[kwlug-disc] Sharing desktop in Xubuntu

Paul Nijjar paul_nijjar at yahoo.ca
Sun Aug 24 06:05:30 EDT 2014 

We are doing a refresh of our installation mechanisms at Computer
Recycling. One thing I would like to support is being able to securely
help people with their Linux installs remotely. The best solution I
know of is proprietary: TeamViewer, which has the following
advantages: 

- Once TeamViewer is installed on the client, it is easy for customers
  to share their desktops. They just run the program and tell us the
  access code. 
- The program is only running when people need support.
- From what I understand, communications are encrypted.
- The users do not need to forward ports or expose anything on the
  Internet.
- The technician is not bound to using any particular machine for
  seeing the remote desktop connection -- anything which supports the
  TeamViewer client will work.
- If necessary the technician can take control of the customer
  desktop. 

I would like to find something FLOSSy that comes close to this
functionality. I know some of you have this issue as well, so maybe
some of you have solutions I can steal. But the problem seems more
difficult than it looks. 

For example, in a previous KWLUG presentation Gordon Dey said that he
opens up SSH on the computers he takes care of, and uses some kind of
dynamic DNS thing to connect into those computers when he needs to
connect in. That is not a terrible solution, but it does not work for
us: it essentially makes a backdoor that could be exploited, and we
are not doing full-time systems administration for every machine. 

Here are some of the things I have been thinking of: 

- There is a program called pigterm (http://pigterm.sf.net) which uses
  XMPP to establish terminal connections between two computers. This
  might work if we establish a Jabber server someplace (which I guess
  we could, since we have a Linode). 

- Similarly, GNOME supposedly supports desktop screen sharing via its
  Empathy client, but that does not work for us because we typically
  are not installing GNOME on client machines.

- There is some Chrome extension called "Chrome Remote Desktop" which
  would require installing Chromium and the extension on these
  computers. This might be the best alternative, but Google creeps me
  out.

- There is some concept called "Reverse VNC" which allows the
  customer's computer to make an outgoing connection to the technician
  machine, and then the technician machine can see the customer
  computer. There is a program called x11vnc which supposedly makes
  this easier. But this requires us to open up some port on our
  network, which is suboptimal for us. 

- I keep thinking vague fuzzy thoughts about SSH tunnels. I could
  potentially install a public key for some server on each client
  machine, and then when people want support they could click a
  shortcut that would make an SSH connection to a server. Either this
  means opening up a port on our network again, or we have to use an
  external server like our Linode to serve as a broker (after which it
  would hopefully make a direct connection between us, which is even
  vaguer and fuzzier to me). 

- Drawing on another KWLUG presentation, maybe we set up a
  BigBlueButton server, which supports desktop sharing. But
  BigBlueButton has very high bandwidth requirements, which we cannot
  provide. Also the client sharing the desktop needs Java installed. 

I really ought to be writing out this email AFTER I have come up with
a well-tested solution, but I am hoping that somebody else has solved
this problem for me already. 

- Paul


-- 
http://pnijjar.freeshell.org

More information about the kwlug-disc mailing list