Ask Slashdot: Options For FOSS Remote Support Software?

Albanach writes "I'm sure I'm not alone in being asked to help friends and family with computer issues. These folk typically run Windows (everything from XP onward) or OS X (typically 10.4 onward). Naturally, desktop sharing is often much easier than trying to talk the other end through various steps. I've found free sites like join.me but they don't work with OS X 10.4, neither does the Chrome plugin. I'd also prefer not to compromise security by using a third party in the middle of the connection. Is there a good, free solution I can run on my linux box that supports old and new clients that run Windows, OS X and possibly linux? I'd love it if the users could simply bring their systems up to date, but that doesn't solve the third party issue and it's not easy when it requires a non-trivial RAM upgrade on a Mac Mini."

You've really never heard of VNC?

[Nimey]

Because that's what you want.

Re:You've really never heard of VNC?

[mrclisdue]

No offense intended, but I'm having a hard time understanding why anyone would be asking the submitter for computer advice.

Seriously.

cheers,

Re:You've really never heard of VNC?

[Albanach]

I'm the submitter. I presume your friends and relatives are stunningly more technically adept than mine.

I have personally been using VNC for over a decade. Judging by your /. uid, that's probably a good bit longer than you.

How about you take a moment to read the question. I'm looking for remote support software similar to join.me or the chrome plugin. That means the other end uses their browser, goes to the URL I give them and with as little other input as possible, I can share their desktop.

That does not describe VNC. I already have a vnc/ssh based solution. It's convoluted and yes, they find it difficult. Perhaps you've never assisted folk in their 70s with IT, but yes, for many, something that simple is difficult. It's difficult because it's unfamiliar. They use their web browser and they use email. That's what they know about their computer.

Now VNC may be part of the solution - indeed I would fully expect that. But not plain old vnc or a combination with SSH. The end user shouldn' t need to locate software, open firewall ports, execute shell scripts or type convoluted SSH commands.

Finally folk do, frequently ask me for advice. They do so for the simple reason that I try and give them a solution that meets their needs. That solution is not VNC or I wouldn't have posted the question. I think if you'd read the question rather than trying to get the first moral superiority post you might have realized that.

VNC?

[Dan+East]

VNC is probably the most prolific remote access client / server software in existence. It is open source, although some companies have created enhanced functionality on top of VNC which is available as commercial products. OSX supports VNC type remote access natively.

Google+

The Google+ hangouts works for my students when they have software issues. I second-seat them and things run smoothly. If you are doing the maintenance on their computers, you can ensure that the plugin installs correctly and go from there. -TN

teamviewer

[alen]

its free for non-commercial use. my mom lives almost 2000 miles away and that's what i use to help her.

Re:teamviewer

[vux984]

the guy asking help told this is a downside.

The guy asking for help hasn't spent 4 hrs walking grandma through downloading and configuring VNC over the phone so that he can get through the firewall to actually help her.

TeamViewer is a good solution

Re:teamviewer

[BoogeyOfTheMan]

I have to agree. It may not be OSS, but it is free for non-commercial use and it works on Windows, Linux, and OSX. You can even use it from an Android device to control someones machine. I've used it on Windows and Linux to control other Windows and Linux machines, on Linux to control a machine running OSX, and on Android to control my Linux machine when I wasnt at home.

If you can walk someone through downloading, installing and running something, TeamViewer is perfect. Once its running, all you need to have them do is tell you their ID number and passcode, which is prominently displayed when TV is running.

I use it a lot to help my friend whos a complete computer newb to fix and/or learn things.

Re:TeamViewer

[asmkm22]

I'm going to second this. It's free for non-commercial use, so it's great for helping out family and friends. It's really easy to use and, like the poster said, there's no install needed. Just make sure they hear you correctly and go to "teamviewer.com" and not "teenviewer.com". I had that happen once, and it was a bit awkward.

Re:teamviewer

[number11]

And my mom has no idea how to configure the firewall on her router or enable port forwarding. And neither do I since I have never seen her router

Vnc is useless if mom can't get it to work

UltraVNC has a "single click server". You configure (via UVNC's website) a custom server that is a single 166K executable file that requires no installation and is hardwired to connect to your computer, and (when the time comes) you run your VNC viewer in "listen" mode and have them doubleclick the icon. Since they're the ones initiating the connection, firewall shouldn't be a problem. Works great, you can email the file to them, so long as you can explain how to save an email attachment to their desktop. There are some restrictions (Win only, you need either a fixed IP or something like dyndns to specify your address, and they need to be able to receive an executable attachment), but it works really well. Dunno what to do about the OSX, though.

Re:Or, ssh?

[RealGene]

Since VNC is notoriously insecure, it's good practice to only run it over ssh on an untrusted network.
So, the answer is both.

Doesn't exist

[Cosmos_7]

What you're looking for doesn't exist. VNC is great, but without the middleman you're never going to have ease-of-use for the people you're trying to help... they're going to give up trying to get port-forwards set up on their router long before you actually get in to help them.

Logmein / Teamviewer / etc is what is needed, and just plain works. If you have to choose one, it should be Teamviewer... can run client and support on all three specified platforms, and the QuickSupport option on Windows is a godsend - nothing like telling a client / grandma / whoever to simply download and run a small executable to let you in and help them.

Reverse VNC

[InfiniteZero]

Other posts have already mentioned VNC, naturally. But more specifically, what you want is reverse VNC. You set up a VNC listener, and firewall port forwarding etc. on you end. Then ask the user to download a simple server executable (e.g. tvnserver.exe in the case of Windows/TightVNC) and connect to your IP address.

Re:Reverse VNC

I completely agree... I've been doing this for many years. The main advantages are:
  - Nobody has an internet-exposed vnc server
  - The people you're supporting don't need to make holes in their firewall
  - As the OP requested: no 3rd party for the connection to go through (a boon to both latency and security)
  - FOSS

For ease of use, make a .bat file on their desktop that gives them icon to click that:
  - starts the vnc server service (i.e. net start vncserver)
  - tells the vnc server to add a new client (the name you've registered with dyndns).

When they want to share their screen with you, you'll need to be running the vnc listening viewer first, and have an open port on your firewall.

TeamViewer

[vux984]

Its not FOSS, and there is a middle man to negotiate things to get you connected.

It is however free for non-commercial use.

You can remote control -from- Windows, OSX, Linux, iphone, and android.

You can remote control -to- windows, OSX, Linux, and recently samsung androids.

It just works. The person you are trying to support can get connected to you by clicking the "Join Remote Support Session" URL, and running the quick support app. They don't have to install the software, or configure their firewall, or fiddle with various modes etc.

You can connect to pretty much anyone anywhere from pretty much anything anywhere.

How does it compare to the various VNCs? Its much easier to get a connection going, and you don't waste more time trying to get a remote session going than it takes to actually perform the remote support.

Now, VNC is great, and if you set up your own public VNC repeater, and bundle your own VNC client to use that repeater you can get most of the way towards what you get with teamviewer without any effort at all.

PuTTY with VNC

I've been helping my now 83-year-old dad since the Win2K days using this solution:
- On dad's machine, install VNC server and PuTTY SSH client
- Set the VNC server NOT to run in service mode.
- Set the VNC server to accept connections from localhost (That used to be a registry setting, but it might be the default now)
- Set up a user called "sonarman" on my Linux machine. sonarman's shell is a script that loops forever, printing the date and hostname, then sleep 60.
- Set up a public/private keypair so sonarman can log into my linux machine without a password
- Set up a PuTTY session for sonarman that uses the private key to connect, and that forwards some port on my linux machine to the VNC server port on my dad's computer (5901)
- If necessary, tell Windows to allow PuTTY.exe to go OUT through the Windows firewall.
- Created a folder on dad's desktop called "Get help from Mike" - inside are two windows shortcuts, one to start sonarman's ssh connection to form the encrypted tunnel, and one to start the VNC server.

So when dad has a problem, he calls me, he opens the "Get help from Mike" folder, and double-clicks the PuTTY shortcut. When he says "OK, it's showing me today's date", I tell him to double click the other shortcut, and he tells me when the VNC icon shows up in the notifications area.

Once that's done, I connect a vncviewer to localhost:<whatever port I set up>, and I have a view of and control of Dad's desktop.

He can't do any harm to my system, because sonarman's shell doesn't accept any input.
Because his computer is initiating the connection, he doesn't need a fixed IP, nor any holes through the firewall besides the *outgoing* ssh connection.
My linux machine has an entry in DynDNS, and dad's PuTTY connects to my machine by hostname, so as long as my dyndnsd keeps the name up-to-date with Comcast's periodic re-assignments of my IP address, dad's computer can always find mine.
My firewall must be configured to allow incoming ssh connections (but I want that anyway).

Re:PuTTY with VNC

[humanrev]

Now this is a great example of the DIY nature of true geeks who can build a solution using FOSS components tailored to their particular requirements but without skimping on security, and although initially a bit complicated to set up for the expert, still ultimately has ease of use on the side of the end user (the Dad in this case).

Reading about solutions built like this is one of the reasons I still come back to Slashdot despite the site itself slowly falling into the abyss.

Re:Or, ssh?

[rubycodez]

nonsense, no one is going to intercept your VNC stream during the time you are helping your relatives. get real, no one at your ISP is snooping traffice from home looking for a VNC session to tamper with. have your relatives turn off the server when done. you are more likely to get struck by lightening.

or entertain us by your laughingly improbable method by which you will intercept someone's VNC packets.

Re:Or, ssh?

[binarylarry]

Exactly. That's why I use rsh on all my servers.

It's faster and easier and no one on the internet is possible sniffing my packets.

Simple solution

[Cute+Fuzzy+Bunny]

Logitech and best buy routinely sell cheap decent webcams. I've picked up regular ones, and 720p and 1080p HD versions for under ten bucks each shipped.

Bought one for each family member.

When they have a problem, I start a video chat with them, they take the webcam off the monitor and point it at the screen. On some cams you have to click the 'mirror' button to reverse the image. Then we work on the problem. If that computer is dead, put the webcam on a laptop and use that, or do a video chat with their phone or pad if they have one.

Securing software, poking hole in firewalls and all that seems like a waste of time when you can actually SEE whats going on for yourself.

Re:Simple solution

even simpler solution- ebay and a lot of hipsters websites routinely sell decent Polaroid Cameras. I've picked up regular ones and a few packages of film for pretty cheap.

Bought one for each family member.

When they have a problem, I have them snap a picture of their screen and put it in an addressed, stamped envelope and send it over to me. Then we work on the problem. If that computer is dead I have them take a picture of the power cord and the outlet the computer is supposed to be plugged into to make sure the cord is actually in the outlet.

Securing software, poking hole in firewalls, setting up a video chat and all that seems like a waste of time when you can actually SEE whats going on for yourself.

Re:Or, ssh?

[RealGene]

Have you ever tried to help an 80+ year-old relative with their computer?

"Just start the VNC server, auntie."
"Is that the 'start' button thingy?"
"No, just click on the icon that says 'VNC'."
"All I see is the email from cousin Ruby."
"Ok, close the email first."
"Do I turn off the computer? That's what I do when I'm done reading my mail..."
(continues for 35 minutes)

The point being, the folks who need the help can't be relied upon to start/stop a VNC server, or carry out any other task
that isn't part of their normal routine. And leaving a VNC server running, with circa-1985 eight-character password, on a standard port,
is a security risk.

Re:Or, ssh?

[Wrath0fb0b]

Since VNC is notoriously insecure, it's good practice to only run it over ssh on an untrusted network.
So, the answer is both.

No, the solution is to have server initiated connections to a listening client that is launched on demand, which has the amazing added benefit that the techie is the one to configure his firewall/NAT appropriate rather than the noob. Consider the following secure handshake done over the telephone:

(Noob) Hi, can you help me with WinFooBarTunesExtreme?
(Techie) Sure, let me fire up my listening client and open a port on my local firewall and router
(Noob) I like turtles!
(Techie) Click on the little VNC icon near the clock, click "Connect to Listening Viewer" and type www.techiedomainname.com" then click OK
(Noob) Derp, OK, w-w-w-dot-t-e-c-h-i-e-d-o-m-a-i-n-n-a-m-e-dot-c-o-m, OK
(Techie) Cool, now I can see your screen, please reproduce the error while explaining to me what you are trying to do. ...
(Techie) Let's make sure that VNC is not set to accept connections, OK good, looks nice.

When the session is done, the noob drops the server connection and all is well. VNC server is not set to accept remote-initiated connections (trivial to configure right) so there's zero risk from that end. The techie closes the listening client and disables his port mappings (I hope).

Even the setup is easy, since the noob only has to click "Next" a bunch of time through the VNC server setup and then the techie can adjust the settings once he's connected. There's zero persistent open connections and so zero persistent attack surface. Since there's no passwords exchange, there's no risk of eavesdroppers stealing any credentials.

Re:Or, ssh?

[hobarrera]

A few years ago, I was sitting in front of two PCs, using just one, but after a minutes, I noticed the start menu opened on the other, and some commands started typing themselves in. I immediately noticed the VNC icon notifying me someone was connected.

My guess: there's thousands of bots looking for open VNC connections. You don't have to be targeted specifically. Lesson: don't leave VNC to an open internet connection, even with a strong password.

Re:Or, ssh?

[MikeBabcock]

You do realize that there are automated port scanners running on botnets all over the internet all the time, right?

I get hit with thousands of SSH requests a day on the machines I administer, all with random username/password attempts (none of which will work because I only ever allow public key auth). When one of those port scanners notices 5900 open on your granny's computer, and the password is brute-forced in a few seconds, I think you'll rethink your perspective on the issue.

Interception isn't necessary to hack a connection. There's a reason we firewall people are so difficult.

PS you could just add your own netblock to your relatives' firewall software on port 5900 and limit exposure.

Re:Or, ssh?

[rtfa-troll]

Parent is over-rated. Exactly how is VNC "notoriously insecure"? Because it is not encrypted? Do you really think someone is going to intercept the screen drawing compressed bitmap traffic during some ad-hoc session?

This is exactly the thing I really hate to see up here. People doling out advice when they clearly have absolutely no clue. Some belief that "if it's for 30 seconds it's too fast for them to react". Packet monitoring is done by computers. It is done any time. It is done automatically. The network guys on your network have the right to do it "for network maintenance reasons". The professional ones a) wouldn't want to see and b) earn too much to risk it. Unfortunately they have all been outsourced to the lowest paid guy in India for whom the risk of being caught is nill and the benefit of selling your bank details; or even just enough information to make a "this is Microsoft and we know you have a virus" call is huge.

And what exactly will they get?

They want exactly only one thing. Your VNC password. They will then use that next time to start an automated session which does a small install just before you log in. After that you will never see them use your VNC ever again. Please hand in your computer operating license. None of this will involve a single person.

Re:Or, ssh?

[hairyfeet]

Bimbo Newton Crosby, if they'd ever tried to actually support a completely clueless user they'd know that VNC would be a BAD idea.

Honestly i just don't see how he is gonna be able to pull it off on both Windows AND OSX without some service in the middle, i really don't. Everything else is gonna require the user to at least have enough skills to start the thing up which is far from assured and leaving it running 24/7 is just asking for trouble.

This is why I'm glad I have all my family and customers on Win 7, MSFT may have made plenty of dumb moves but EasyConnect is a fricking Godsend, its the easiest damned thing I've ever dealt with for remote assistance. I simply pin Remote Assistance to the start menu and its as easy as "Hit start, see that thing at the top that says remote assistance? Yeah click on that, hit next, see my name? Yeah click on my name...hold on...okay I'm hooked up, see that little box that popped up that asks if I can have full control? Just click yes...okay I've got it now" and then I can just sit in my comfy chair and work the system like i was sitting right in front of it.

I wish there was something truly universal and that simple to use but if its out there so far I haven't found it. Just remember when you suggest programs we are talking normal folks, the stuff YOU would think is trivial to do is often so completely over their head it would literally be quicker to simply drive out to where they are and do the work than to sit their on the phone trying to talk them through it.

Oh and one final bit of advice for those that have to support the clueless...get Comodo Time Machine and install it NOW, you'll be glad you did. Think of it as a system restore that actually works and which doesn't get infected by malware. When my GF had to go across the state to take care of a sick relative and her niece screwed her laptop up so bad the thing wouldn't even boot to desktop it took me less than 15 minutes to get her back up and running thanks to CTM. Just set it to use around 10%-15% of the HDD space for snapshots and have it take a snapshot at boot (if you boot more than once a day it'll only take one snapshot so you won't run out of space) and you are golden. You can even lock a snapshot so you can have your own version of a factory refresh that will put the system right back to the way you had it with no muss or fuss. Just have them hit the Home key when they see the big clock, tell them what day you want them to go back to and voila! Instant fix.

UltraVNC Single Click.

You all are trying to go at this the wrong way.

You should run a 'listening server' on your end, and send them a VNC single click binary.

http://www.uvnc.com/products/uvnc-sc.html

Single click binary does need to be setup by the admin (Ultra VNC has a webpage that generates the executable, the admin can do anything from having a single entry that just connects to your IP (on the listening server) upto having pretty graphics and customized greeter screens.). Having a dns entry that always points to your domain (johnsupport.dyndns.com in the worst case for example) also makes those single click instances working for quite some time.

I'm quite surprised so little people know about SC, even though VNC is quite well known here.

And again, TeamViewer is nice (albeit closed source) one always has to wonder, why would a company give you such a service, for free. Yes, they also have commercial offerings where there bread and butter comes from I'm sure. So does google/facebook, yet we all know what they really sell.