How make ssh / remote administration more "transparent"?

whoops · 2010-11-28 09:49:27

Hi!

I'm trying to make remote administration process more transparent to the user on the server side. Not sure how to get started...

Of course I can just leave the ssh daemon disabled, so the user has to start it manually. But that's not really that clear for someone who is used working with GUI's and they might constantly wonder "Is it on? am I 'alone'?". I've seen people get "insane" because they couldn't figure out, if their webcam is on or off... wouldn't want that to happen with something that you can't actually just disconnect from the machine and lock inside a trunk .

So I'm thinking of using some GUI, maybe a "system tray indicator"... not sure... something that looks really obvious: "AHA!". Maybe put something on an usb stick that is then needed to activate "remote administration mode"? Then again, that would be another thing that could break and I hate it if "the key element to fixing stuff without getting out of my house" breaks -.-...

How are you doing things like this - any suggestions, software / (AUR) packages I should take a look at?

Thanks!

Last edited by whoops (2010-11-28 09:50:23)

ctarwater · 2010-11-28 10:52:12

While not exactly what you're looking for, krfb is a great and simple gui used to start/stop vnc connections.

The user can just run it click a button to generate a temporary password and you enter it when you connect with any vnc program (it only allows the first connection by default). You can also choose to enter a "permanent" password or set it all up to go through ssh as well.

Last edited by ctarwater (2010-11-28 10:54:32)

whoops · 2010-11-28 12:33:07

Thanks! Haven't worked at all with that vnc stuff so far, but I'll definitely have a look at it if I fail to find a satisfying solution that's more like "default ssh" on my / the client side. One problem with this "krfb-thing" might be, that it requires a working xserver judging by the sound of it?

Mmmmh... so many possibilities of how to do this but no idea which one is a good one...

GerBra · 2010-11-28 13:25:18

whoops wrote:

Mmmmh... so many possibilities of how to do this but no idea which one is a good one...

That's the "pain of freedom" ;-)

IMHO you must set priorities based on your tasks done on remote machines.

First:
No one should be able to shutdown network connection and reboot/shutdown the machine while you work via ssh
Sometimes it could be neccassary that no one could do (new) logins while you work via ssh.
Both steps could be handled with shutdown (see manpage), also a base "notification" could be done with.
In some evironments i use a procedere with replacing rc.shutdown in /etc/inittab with a rc.maintance. Therein i could start several things to warn/inform users or disable halt/reboot.

Second task is if you want/have to inform users that maintance is currently done. You could use standard unix tools like wall to broadcast to any (X)terminal session. In something like above rc.maintance you could modify /etc/issue and /etc/motd to give information to the (new) user. You could use xmessage to display messages on each DISPLAY currently active...

sshd: Best practice is IMHO that sshd is running always as daemon, waiting for you to login. So no need for your users to initiate something before you could connect. If the remote PC is down or user don't want to have "something listen in my network" than this is IMHO more a social than a technical problem, which need a social solution.

ctarwater · 2010-11-28 13:26:39

ah, yeah, forgot about that. It does require a working xserver.

whoops · 2010-11-28 14:31:04

GerBra wrote:

sshd: Best practice is IMHO that sshd is running always as daemon, waiting for you to login. So no need for your users to initiate something before you could connect. If the remote PC is down or user don't want to have "something listen in my network" than this is IMHO more a social than a technical problem, which need a social solution.

Yes, I guess that's about the main point of my problem... in many cases there's a technical side to this social problem: there still needs to be an obvious indicator or switch of some sort on the server side. Like a door - the person inside can pretend to be "safe" and the person outside knows that "knocking" is the right thing to do instead of just walking into the room. Doesn't matter if the door is just made of paper, works fine too for both sides . And if it requires opening from the inside (unless you want to be "rude" & secretly break it) all the better.

whoops · 2010-12-03 11:38:24

So, my currently favoured idea looks like this:

Put a starter for the script in the panel (p.e.: terminal -e "/home/ssh-script")

speaker-test > /dev/null &
echo "Enabling remote control. Close window or press strg+c to stop."
sudo /usr/sbin/sshd -Dd

Pretty simple and should do the trick... didn't test it yet though. Any better ideas before I start deploying something like this?

Last edited by whoops (2010-12-03 11:39:05)

Arch Linux

#1 2010-11-28 09:49:27

How make ssh / remote administration more "transparent"?

#2 2010-11-28 10:52:12

Re: How make ssh / remote administration more "transparent"?

#3 2010-11-28 12:33:07

Re: How make ssh / remote administration more "transparent"?

#4 2010-11-28 13:25:18

Re: How make ssh / remote administration more "transparent"?

#5 2010-11-28 13:26:39

Re: How make ssh / remote administration more "transparent"?

#6 2010-11-28 14:31:04

Re: How make ssh / remote administration more "transparent"?

#7 2010-12-03 11:38:24

Re: How make ssh / remote administration more "transparent"?

Board footer