type=oneshot
ExecStart=/usr/bin/ethtool -s enp3s0 wol g

[Install]
WantedBy=multi-user.target
Enable it: 
sudo systemctl enable wol.service

Wake Up Your PC

Get MAC address first (while PC is on): 
ip link show enp3s0
Look for something like link/ether aa:bb:cc:dd:ee:ff From Linux/Mac: 
sudo pacman -S wol  # or brew install wakeonlan
wakeonlan aa:bb:cc:dd:ee:ff
From Windows: Download a WoL tool or use PowerShell scripts. From Android/iOS: Install a WoL app, enter your PC’s MAC address. Note: WoL only works from the same local network unless you have port forwarding set up or another device at home to relay the packet.

Security Best Practices

Change Default SSH Port

Edit /etc/ssh/sshd_config on Arch PC: 
sudo nano /etc/ssh/sshd_config
Change: 
Port 2222
Restart SSH: 
sudo systemctl restart sshd
Connect with: 
ssh -p 2222 user@arch-desktop

Disable Password Authentication

After setting up SSH keys, edit /etc/ssh/sshd_config: 
PasswordAuthentication no
Restart SSH: 
sudo systemctl restart sshd

Disable Root Login

In /etc/ssh/sshd_config: 
PermitRootLogin no

Use fail2ban

Automatically ban IPs after failed login attempts: 
sudo pacman -S fail2ban
sudo systemctl enable --now fail2ban

Enable Firewall

sudo pacman -S ufw
sudo ufw allow from 100.64.0.0/10  # Allow Tailscale network
sudo ufw enable
sudo systemctl enable ufw

Troubleshooting

Can’t Connect via SSH

  1. Check SSH is running on Arch PC:
sudo systemctl status sshd
  1. Check firewall:
sudo ufw status
sudo firewall-cmd --list-all
  1. Check from local network first:
ssh user@192.168.1.100  # use actual local IP
  1. Verbose connection attempt:
ssh -v user@arch-desktop

Connection Drops Frequently

Add to ~/.ssh/config on client: 
Host arch-desktop
    ServerAliveInterval 30
    ServerAliveCountMax 3
    TCPKeepAlive yes

Slow SSH Connection

Add to /etc/ssh/sshd_config on server: 
UseDNS no

“Permission Denied (publickey)”

  1. Check authorized_keys permissions on server:
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
  1. Check SSH key is added on client:
ssh-add -l
ssh-add ~/.ssh/id_ed25519  # if not listed

Useful SSH Config

Create/edit ~/.ssh/config on your client machine: 
Host arch
    HostName arch-desktop
    User your-username
    Port 22
    IdentityFile ~/.ssh/id_ed25519
    ServerAliveInterval 60
    Compression yes

Host arch-local
    HostName 192.168.1.100
    User your-username
    Port 22
Now you can just type: 
ssh arch

Quick Reference

TaskCommand
SSH connectssh user@host
SSH with keyssh -i ~/.ssh/key user@host
Copy file to remotescp file.txt user@host:/path/
Copy file from remotescp user@host:/path/file.txt ./
Mount remote filesystemsshfs user@host:/path ~/mount
X11 forwardingssh -X user@host
Port forwardssh -L 8080:localhost:80 user@host
Start tmux sessiontmux new -s name
Detach tmuxCtrl+b then d
Reattach tmuxtmux attach -t name
Check SSH statussudo systemctl status sshd

Mobile Access

SSH Apps

Android:
  • JuiceSSH (recommended)
  • Termux
  • ConnectBot
iOS:
  • Termius (freemium)
  • Blink Shell
  • Prompt

Remote Desktop Apps

Android/iOS:
  • Microsoft Remote Desktop (for RDP)
  • VNC Viewer
  • Chrome Remote Desktop
All work with Tailscale - just install Tailscale on your phone and connect using your Tailscale hostname.

Performance Tips

For File Transfers

Use compression for text files: 
rsync -avz user@host:/path/ ./
Skip compression for already-compressed files: 
rsync -av --no-compress user@host:/path/ ./

For Remote Desktop

Lower resolution and color depth: 
vncserver :1 -geometry 1280x720 -depth 16

For SSH Sessions

Enable compression for slow connections: 
ssh -C user@host

Automation Scripts

Daily Backup Script

#!/bin/bash
rsync -avz --delete user@arch-desktop:/important/data/ ~/backups/arch-data/
Save as backup.sh, make executable: 
chmod +x backup.sh
Add to cron: crontab -e 
0 2 * * * /path/to/backup.sh

Health Check Script

#!/bin/bash
ssh user@arch-desktop 'df -h && free -h && uptime' | mail -s "Arch PC Status" your-email@example.com

Notes

  • Always use Tailscale for remote access when possible - it’s the most secure and reliable method
  • Keep your SSH keys secure - never share private keys
  • Use tmux for long-running tasks that shouldn’t be interrupted
  • Regular backups of important data
  • Test your remote access setup before you actually need it in an emergency