2009-06-06 17:35 README Page 1 # Company: PowerCraft Technology # Author: Copyright Jelle de Jong # Note: Please send me an email if you enhanced this document # Version: 0.0.3 # Date: 2009-02-03 / 2009-06-06 # This document is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 3 of the License, or # (at your option) any later version. # # This document is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, # MA 02110-1301, USA. ------------------------------------------------------------------------ +----------------+ +----------+ +--------------+ +----------+ | user0 |--------| firewall |--------| internet www |--------| firewall | | ip: unknown | +----------+ +--------------+ +----------+ | ssh access to: | | | | server0 | +----------+ +---------------------+ +----------------+ | firewall | | server0 | +----------+ | ip: 84.245.3.xxx | +----------------+ | | provided access to: | | admin0 |------------------------------------+ | user0 | | ip: unknown | | admin0 | | ssh access to: | | admin1 | | server0 | +---------------------+ +----------------+ | | +----------------+ | | admin1 |----------------------------------------------------------+ | ip: unknown | | ssh access to: | | server0 | +----------------+ ------------------------------------------------------------------------ # all of the support scripts run on the client0 side. The admin0 that is # providing remote support, only needs to have a ssh client, and the ssh # commands to login the client0 side through the created ssh tunnel. # if the admin0 does not know the right ssh commands he can look them up # in this README, see example0 for an example support session. # there needs to be an user account that can be used for the establishing # of the ssh tunnel on the gateway server. see the below adduser command. ------------------------------------------------------------------------ # notes: # use F8 inside vnc session to show options like exit or fullscreen toggle # xtightvncviewer can have some issues with the grapkeyboard and the # window manager, killing the window manager solves this issue, # xtightvncviewer is the fastest when you want usable colors # xvnc4viewer is somewhat slower and uses some auto bandwidth control but # does not have issues with the grapkeyboard and window manager # vinagre and tsclient are easy gtk+ applications, but they are very unhandy # when connection to a clien0 vnc server thas has a bigger screen resolution # than the admin0 client has, it will have issus when scrolling. # bugreports: # http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510351 # http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510349 # gnome ssh tunnel manager # http://sourceforge.net/projects/gstm/ ------------------------------------------------------------------------ # example0: PowerCraft Technology support system # client0 that needs help pct-support-login # pct-support-login --user support01 --server powercraft.nl --port 9999 # admin0 that is giving help to client0 # forwards the port 9999 of support server to port 22 of admin0 ssh -f -N -L 2222:127.0.0.1:9999 admin0@powercraft.nl # enter password # admin0 logs into the client0 that needs help # use the username of the client0 system ssh -p 2222 -X -Y -C client0@localhost # enter password # admin0 starts a vnc session pct-support-admin # pct-support-admin --password support01 --mode 2 # pct-support-admin --config admin0 # notes: # removing line 3 in known_hosts file sed -i 3d ~/.ssh/known_hosts # staring ssh without host checking # http://www.securityfocus.com/infocus/1806 ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -p 2222 -X -Y -C client0@localhost ------------------------------------------------------------------------ # support01:x:1000:1003::/home/support01:/bin/false ssh jelle@powercraft.nl su - adduser support01 --no-create-home --shell /bin/false passwd support01 # change passord after every support session ------------------------------------------------------------------------ # example1: PowerCraft Technology support system # debian packages are available on powercraft.nl apt-repository # deb http://www.powercraft.nl/debian sid main contrib non-free # apt-get install pct-support-scripts # client0 that needs help # forward ssh port 22 to port 9999 of support server ssh -f -N -R 9999:127.0.0.1:22 support01@powercraft.nl # enter provided password # admin0 that is giving help to client0 # forwards the port 9999 of support server to port 22 ssh -f -N -L 2222:127.0.0.1:9999 jelle@powercraft.nl # enter password # admin0 logs into the client0 that needs help ssh -p 2222 -X -Y -C username@localhost # enter password # admin0 installs vncserver and viewer on client0 sudo apt-get install x11vnc xtightvncviewer xvnc4viewer # admin0 starts fresh vncserver with the password: support # use screen to start x11vnc in client0 background x11vnc -remote shutdown x11vnc -storepasswd support ~/.vnc/passwd x11vnc -rfbauth ~/.vnc/passwd -shared -forever -localhost -noxrandr -display :0 # screen -d -m -S vncserver x11vnc -rfbauth ~/.vnc/passwd -shared -forever -localhost -noxrandr -display :0 # screen -r vncserver # C-a a d # admin0 logs into the vnc session and shares the same desktop as the client0 # admin0 gives password: support # recommended applications from high to low # xvnc4viewer -FullScreen -LowColourLevel -Shared localhost:0 # xvnc4viewer -FullScreen -LowColourLevel=1 -AutoSelect=0 -Shared localhost:0 xtightvncviewer -shared -fullscreen -compresslevel 9 -quality 0 -bgr233 localhost:0 # vinagre # tsclient ------------------------------------------------------------------------ # example2: PowerCraft Technology support system pct-support-chat # pct-support-chat --nick myownnick --admin mycontactadmin --server myircserver # pct-support-chat -n support24214732 -a tuxcrafter -s chat.freenode.net ------------------------------------------------------------------------ # example3: PowerCraft Technology support system # step 0: sudo apt-get install openssh-server screen irssi sudo /etc/init.d/ssh start irssi --connect=chat.freenode.net --nick=support0001 /msg tuxcrafter request support # step 1: /etc/init.d/ssh start # step 2: ssh -f -N -R 9999:127.0.0.1:22 support0@server0 # step 6: screen -x support exit ------------------------------------------------------------------------ [Desktop Entry] Encoding=UTF-8 Name=Support Login Name[nl]=Support Login GenericName=Support Login GenericName[nl]=Support Login Exec=xfce4-terminal -e pct-support-login --user user0 --server example.org Icon=network-receive.svg Terminal=false StartupNotify=true Type=Application Categories=System ------------------------------------------------------------------------ [Desktop Entry] Encoding=UTF-8 Name=Support Chat Name[nl]=Support Chat GenericName=Support Chat GenericName[nl]=Support Chat Exec=xfce4-terminal -e pct-support-chat --nick user0 Icon=/usr/share/icons/gnome/scalable/actions/help-faq.svg Terminal=false StartupNotify=true Type=Application Categories=System ------------------------------------------------------------------------ [Desktop Entry] Encoding=UTF-8 Name=Remote Support Name[nl]=Hulp op Afstand Comment=Get visual remote support all around the world Comment[nl]=Ontvang visuele hulp op afstand vanaf elke werkplek Exec=pct-support-login Icon=network-receive.svg Terminal=true Type=Application Categories=GNOME;Application;Core; StartupNotify=true X-Ubuntu-Gettext-Domain=gnome-panel-2.0 ------------------------------------------------------------------------