ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Comparing MeshCentral 2 to ScreenConnect

    Scheduled Pinned Locked Moved IT Discussion
    remote accessscreenconnectmeshcentralmeshcentral 2connectwise controlconnectwise
    980 Posts 39 Posters 317.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      vpr00 @Ylian
      last edited by vpr00

      @Ylian said in Comparing MeshCentral 2 to ScreenConnect:

      I am running way behind on documentation. On embedding, let me know what server type will be the master (NodeJS, ASP.NET...). Once you get MeshCentral running, get the --loginTokenKey and cut and paste it into your server. Then, if the master server is NodeJS, use this code to generate a time limited cookie on your server and use it as documented. The user name is "user/(domain)/(account name in lower case)", the sample below is for "admin" on the default domain. hope it helps until I get time to work on documentation.

      obj.crypto = require('crypto');
      obj.encodeCookie({ u: 'user//admin', a: 3 }, obj.loginCookieEncryptionKey)
      
      // Encode an object as a cookie using a key using AES-GCM. (key must be 32 bytes or more)
      obj.encodeCookie = function (o, key) {
          try {
              if (key == null) { key = obj.serverKey; }
              o.time = Math.floor(Date.now() / 1000); // Add the cookie creation time
              const iv = Buffer.from(obj.crypto.randomBytes(12), 'binary'), cipher = obj.crypto.createCipheriv('aes-256-gcm', key.slice(0, 32), iv);
              const crypted = Buffer.concat([cipher.update(JSON.stringify(o), 'utf8'), cipher.final()]);
              return Buffer.concat([iv, cipher.getAuthTag(), crypted]).toString('base64').replace(/\+/g, '@').replace(/\//g, '$');
          } catch (e) { return null; }
      };
      

      Thanks for your fast reply. My master server is running python and im not sure if i can replicate your piece of code in python.

      Anyway, thanks for your reply. I see youre busy with other features and i dont want to take too much of your time away.

      Maybe there is some python/crypto expert on here which can translate your code to phyton?

      I mean, for my needs it would be suitable if i could easily create one login token without time limit. I think a feature like this would be easily implemented on your side but im not sure if that would be against your security model?

      YlianY 1 Reply Last reply Reply Quote 0
      • YlianY
        Ylian @vpr00
        last edited by

        @vpr00 If you want to be completely evil... you can try on your server /createLoginToken.ashx?user=(username)&pass=(password) and it will return a login token. It's evil because passing credentials in a URL like this is really bad. Often URL's are logged and so your password is in event logs. This said, people kept wanting me to add this feature...

        V JaredBuschJ travisdh1T 3 Replies Last reply Reply Quote 0
        • V
          vpr00 @Ylian
          last edited by vpr00

          @Ylian said in Comparing MeshCentral 2 to ScreenConnect:

          @vpr00 If you want to be completely evil... you can try on your server /createLoginToken.ashx?user=(username)&pass=(password) and it will return a login token. It's evil because passing credentials in a URL like this is really bad. Often URL's are logged and so your password is in event logs. This said, people kept wanting me to add this feature...

          Of course it would be better if I could create login tokins on the business server or if i would just have 1 non time-limited login token but i can live with your suggestion for testing purposes for now.

          Id be very happy to be able to generate login token on my business server sometime in the near future though.

          I think people are wanting it because they are generally doing the necessary security measures before even exposing the option to access MeshCentral. So at that point they want a quick and easy way to login a user which is already a trusted user on their side.

          Thanks for your fast reply as always!

          1 Reply Last reply Reply Quote 0
          • JaredBuschJ
            JaredBusch @Ylian
            last edited by

            @Ylian said in Comparing MeshCentral 2 to ScreenConnect:

            This said, people kept wanting me to add this feature...

            You reject these kinds of feature requests and tell people to smeg off.

            1 Reply Last reply Reply Quote 2
            • travisdh1T
              travisdh1 @Ylian
              last edited by

              @Ylian said in Comparing MeshCentral 2 to ScreenConnect:

              @vpr00 If you want to be completely evil... you can try on your server /createLoginToken.ashx?user=(username)&pass=(password) and it will return a login token. It's evil because passing credentials in a URL like this is really bad. Often URL's are logged and so your password is in event logs. This said, people kept wanting me to add this feature...

              Please, ignore people being stupid.

              1 Reply Last reply Reply Quote 1
              • CloudKnightC
                CloudKnight
                last edited by

                Completely craziness, don't let people pass credentials through URL like that, others will use it and moan when they get compromised..
                Defiantly a put your foot down moment..

                YlianY 1 Reply Last reply Reply Quote 1
                • scottalanmillerS
                  scottalanmiller
                  last edited by

                  Just updated to 0.2.8-l

                  black3dynamiteB 1 Reply Last reply Reply Quote 0
                  • black3dynamiteB
                    black3dynamite @scottalanmiller
                    last edited by

                    @scottalanmiller said in Comparing MeshCentral 2 to ScreenConnect:

                    Just updated to 0.2.8-l

                    0.2.8-m

                    scottalanmillerS 1 Reply Last reply Reply Quote 0
                    • scottalanmillerS
                      scottalanmiller @black3dynamite
                      last edited by

                      @black3dynamite said in Comparing MeshCentral 2 to ScreenConnect:

                      @scottalanmiller said in Comparing MeshCentral 2 to ScreenConnect:

                      Just updated to 0.2.8-l

                      0.2.8-m

                      Hasn't shown up for me yet.

                      1 Reply Last reply Reply Quote 0
                      • FATeknollogeeF
                        FATeknollogee
                        last edited by

                        Auto-update is now working.
                        I'm now on 0.2.8-n

                        scottalanmillerS 1 Reply Last reply Reply Quote 0
                        • scottalanmillerS
                          scottalanmiller @FATeknollogee
                          last edited by

                          @FATeknollogee said in Comparing MeshCentral 2 to ScreenConnect:

                          Auto-update is now working.
                          I'm now on 0.2.8-n

                          I'm on that too, now.

                          1 Reply Last reply Reply Quote 0
                          • FATeknollogeeF
                            FATeknollogee
                            last edited by

                            Auto-update is taking care of biz...
                            0.2.8-p

                            1 Reply Last reply Reply Quote 2
                            • JaredBuschJ
                              JaredBusch
                              last edited by

                              Haven't had much time to test things out lately..

                              Updated.
                              9b32072c-528f-4016-897f-9cb2c7a2df75-image.png

                              1 Reply Last reply Reply Quote 0
                              • JaredBuschJ
                                JaredBusch
                                last edited by JaredBusch

                                NICE!! You can now change groups. This was added in 0.2.7-y
                                https://github.com/Ylianst/MeshCentral/issues/85

                                This is awesome to me. I allows me to build a single installer (well per OS) that dumps systems into a known group and then I can move them where they need to be.

                                With multiple clients, this is the only easy way to handle this.

                                Awesome work @Ylian

                                YlianY 1 Reply Last reply Reply Quote 3
                                • YlianY
                                  Ylian @CloudKnight
                                  last edited by Ylian

                                  @StuartJordan On the topic of the evil "/createLoginToken.ashx?user=(username)&pass=(password)". Good feedback. I do want to allows people to setup MeshCentral on a Raspberry Pi, etc and tinker with it on a local LAN or to help developers get started. However, since I don't want anyone using this in production, in the next release: It will only be allowed if you are using the default un-trusted HTTPS cert. This way, if you start using a Let's Encrypt TLS cert, your own cert or a TLS offloader "createLoginToken" does not work anymore. Hopefully that will keep everyone happy 🙂

                                  CloudKnightC 1 Reply Last reply Reply Quote 2
                                  • YlianY
                                    Ylian @JaredBusch
                                    last edited by

                                    @JaredBusch Thanks. Yes, you can now change groups. By the way, maybe this will help your installer: You can create a text file with the same name as the agent with ".tag" at the end (or instead of .exe on Windows) and put some serial number or short unique id in it. When the device shows up, click on it and your will see "Agent Tag" with the content of the tag file. This is useful if you want to put your own device mapping ID and may help you sort devices.

                                    1 Reply Last reply Reply Quote 1
                                    • YlianY
                                      Ylian
                                      last edited by Ylian

                                      One more quick news. I have been working on MongoDB tuning in the last few days. You should be able to connect 10k+ devices easy on a AWS t3.medium instance (Amazon Linux 2, 30$/mo + traffic) without issues. Just published v0.2.8-r with proper MongoDB indexes and query fixes. Handles 1000's of devices now. Still room for improvement, but the previous version where REALLY bad with connection scaling. v0.2.8-r is a lot better at that. Graph below shows MongoDB wasted time for a server with 5000+ agents.

                                      MC2-MongoDB-Performance.png

                                      scottalanmillerS 1 Reply Last reply Reply Quote 7
                                      • scottalanmillerS
                                        scottalanmiller @Ylian
                                        last edited by

                                        @Ylian just updated to it.

                                        1 Reply Last reply Reply Quote 0
                                        • CloudKnightC
                                          CloudKnight @Ylian
                                          last edited by

                                          @Ylian that's brilliant, your working so hard on this, thank you for all your hard work.

                                          1 Reply Last reply Reply Quote 2
                                          • JaredBuschJ
                                            JaredBusch
                                            last edited by

                                            Agents do no show the new name when the machine is renamed 😞
                                            ScreenConnect does this.
                                            7b1660fd-237c-4801-995b-142993a7d14c-image.png

                                            1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 41
                                            • 42
                                            • 43
                                            • 44
                                            • 45
                                            • 48
                                            • 49
                                            • 43 / 49
                                            • First post
                                              Last post