Mesh Central
-
I finally spun up a MC server VPS. How is everyone securing this? Besides the fact that I can setup 2FA for this, if I don't want to put this behind any proxy, what is the best approach to secure the web UI?
-
@AdamF Usernames, passwords, SSL/TLS and 2FA are the lockdowns you'd use anywhere. It's secure by default. If you can, do IP locking. But it is rare that you can do that.
-
@scottalanmiller said in Mesh Central:
@AdamF Usernames, passwords, SSL/TLS and 2FA are the lockdowns you'd use anywhere. It's secure by default. If you can, do IP locking. But it is rare that you can do that.
Excellent, just wanted to verify with someone else as well. Thanks Scott.
-
@AdamF said in Mesh Central:
if I don't want to put this behind any proxy
That doesn't do much anyway. There's really very little to do. It's a web page, so basically think of it link a bank website.
-
@scottalanmiller Hopefully getting those Pi's connected this weekend. (from the other thread)
-
@scottalanmiller I am missing the 2FA option in the my account settings. I am missing something I suppose?
-
@AdamF said in Mesh Central:
@scottalanmiller I am missing the 2FA option in the my account settings. I am missing something I suppose?
Because the name is dumb?
My Account >> Manage Authenticator App
-
They also added CrowdSec recently. @Ylian the developer also releases YouTube videos covering a lot of these topics and how to implement.
-
@scottalanmiller said in Mesh Central:
@AdamF said in Mesh Central:
@scottalanmiller I am missing the 2FA option in the my account settings. I am missing something I suppose?
Because the name is dumb?
My Account >> Manage Authenticator App
Nope. I just didn't RTFM. By default, it is in WAN and LAN mode. You have to switch it to WAN mode and give it a valid DNS name. Then that option shows up.
-
@AdamF said in Mesh Central:
@scottalanmiller said in Mesh Central:
@AdamF said in Mesh Central:
@scottalanmiller I am missing the 2FA option in the my account settings. I am missing something I suppose?
Because the name is dumb?
My Account >> Manage Authenticator App
Nope. I just didn't RTFM. By default, it is in WAN and LAN mode. You have to switch it to WAN mode and give it a valid DNS name. Then that option shows up.
Oh right, been a long time since I did a new install. Forgot that they default to LAN. Why I wonder?
-
@syko24 said in Mesh Central:
They also added CrowdSec recently. @Ylian the developer also releases YouTube videos covering a lot of these topics and how to implement.
Says unavailable. I think because it is a channel and not a video but ML thinks it is a video link.
-
@scottalanmiller said in Mesh Central:
@syko24 said in Mesh Central:
They also added CrowdSec recently. @Ylian the developer also releases YouTube videos covering a lot of these topics and how to implement.
Says unavailable. I think because it is a channel and not a video but ML thinks it is a video link.
Yeah that was supposed to be to the channel. Here is the CrowdSec video. Lots great videos on his channel for setting things up.
-
Well, this tool is amazing and just works. Nice job @Ylian !
-
@AdamF said in Mesh Central:
Well, this tool is amazing and just works. Nice job @Ylian !
Yeah, it's definitely the best tool for this on the market. It's blown past everyone else. We are doing the AMT integration now and rolling out vPro anywhere that we can. It's just amazing.
-
@scottalanmiller said in Mesh Central:
@AdamF said in Mesh Central:
Well, this tool is amazing and just works. Nice job @Ylian !
Yeah, it's definitely the best tool for this on the market. It's blown past everyone else. We are doing the AMT integration now and rolling out vPro anywhere that we can. It's just amazing.
I know you use it for remote agents that are always installed (or at least I assume so), but are you also able to use it for "one off" remote sessions? For example, sometimes I will open a screen connect session for a quick support session. Then when finished, close the session, the end. Can we do that as well with MC?
-
@AdamF said in Mesh Central:
@scottalanmiller said in Mesh Central:
@AdamF said in Mesh Central:
Well, this tool is amazing and just works. Nice job @Ylian !
Yeah, it's definitely the best tool for this on the market. It's blown past everyone else. We are doing the AMT integration now and rolling out vPro anywhere that we can. It's just amazing.
I know you use it for remote agents that are always installed (or at least I assume so), but are you also able to use it for "one off" remote sessions? For example, sometimes I will open a screen connect session for a quick support session. Then when finished, close the session, the end. Can we do that as well with MC?
Yes, works fine for that. The end user just chooses "Run" instead of "install" and it works that way.
-
I have the agent running on 2 Pi's The 4 GB version of the Pi. The screen lag is incredibly SLOW. (running Raspian)
Installing an agent on my windows laptop (8GB ram) is incredibly responsive and quick. Are there some tweaks to run on the Pis to improve the screen lag for remote viewing? -
@AdamF said in Mesh Central:
I have the agent running on 2 Pi's The 4 GB version of the Pi. The screen lag is incredibly SLOW. (running Raspian)
Installing an agent on my windows laptop (8GB ram) is incredibly responsive and quick. Are there some tweaks to run on the Pis to improve the screen lag for remote viewing?It was 100% Pi related as suspected. Here's what I did to speed things up. (found on https://forums.raspberrypi.com/viewtopic.php?p=1983061&sid=eaf6504ffd4e15374cbd86907d954c67#p1983061)
in /boot/config.txt
uncomment this line:
hdmi_force_hotplug=1commented out these lines:
#dtoverlay=vc4-kms-v3d
#max_framebuffers=2Then the resolution was really low despite the VNC resolution set in raspi-config, so after setting the above and rebooting I then set the 'display options' resolution in raspi-config to be the same as the VNC resolution.
In my case I'm using 1920x1080, so that modified my config.txt to have these lines:
hdmi_group=2
hdmi_mode=82 -
@AdamF said in Mesh Central:
I have the agent running on 2 Pi's The 4 GB version of the Pi. The screen lag is incredibly SLOW. (running Raspian)
Installing an agent on my windows laptop (8GB ram) is incredibly responsive and quick. Are there some tweaks to run on the Pis to improve the screen lag for remote viewing?RP is pretty slow on that. The screen rendering on Linux for remoting isn't as robust.
4GB 32bit is the fastest option.
-
Make sure to update firmware.