Ask Slashdot: Options For FOSS Remote Support Software?

Albanach writes "I'm sure I'm not alone in being asked to help friends and family with computer issues. These folk typically run Windows (everything from XP onward) or OS X (typically 10.4 onward). Naturally, desktop sharing is often much easier than trying to talk the other end through various steps. I've found free sites like join.me but they don't work with OS X 10.4, neither does the Chrome plugin. I'd also prefer not to compromise security by using a third party in the middle of the connection. Is there a good, free solution I can run on my linux box that supports old and new clients that run Windows, OS X and possibly linux? I'd love it if the users could simply bring their systems up to date, but that doesn't solve the third party issue and it's not easy when it requires a non-trivial RAM upgrade on a Mac Mini."

You've really never heard of VNC?

[Nimey]

Because that's what you want.

Re:You've really never heard of VNC?

[mrclisdue]

No offense intended, but I'm having a hard time understanding why anyone would be asking the submitter for computer advice.

Seriously.

cheers,

Re:You've really never heard of VNC?

[Albanach]

I'm the submitter. I presume your friends and relatives are stunningly more technically adept than mine.

I have personally been using VNC for over a decade. Judging by your /. uid, that's probably a good bit longer than you.

How about you take a moment to read the question. I'm looking for remote support software similar to join.me or the chrome plugin. That means the other end uses their browser, goes to the URL I give them and with as little other input as possible, I can share their desktop.

That does not describe VNC. I already have a vnc/ssh based solution. It's convoluted and yes, they find it difficult. Perhaps you've never assisted folk in their 70s with IT, but yes, for many, something that simple is difficult. It's difficult because it's unfamiliar. They use their web browser and they use email. That's what they know about their computer.

Now VNC may be part of the solution - indeed I would fully expect that. But not plain old vnc or a combination with SSH. The end user shouldn' t need to locate software, open firewall ports, execute shell scripts or type convoluted SSH commands.

Finally folk do, frequently ask me for advice. They do so for the simple reason that I try and give them a solution that meets their needs. That solution is not VNC or I wouldn't have posted the question. I think if you'd read the question rather than trying to get the first moral superiority post you might have realized that.

Google+

The Google+ hangouts works for my students when they have software issues. I second-seat them and things run smoothly. If you are doing the maintenance on their computers, you can ensure that the plugin installs correctly and go from there. -TN

Re:teamviewer

[vux984]

the guy asking help told this is a downside.

The guy asking for help hasn't spent 4 hrs walking grandma through downloading and configuring VNC over the phone so that he can get through the firewall to actually help her.

TeamViewer is a good solution

Reverse VNC

[InfiniteZero]

Other posts have already mentioned VNC, naturally. But more specifically, what you want is reverse VNC. You set up a VNC listener, and firewall port forwarding etc. on you end. Then ask the user to download a simple server executable (e.g. tvnserver.exe in the case of Windows/TightVNC) and connect to your IP address.

Re:Reverse VNC

I completely agree... I've been doing this for many years. The main advantages are:
  - Nobody has an internet-exposed vnc server
  - The people you're supporting don't need to make holes in their firewall
  - As the OP requested: no 3rd party for the connection to go through (a boon to both latency and security)
  - FOSS

For ease of use, make a .bat file on their desktop that gives them icon to click that:
  - starts the vnc server service (i.e. net start vncserver)
  - tells the vnc server to add a new client (the name you've registered with dyndns).

When they want to share their screen with you, you'll need to be running the vnc listening viewer first, and have an open port on your firewall.

PuTTY with VNC

I've been helping my now 83-year-old dad since the Win2K days using this solution:
- On dad's machine, install VNC server and PuTTY SSH client
- Set the VNC server NOT to run in service mode.
- Set the VNC server to accept connections from localhost (That used to be a registry setting, but it might be the default now)
- Set up a user called "sonarman" on my Linux machine. sonarman's shell is a script that loops forever, printing the date and hostname, then sleep 60.
- Set up a public/private keypair so sonarman can log into my linux machine without a password
- Set up a PuTTY session for sonarman that uses the private key to connect, and that forwards some port on my linux machine to the VNC server port on my dad's computer (5901)
- If necessary, tell Windows to allow PuTTY.exe to go OUT through the Windows firewall.
- Created a folder on dad's desktop called "Get help from Mike" - inside are two windows shortcuts, one to start sonarman's ssh connection to form the encrypted tunnel, and one to start the VNC server.

So when dad has a problem, he calls me, he opens the "Get help from Mike" folder, and double-clicks the PuTTY shortcut. When he says "OK, it's showing me today's date", I tell him to double click the other shortcut, and he tells me when the VNC icon shows up in the notifications area.

Once that's done, I connect a vncviewer to localhost:<whatever port I set up>, and I have a view of and control of Dad's desktop.

He can't do any harm to my system, because sonarman's shell doesn't accept any input.
Because his computer is initiating the connection, he doesn't need a fixed IP, nor any holes through the firewall besides the *outgoing* ssh connection.
My linux machine has an entry in DynDNS, and dad's PuTTY connects to my machine by hostname, so as long as my dyndnsd keeps the name up-to-date with Comcast's periodic re-assignments of my IP address, dad's computer can always find mine.
My firewall must be configured to allow incoming ssh connections (but I want that anyway).

Re:Or, ssh?

[binarylarry]

Exactly. That's why I use rsh on all my servers.

It's faster and easier and no one on the internet is possible sniffing my packets.

Re:Or, ssh?

[RealGene]

Have you ever tried to help an 80+ year-old relative with their computer?

"Just start the VNC server, auntie."
"Is that the 'start' button thingy?"
"No, just click on the icon that says 'VNC'."
"All I see is the email from cousin Ruby."
"Ok, close the email first."
"Do I turn off the computer? That's what I do when I'm done reading my mail..."
(continues for 35 minutes)

The point being, the folks who need the help can't be relied upon to start/stop a VNC server, or carry out any other task
that isn't part of their normal routine. And leaving a VNC server running, with circa-1985 eight-character password, on a standard port,
is a security risk.

Re:Or, ssh?

[Wrath0fb0b]

Since VNC is notoriously insecure, it's good practice to only run it over ssh on an untrusted network.
So, the answer is both.

No, the solution is to have server initiated connections to a listening client that is launched on demand, which has the amazing added benefit that the techie is the one to configure his firewall/NAT appropriate rather than the noob. Consider the following secure handshake done over the telephone:

(Noob) Hi, can you help me with WinFooBarTunesExtreme?
(Techie) Sure, let me fire up my listening client and open a port on my local firewall and router
(Noob) I like turtles!
(Techie) Click on the little VNC icon near the clock, click "Connect to Listening Viewer" and type www.techiedomainname.com" then click OK
(Noob) Derp, OK, w-w-w-dot-t-e-c-h-i-e-d-o-m-a-i-n-n-a-m-e-dot-c-o-m, OK
(Techie) Cool, now I can see your screen, please reproduce the error while explaining to me what you are trying to do. ...
(Techie) Let's make sure that VNC is not set to accept connections, OK good, looks nice.

When the session is done, the noob drops the server connection and all is well. VNC server is not set to accept remote-initiated connections (trivial to configure right) so there's zero risk from that end. The techie closes the listening client and disables his port mappings (I hope).

Even the setup is easy, since the noob only has to click "Next" a bunch of time through the VNC server setup and then the techie can adjust the settings once he's connected. There's zero persistent open connections and so zero persistent attack surface. Since there's no passwords exchange, there's no risk of eavesdroppers stealing any credentials.

Re:teamviewer

[number11]

And my mom has no idea how to configure the firewall on her router or enable port forwarding. And neither do I since I have never seen her router

Vnc is useless if mom can't get it to work

UltraVNC has a "single click server". You configure (via UVNC's website) a custom server that is a single 166K executable file that requires no installation and is hardwired to connect to your computer, and (when the time comes) you run your VNC viewer in "listen" mode and have them doubleclick the icon. Since they're the ones initiating the connection, firewall shouldn't be a problem. Works great, you can email the file to them, so long as you can explain how to save an email attachment to their desktop. There are some restrictions (Win only, you need either a fixed IP or something like dyndns to specify your address, and they need to be able to receive an executable attachment), but it works really well. Dunno what to do about the OSX, though.