Sunday, February 10, 2008

Zero Config User Initiated Cross Platfrom Remote Desktop Assistance

Use Case
you frequently give remote assistance to users in very heterogeneous environments

Problem
user-side firewalling makes it impossible to just start up e.g. a vnc server.

Solution
let the user initiate a ssh tunnel from his machine to yours, forwarding his local vnc server port.

Rationale
it is way easier for you to allow for incoming traffic once than it is to do the same on every user's machine.

Implementation
Server
enable your sshd and create a dedicated help user with shell /bin/false
Client
use a shell script to start the vnc server and the ssh tunnel. this is only non-trivial for windows, so I shall outline that below.
Extensions
  • use a private/public key pair for ssh authentication
  • use a different server user for each supported user
  • automatically react on incoming ssh sessions
Esp. the last one is interesting: you can tell people to "just click on the support button when you need help" and you will get instant notification with direct access to their desktop.

Appendix: Client on Windows

  1. Download the tightvnc zip distribution, unzip
  2. Download plink (the putty ssh command line client) and save it into the vnc folder
  3. start winvnc.exe
  4. enter a password (you will use this later when using your vnc client to connect to the user's machines), fix the port to 5900, quit the application
  5. startup regedit
  6. add a dword key "AllowLoopback" with value 1 to LOCAL_MACHINE\Software\ORL\WinVNC3
  7. export LOCAL_MACHINE and CURRENT_USER\Software\ORL to vnc.reg and vnc2.reg in your vnc folder
  8. close regedit
  9. create the batch file and zip the whole directory for distribution:
create a file run.bat in your vnc directory that contains the following lines:

reg import vnc.reg
reg import vnc2.reg
taskkill /F /IM winvnc.exe
start winvnc -run -shareall
plink helpaccount@my.dns.org -pw helppassword -N -R 5900:localhost:5900
where helpaccount and helppassword match the local account you created on your server and my.dns.org is your server's hostname.
after running this script, you should be able use a vnc viewer to connect to localhost on your server and see the client's screen. you will want to set -compress 9 -encoding tight explicitly to tune the connection.
Posted by at

1 comment:

Anonymous said...

An easier alternative would be to use RHUB http://www.rhubcom.com/ remote assistance, which works even through strong firewalls and lockdown systems. This appliance does not necessitate clients to make changes to their firewall settings for remote access. All the client needs to do is switch on the system and activate the Internet. You have instant control over the remote system to render assistance.

January 18, 2010 at 11:29 AM

Post a Comment

Subscribe to: Post Comments (Atom)