Need Recommendation: OS for elderly neighbor that no longer lives near me

A backstory. About 3 years ago, an elderly neighbor had fallen victim to a scammer that resulted in loss of money and a syskey locked system. The mess was cleaned up. I upgraded the HDD to an SSD, doubled the RAM, installed linux mint, chrome, ublock origin, I signed him up for a Google account to manage web logins and Google Drive for file backups. A cron job takes care of updates and he has a normal user account without sudo. Everything worked fine for the longest time but it seems for some reason chrome is starting to derp outā€¦

Normally I would stop by after work to resolve any issues but he moved about 6 hours away. I tried to walk him through terminal on the phone but he is hard of hearing and TBH Iā€™m scared with him running ANYTHING with elevated privilegesā€¦

TL:DR
Elderly hard of hearing man having issues with linux and Iā€™m not comfortable with him using elevated privileges in CLIā€¦was thinking to switch him into either Windows 10 S mode or maybe OSX?

Open to all feedback at this point reallyā€¦

I wouldnā€™t install Win10, because that piece of junk tends to make way too much trouble (updates at the worst possible times, profiles suddenly being deleted, updates breaking the system, etc.).
As for OSX, I donā€™t use it, so I canā€™t say much about it. I guess itā€™s designed to be ā€œuser friendlyā€ (not my kind of user friendly though), so thatā€™s a plus.

Personally I would stick with Linux and install some kind of remote management tool.

5 Likes

You mean like SSH? :stuck_out_tongue:

1 Like

I was thinking about something more like TeamViewer, because good luck trying to change browser settings via SSH.

1 Like

Hint: ssh -X xserver

2 Likes

Does that work reasonably well via a WAN connection?

I never tried, TBH. Iā€™m aware the folk at Bitscope (AU, where I got the -X tip from)) run a remote server with their software for people to experiment. But thatā€™s via a browser IIRC. It works in a LAN, thatā€™s for sure ('cause I tried) so theoretically, a WAN should work just as well. Besides, most config files in Linux are text anyway, so ssh will do just fine (and that includes Gecko based browsers, like FireFox, etc)

2 Likes

I guess it should work.
Is it possible to take over his x session, fix the problem and disconnect again so he can carry on where he left off or will ssh -X always start a new session?

It works horribly even over half gigabit WAN on both ends. Okish on full gigabit, but I definitely wouldnā€™t use X11 forward.

1 Like

New session. AFAIK you canā€™t take over a cli session, unless you physically take over the keyboard the original person was typing from :wink:

PS: never, ever, allow remote root logins for SSH, or any other login tool for that matter! Create a separate account (not the normal account of the user), log in remotely then escalate to root from there. Perform your support/maintenance then log out from both shells using the ā€œexitā€ command!

1 Like

Sounds pretty reasonable. :laughing:

I still feel like SSH isnā€™t the way to go here, because sooner or later you will need a GUI. Remember weā€™re talking about an elderly manā€™s desktop here, not a server.

2 Likes

This is going a little outside of my own use case for it, but Iā€™d propose itā€™s worth mentioning x2go as something to look at. This can essentially facilitate an experience more remote-desktop-like when configured to ā€˜connect to local desktopā€™ - including your user being able to see what youā€™re doing.

This is via an ssh port (so if you wanted, you could setup key access only), the packages available in base debian, by default - are x2goclient (your side), x2goserver (theirs) - link, if itā€™s not blocked - wiki.x2go.org .

I can connect for my use via cellular wwan with this, though I wonā€™t say itā€™s magic (only science), itā€™s enough to work with.

2 Likes

True, but not entirely. The admin side is done by the friendly (former) neighbour, who probably doesnā€™t need a GUI, if he learned the way of cli Linux admin.

Alternatively, if a GUI is mandatory, consider web-based admin tools, like Webmin. Thatā€™s a completely different ballgame, especially when it comes with security issues (self-signed certs are not a good idea on the web!)

1 Like

you need a lot of bandwidth for remote x.


Also, OP, I would absolutely not cron updates on any deb based system. Thatā€™s asking for trouble.

1 Like

Thanks all for the replies so far

I was thinking about ssh but wouldnā€™t I need to configure port forwarding? I donā€™t have access to his router and Iā€™m even less comfortable trying to walk him through that. Also his internet connection might not support a GUI remote connection like teamviewer very well. He lives on a farm out in the middle of nowhere.

I think maybe I was just at my wits end and was tempted to hand it off to Microsoft or Apple with a frickin 800 numberā€¦ though I suppose its possible that the mac gets borked and would need an apple store genius or him somehow unlocking Windows out of S mode with some sort of step by step instructions from an irritated ā€œtechneeshenā€ itching for that remote desktop connection.

Iā€™m not a linux expert by any stretch of imagination. His internet is much too slow to do something like zoom or FaceTime so I do struggle trying to provide tech support over the phone trying to envision what he is seeingā€¦

I found out today that he only turns his computer on if he needs it so I have a feeling that is why the cron job isnā€™t really keeping things up to date. I also believe I made the mistake of downloading Chrome and installing it through the browser so it probably never updates with the cron job either.

I may have him ship me the PC and get him switched to Ulyssa with the Cinnamon desktop and the browser to firefox which is baked in anyway. I guess I just need to sort out the auto update issue.

If you have to have SSH, it maybe safer to make it pass through only through OpenVPN/Wireguard to your home connection. That way it isnt open to the entire web.

3 Likes

You have a couple options here.

  1. you could VPN his computer to your network via a wireguard tunnel.
  2. you could write a reverse-shell script that you can have him run if thereā€™s a problem. ā€œclick here for supportā€ or something like that. Iā€™ve only ever done this with netcat, but Iā€™m sure you could make it work with SSH.

Reverse shell would look something like this:

He clicks the script which runs a script like ssh -R 2222:localhost:22 [email protected] with ssh keys and whatnot. This should allow you to, from your PC, do ssh -p 2222 hisuser@localhost and connect to his ssh session.

Now, how to kill his original ssh session cleanly, Iā€™m not really sure. You could have the authorized_keys file set up to make his session run a script that does something like read -p "To end the support session, press Enter". When that script exits, itā€™ll close the session.

However, as long as you have an active connection on the SSH tunnel, the tunnel channel wonā€™t close.

Hmmm, I might want to actually look into how this could be implemented. Doesnā€™t seem too hard.

I donā€™t knowā€¦ Does this seem viable?

2 Likes

Hello friend.

All good answers here but sometimes just keeping it KISS is sometimes better?

How much bandwidth we talking here? Dial up or?

I do something similar to this for my mother and basically have a VNC server on her computer and just have to wait a couple of seconds for refresh of the screen. TightVNC also has a 8bit colour mode that helps with low band width situations.

The more complex something becomes I find the more that goes wrong.

This gentleman have any younger people around him who can hear and you can talk them on how to get this stuff implemented?

You just made me realise I need to check my pc actually. sigh

1 Like

It does seem a lot more viable than port forwarding plus it would work even if the ISP swaps the modem. The limitation would likely be meā€¦ Iā€™ve been wanting to learn about VPN tunneling for a while and this could be a good excuse to.

His Daughter visits but she isnā€™t very computer savvy either.

I donā€™t know the exact numbers but I believe it is an ADSL connection. Plenty to see his accounts to pay bills. But the last time I tried zoom, it would connect, freeze, then disconnect. I could see if maybe one of his kids or grand kids have a smart phone thoughā€¦I didnā€™t really think of that. :thinking:

1 Like

As mentioned by Sgt reverse shell is probably the easiest to do in terms of having your ex-neighbor input it into the terminal once. Some tuning of the settings should enable it to crawl up even a pretty horrid connection too.

1 Like