@EddieJennings yeah, that would be nice for sure.

@dbeato said in Todays' replacement for Teamviewer:

@scottalanmiller You can use Splashtop which is great.

I second Splashtop. While not free, $5 a month won't break the piggy bank, and it works dang good.

@jaredbusch said in Locking down vendors:

@scottalanmiller said in Locking down vendors:

@dashrender said in Locking down vendors:

They MIGHT have an internal team for this, but since we have our own IT department, my management has decide to take the costs internal versus paying the new vendor to set up remote access for themselves.

That doesn't really make sense as this is all questions about THEIR IT. All your team can do is get in the way 😉

Right, I have no idea WTF you think you are doing here @Dashrender.

The most you should do is setup a VLAN or actual separate LAN with no access to your network. The other company can deal with putting something on this shit old device that reaches to their support infrastructure.

No one on there side has even breathed a word about something like that.

As I previously mentioned - the old HVAC vendor did all of their own management - I only provided them an internet connection, they managed everything else.
I can see the advantages of that - time to toss this at the new vendor similarly.

@dashrender said in Looking for a remote access solution:

@scottalanmiller said in Looking for a remote access solution:

@jaredbusch said in Looking for a remote access solution:

@dashrender said in Looking for a remote access solution:

@jaredbusch said in Looking for a remote access solution:

Put zerotier on the box in the DC and the user's box. restrict it to only RDP.

Done.

I really like this - sadly - our insurance policy requires MFA for remote access. I'll have to see if ZT has anything for that.

Then put the 2fa on the Windows RDP login with a service like Duo.
https://duo.com/docs/rdp
https://duo.com/editions-and-pricing/duo-free

Just use ZT to lower (all but remove) the attack surface.

That would get them up to 3FA (which isn't a bad thing) assuming ZT isn't somehow tied to some other authentication mechanism.

As it's been AGES since I've used ZT - can you make the user have to log into it each time they launch it? If yes - and it's logon isn't associated with AD (as you mentioned) then OK - I see how you consider ZT and RDP MFA.

The user can be forced to start or stop the process. The fact that it uses a key (something you have) owned by the user makes it MFA regardless of if they automate the login or force it to be manual.

Don't try to compare it to Duo or something like that which uses "something you have" to generate "something you know." Compare it to a security USB stick like YubiKey. It's a direct "something you have" 2FA in that sense.

@jaredbusch said in Fast/painless remote access:

@scottalanmiller said in Fast/painless remote access:

@wls-itguy said in Fast/painless remote access:

@scottalanmiller I'd be happy just to see the desktop at this point.

Most messaging platforms (Teams, Jitsi, Zoho Cliq, Slack, RocketChat, etc.) are going to do that for you.

Right, just to see? You can do Jitsi so easy. it is all a web page.

But also, almost everyone can use Zoom any more. and it also has screen sharing.

Forgot that is a feature in Zoom. Works for what I needed.

Thanks everyone!

@stuartjordan said in Once off or short term remote access solution:

@jaredbusch Do you have to install the remote plugin and login with your gmail account to access the machine though?

I have ConnectWise installed for me.

@scottalanmiller said in Free / Cheap Unattended Remote Access Utility for Windows PCs:

@EddieJennings said in Free / Cheap Unattended Remote Access Utility for Windows PCs:

@NetworkNerd

My MeshCentral VM is in Vultr.

Same here. Way better than AWS, Azure, or GCP for standard workloads like this.

Just for home use, it could likely sit in a free AWS Lightsail instance if it is small enough.

@Dashrender said in Remote Access for home user:

@manxam said in Remote Access for home user:

@fuznutz04 : Keep an eye out for the "hidden" hibernate that doesn't show up under "Plan settings" (only sleep and display). I've seen multiple systems that have "Hibernate after" configured under "Sleep" in the advanced settings as default.

There's also the problem where some systems become broken and once a system goes to sleep, it will continue going to sleep no matter what after something like 2 mins of non use. Rebooting fixes it, until it goes to sleep again... there is a fix somewhere in these threads too, reg fix.

Hahah, yeah. I was part of that thread too having been bit by it myself. Thankfully I haven't seen that behaviour in over a year.
Your thread : https://mangolassi.it/topic/18166/windows-10-goes-to-sleep-outside-listed-sleep-times
My thread : https://mangolassi.it/topic/17731/windows-10-ignoring-display-sleep-inactivity-settings

@scottalanmiller said in Making an RDP Terminal Server with Ubuntu Linux:

I recommend the Remmina RDP client tool, it's the bomb.

I love Remmina as a client.

I'm on 0.7.47, I don't see a problem w Windows machines?

@scottalanmiller That's one hell of a run on sentence! Do you actually speak without pausing or breathing? 🙂

@scottalanmiller said in MeshCentral2 Issue:

@dafyre said in MeshCentral2 Issue:

What I saw on my Fedora 29/Gnome desktop was that it showed up, but most of the remote features did not work.

that's more of what I would expect.

As discussed in another thread (I think)... that's due to Wayland being used for Gnome.

Holy cow, I just realized that we've been using MC since Dec, 2018. That's 27 months ago!

@syko24 said in MeshCentral - Anyone tried this?:

@scottalanmiller said in MeshCentral - Anyone tried this?:

@pmoncho said in MeshCentral - Anyone tried this?:

@scottalanmiller

I misread that. Yeah only 140 agents.

Apparently I am far behind.

We use it pretty extensively 🙂

@scottalanmiller - Just curious are you still using Tactical or just Mesh these days? I've been playing around with Tactical internally and definitely a great solution. I know you mentioned a while back you were using that and Mesh separate from each other.

We use both. Tactical has been pretty good. Definitely use Mesh 90% of the time and Tactical just 10%. But it has been a good tool and we like it.

Install Guacamole on Ubuntu (Docker version)
https://chasewright.com/2017/08/01/guacamole-mysql-docker/

@stacksofplates said in Remote management of VMs hosted in colocation:

@dashrender said in Remote management of VMs hosted in colocation:

@stacksofplates said in Remote management of VMs hosted in colocation:

@scottalanmiller said in Remote management of VMs hosted in colocation:

@stacksofplates said in Remote management of VMs hosted in colocation:

@scottalanmiller said in Remote management of VMs hosted in colocation:

@eddiejennings said in Remote management of VMs hosted in colocation:

Allowing an SSH connection to the managementVM from the Internet

I have not tried this approach yet, and it appears more risky than the Screen Connect approach, since SSH to that VM would be open to the Internet. Unless I'm missing some benefit to this approach, I'll not be using it.

Use a strong key, lock to your IP. Very safe. Add Fail2Ban, of course.

Or add Salt and open/close based on need so it doesn't stay open.

Fail2ban doesn't work with keys.

But it would work normally with people attacking using non-keys, would it not? Or am I missing something about what it would do?

Why would you not require keys? Not making them mandatory defeats the purpose of using them.

I think he means - if a hacker is trying to use a password on a system setup to only allow keys - the fail2ban will block those users, or won't it?

No. It's dropped before fail2ban even sees it.

Oh, makes sense. There is no "attempt" like with a password, it is "already blocked."