A backstory. About 3 years ago, an elderly neighbor had fallen victim to a scammer that resulted in loss of money and a syskey locked system. The mess was cleaned up. I upgraded the HDD to an SSD, doubled the RAM, installed linux mint, chrome, ublock origin, I signed him up for a Google account to manage web logins and Google Drive for file backups. A cron job takes care of updates and he has a normal user account without sudo. Everything worked fine for the longest time but it seems for some reason chrome is starting to derp outā¦
Normally I would stop by after work to resolve any issues but he moved about 6 hours away. I tried to walk him through terminal on the phone but he is hard of hearing and TBH Iām scared with him running ANYTHING with elevated privilegesā¦
TL:DR
Elderly hard of hearing man having issues with linux and Iām not comfortable with him using elevated privileges in CLIā¦was thinking to switch him into either Windows 10 S mode or maybe OSX?
I wouldnāt install Win10, because that piece of junk tends to make way too much trouble (updates at the worst possible times, profiles suddenly being deleted, updates breaking the system, etc.).
As for OSX, I donāt use it, so I canāt say much about it. I guess itās designed to be āuser friendlyā (not my kind of user friendly though), so thatās a plus.
Personally I would stick with Linux and install some kind of remote management tool.
I never tried, TBH. Iām aware the folk at Bitscope (AU, where I got the -X tip from)) run a remote server with their software for people to experiment. But thatās via a browser IIRC. It works in a LAN, thatās for sure ('cause I tried) so theoretically, a WAN should work just as well. Besides, most config files in Linux are text anyway, so ssh will do just fine (and that includes Gecko based browsers, like FireFox, etc)
I guess it should work.
Is it possible to take over his x session, fix the problem and disconnect again so he can carry on where he left off or will ssh -X always start a new session?
New session. AFAIK you canāt take over a cli session, unless you physically take over the keyboard the original person was typing from
PS: never, ever, allow remote root logins for SSH, or any other login tool for that matter! Create a separate account (not the normal account of the user), log in remotely then escalate to root from there. Perform your support/maintenance then log out from both shells using the āexitā command!
I still feel like SSH isnāt the way to go here, because sooner or later you will need a GUI. Remember weāre talking about an elderly manās desktop here, not a server.
This is going a little outside of my own use case for it, but Iād propose itās worth mentioning x2go as something to look at. This can essentially facilitate an experience more remote-desktop-like when configured to āconnect to local desktopā - including your user being able to see what youāre doing.
This is via an ssh port (so if you wanted, you could setup key access only), the packages available in base debian, by default - are x2goclient (your side), x2goserver (theirs) - link, if itās not blocked - wiki.x2go.org .
I can connect for my use via cellular wwan with this, though I wonāt say itās magic (only science), itās enough to work with.
True, but not entirely. The admin side is done by the friendly (former) neighbour, who probably doesnāt need a GUI, if he learned the way of cli Linux admin.
Alternatively, if a GUI is mandatory, consider web-based admin tools, like Webmin. Thatās a completely different ballgame, especially when it comes with security issues (self-signed certs are not a good idea on the web!)
I was thinking about ssh but wouldnāt I need to configure port forwarding? I donāt have access to his router and Iām even less comfortable trying to walk him through that. Also his internet connection might not support a GUI remote connection like teamviewer very well. He lives on a farm out in the middle of nowhere.
I think maybe I was just at my wits end and was tempted to hand it off to Microsoft or Apple with a frickin 800 numberā¦ though I suppose its possible that the mac gets borked and would need an apple store genius or him somehow unlocking Windows out of S mode with some sort of step by step instructions from an irritated ātechneeshenā itching for that remote desktop connection.
Iām not a linux expert by any stretch of imagination. His internet is much too slow to do something like zoom or FaceTime so I do struggle trying to provide tech support over the phone trying to envision what he is seeingā¦
I found out today that he only turns his computer on if he needs it so I have a feeling that is why the cron job isnāt really keeping things up to date. I also believe I made the mistake of downloading Chrome and installing it through the browser so it probably never updates with the cron job either.
I may have him ship me the PC and get him switched to Ulyssa with the Cinnamon desktop and the browser to firefox which is baked in anyway. I guess I just need to sort out the auto update issue.
If you have to have SSH, it maybe safer to make it pass through only through OpenVPN/Wireguard to your home connection. That way it isnt open to the entire web.
you could VPN his computer to your network via a wireguard tunnel.
you could write a reverse-shell script that you can have him run if thereās a problem. āclick here for supportā or something like that. Iāve only ever done this with netcat, but Iām sure you could make it work with SSH.
Reverse shell would look something like this:
He clicks the script which runs a script like ssh -R 2222:localhost:22 [email protected] with ssh keys and whatnot. This should allow you to, from your PC, do ssh -p 2222 hisuser@localhost and connect to his ssh session.
Now, how to kill his original ssh session cleanly, Iām not really sure. You could have the authorized_keys file set up to make his session run a script that does something like read -p "To end the support session, press Enter". When that script exits, itāll close the session.
However, as long as you have an active connection on the SSH tunnel, the tunnel channel wonāt close.
Hmmm, I might want to actually look into how this could be implemented. Doesnāt seem too hard.
All good answers here but sometimes just keeping it KISS is sometimes better?
How much bandwidth we talking here? Dial up or?
I do something similar to this for my mother and basically have a VNC server on her computer and just have to wait a couple of seconds for refresh of the screen. TightVNC also has a 8bit colour mode that helps with low band width situations.
The more complex something becomes I find the more that goes wrong.
This gentleman have any younger people around him who can hear and you can talk them on how to get this stuff implemented?
You just made me realise I need to check my pc actually. sigh
It does seem a lot more viable than port forwarding plus it would work even if the ISP swaps the modem. The limitation would likely be meā¦ Iāve been wanting to learn about VPN tunneling for a while and this could be a good excuse to.
His Daughter visits but she isnāt very computer savvy either.
I donāt know the exact numbers but I believe it is an ADSL connection. Plenty to see his accounts to pay bills. But the last time I tried zoom, it would connect, freeze, then disconnect. I could see if maybe one of his kids or grand kids have a smart phone thoughā¦I didnāt really think of that.
As mentioned by Sgt reverse shell is probably the easiest to do in terms of having your ex-neighbor input it into the terminal once. Some tuning of the settings should enable it to crawl up even a pretty horrid connection too.