Windows XP Infested, Replace with Ubuntu Hardy Heron

The nasty virus infestation was the final straw and my father-in-law wanted to switch to Ubuntu. He wanted better security and peace of mind.

Step 1 – Use live CD to check that Ubuntu works OK with hardware (monitor, printers, keyboard, mouse, scanner, soundcard)

Step 2 – Transfer ALL files (including malware) from windows PC to my Ubuntu notebook using ssh

Type into terminal sshd
Follow the (extremely simple) instructions to install ssh server on notebook so we can send it files
Connect PC and notebook with ethernet cable (NB modern network cards probably make it unnecessary to use a special crossover cable)
Set wired connection on PC to static IP
Reboot (not sure if always or even usually necessary but it can remove some problems
Set wired connection on notebook to a different static IP
Reboot (probably not necessary but doesn’t take long)
On PC ping self in terminal e.g. ping own_IP (Ctrl-C to interrupt)
On notebook ping self in terminal e.g. ping own_IP (Ctrl-C to interrupt)
Ping each machine from the other e.g. on notebook ping PC_IP
If all pinging works, run the following (NB assumes drive mounted as drive 1):
scp -pr /media/disk1 username_on_dest@notebook_IP:~/savedpc
(scp http://linux.about.com/od/commands/l/blcmdl1_scp.htm)
At the end check that the same number of files etc made it across.
Then set the permissions for the oldpc folder (and all its contents) to read only etc

NB wipe ssh server off notebook to reduce attack surface. sudo apt-get remove name_of_ssh_server_package

Step 3 – Perform guided installation of Ubuntu wiping entire hard drive

Step 4 – Set up Ubuntu (see http://p-s.co.nz/wordpress/?p=28
NB we need internet access so we can temporarily switch from static IP for the wired connection to DHCP.

Step 5 – Transfer all files back into a folder called oldpc

Type into terminal sshd
Follow the (extremely simple) instructions to install ssh server on PC being rebuilt so we can send it files
Run the following:
scp -pr name_of_folder_to_shift_back username_on_dest@PC_IP:~/oldpc
At the end check that the same number of files etc made it across.
Then set the permissions for the oldpc folder (and all its contents) to read only etc

Step 6 – Enable remote access into PC from notebook
NB initially we are setting this up with the PC in the same room sitting on the same network as the local notebook. Once everything is set up and we install the PC where it actually belongs we will need to use a different IP address. Vinagre’s Find method will no longer work because it works on the local network.

6.1 Set up ADSL modem to allow packets from obscure port through to ssh port (22). Some modems have it as a NAT rule, some as port forwarding (basic) etc.
6.2 On PC go System>Preferences>Remote Desktop and Allow other users to view your desktop and Allow other users to control your desktop (NB ignore command suggestion – we’ll just use Vinagre).
6.3 Create new user via Administration>Users and Groups. This user will be the only one we allow to ssh in. Give that user administrator rights
6.4 Change ssh settings to ONLY allow that new user access to the PC via ssh

sudo gedit /etc/ssh/sshd_config
add new line on end and a blank line after it. May need to reboot (may not). NB sshd not ssh.
The new line is AllowUsers new_user_name_here
6.5 Open ssh tunnel (port forwarding) on notebook. NB format is port:host:hostport. When you connect to that port on the notebook it is directly connecting you to the hostport specified.

ssh -L 5900:localhost:5900 new_username_on_dest@PC_IP

NB I will need to do this each time I wish to use Vinagre to connect to the PC. I open an ssh tunnel, and then use Vinagre to reach across it. I will also need the following on the end of the command:
-p obscure_port

6.6 Open Vinagre on notebook
Applications>Internet>Remote Desktop Viewer>Connect
Host: localhost
Port: 5900
This works because I am directed to port 5900 on the remote computer (via the port forwarding I just set up in the terminal) and localhost is localhost on the PC of the host port.

6.7 Do whatever is needed on the remote PC

6.8 Close Vinagre (NB F11 to toggle in and out of fullscreen)

6.9 Close ssh tunnel with
exit

Step 7 – Setup PC in actual location with ADSL modem etc
Having trouble connecting to the internet. Able to connect to the ADSL modem from the PC using http://gateway_IP_address_here/ so the ethernet connection, the power, and the modem are all working fine. But pinging out doesn’t work. Fixed that. Odd setting required. Printer and scanner installed extremely easily. Much better than competing OS’s ;-).

Step 8

8.1 Thunderbird files
Copied old thunderbird folders across from windows (it worked!). Use sudo cp … and copy and paste the location. To copy all contents of a folder use -r or -R and “path name/with gaps/”* Will find everything in Ubuntu in /home/user_name/.mozilla-thunderbird/gobbledegook.default/Mail. Ctrl H to see hidden folders etc.

Even if a folder does not have subfolders, you must use the -r. Otherwise you get something like cp: omitting directory yadda yadda. http://www.tuxfiles.org/linuxhelp/dirman.html

NB copy and paste the gobbledegook because it can be hard to get it exactly right just by reading it – example reason – Lowercase L (l) not = numeral one (1) even though in some fonts they are very similar!!!!!!! The windows location is Documents and Settings/user_name/Application Data/Thunderbird/Profiles/gobbledegook.default/Mail. It may be necessary to unlock the folders copied across so use sudo chmod 777 -R path_to_unlock_recursively

8.2 Thunderbird address book
Copy the file abook.mab from … oldpc … /Documents and Settings/user_name/Application Data/Thunderbird/Profiles/gobbledegook.default/” to /home/user_name/.mozilla-thunderbird/gobbledegook.default/

8.3 Firefox 2 bookmarks into Firefox 3
This only required opening Firefox 3, Bookmarks>Organise Bookmarks>Import HTML and importing the stored bookmarks.html file from … oldpc … /Documents and Settings/user_name/Application Data/Mozilla/Firefox/Profiles/gobbledegook.default/”. Restart Firefox.

ROUTINE USE:
open secure shell in:
ssh -L 5900:localhost:5900 new_user_name_on_dest@PC_IP -p obscure_port
The PC_IP address will frequently change so try the last one and then ask user to visit www.showmyip.com and tell you the new one. The obscure port was set in step 6.1.
First time with any new IP address will need to say yes (not y, Y etc) to RSA key creation.
Otherwise just need password for new_user_name_on_dest.
(NB to exit when finished)

NB can work from the CLI for file management tasks etc. Only open remote desktop viewer if seeing the screen (or user interaction) useful.

The open remote desktop viewer (Vinagre) Internet>Remote Desktop Viewer
Connect:
localhost
5900

NB performance not so good so use desktop when you have to and actual shell itself when you can.
To get cursor I think it is is Ctrl-Alt. NB fastest often to set desktop background to a colour while working on it and restore wallpaper at end.