free software alternative to Teamviewer? [SOLVED]

GNUser · 2017-09-08 19:50:03

I managed to convince my mother-in-law to run Devuan Jessie with MATE on her laptop, which until now was running Windows Vista. It's installed and she's happy so far (phew!). The trouble is she knows nothing about GNU/Linux and lives almost 4 hours away, so I need a way to connect remotely to help her if needed.

I'm looking for a remote desktop application that would be dead-simple for her to use. Teamviewer would fit the bill perfectly except that it's proprietary and therefore I don't feel comfortable installing it on a family member's computer. (I have no specific reason to suspect Teamviewer of anything nefarious but, since it's proprietary, only the developers know for sure. Since it's my mother-in-law we're talking about here, my risk tolerance is extremely low.)

Is anyone aware of a free software remote desktop application that is similar to Teamviewer (i.e., works on GNU/Linux and is a no-brainer for a non-technical user to use)? I've already scoured the internet and didn't find anything obvious.

EDIT: The non-encrypted solution uses gitso. See post #12. Thanks for the recommendation, nixer!

EDIT 2: The encrypted solution uses my NERD script. See post #20. Thanks for the help, ralph.ronnquist!

Last edited by GNUser (2017-09-15 19:59:29)

nixer · 2017-09-08 20:16:04

https://anydesk.com/remote-desktop

This program was started by four people who used to work for Teamviewer. It functions just like teamviewer AND it has the ability for a user to access it without going through their servers. However, to be used in this mode, port forwarding must be configured. I have used it and I like it better than TV.

Edit: While this is a proprietary program, it has a free version which can be used "for five minutes or five hours".
What I did for my parent was to use it first like TV, and then I configured his port forwarding so that I can access it whenever I need to. All I need for him (father) to do is to go to a website and read me his ip address. Then I have no problem accessing his machine.

Last edited by nixer (2017-09-08 21:17:18)

GNUser · 2017-09-08 23:15:33

Thanks, nixer, but I'm looking for free as in free speech (libre), not free as in free beer (gratis). The combination of libre + easy to use is what's making the search challenging.

If all I needed were gratis + easy to use, I'd go with Teamviewer. The problem is that Teamviewer is not libre (i.e., it's proprietary/closed source) so I don't trust it enough to install it on someone else's computer.

Money is not the issue. The issue is trust.

Last edited by GNUser (2017-09-08 23:54:50)

fungus · 2017-09-09 00:00:05

nixer wrote:

All I need for him (father) to do is to go to a website and read me his ip address.

A while ago I used a script reading the ip, writing it to a file, then use a terminal based email to mail it to me.

nixer · 2017-09-09 00:32:58

Thanks, nixer, but I'm looking for free as in free speech (libre), not free as in free beer (gratis)

Fair enough, have you ever used gitso? It is in the repos. I have used it before and it is pretty fair. A brief intro is here. However, you will need to configure port forwarding (on your end) if behind a router.

GNUser · 2017-09-09 01:43:31

Configuring port forwarding on my end is no problem. I will give gitso a try. Thank you.

ralph.ronnquist · 2017-09-09 01:55:00

I suppose x11vnc accessed with xvnc4viewer via ssh is too old-fashioned?

fsmithred · 2017-09-09 14:28:52

ralph.ronnquist wrote:

I suppose x11vnc accessed with xvnc4viewer via ssh is too old-fashioned?

That's what I use. I even made a desktop icon that opens a window giving me the remote desktop. If it will work with reverse tunneling, OP doesn't have to drive 4 hours to configure MIL's router. She could even have a desktop icon that initiates the tunnel.

GNUser · 2017-09-09 17:59:42

@ralph.ronnquist @fsmithred - I'd love to learn that approach, catch is that I need to figure out how to set it up with reverse tunneling, the way gitso does it. I can't expect MIL to be of any help on her end. I'm going to have to chew on this.

I really appreciate all your input. Until this thread, I didn't even know that doing a reverse connection with all the configuration on the "helper" end was possible. That's exactly what I'm looking for!

Many thanks!

GNUser · 2017-09-09 19:25:10

@fsmithred, is there a how-to on getting this to work? If not, would you kindly share what would need to be running on my machine and what command mom-in-law would need to run?

I cannot do any configuration on her router, but could walk her through installing packages and doing minimal configuration on her laptop.

fsmithred · 2017-09-09 22:01:42

On your machine, install openssh-server. I'm not sure if that's needed on MIL's computer.

I haven't figured out how to combine the reverse tunneling with x11vnc. If you can't open a port on Mom's rounter (why not?) you can still get access, and you don't have to walk her through installing anything. (I think.) You will need to have port forwarding set up on your own router. Redirect port 22 to your computer.

You will need to walk her through this command:

ssh -X -R12345:localhost:22 gnuuser@gnuhost

After she does that, you can get shell access to her computer with :

ssh -X -p12345 mom@localhost

Get root and do whatever you need to do.

Some guides I looked at said you (MIL) should add -f and -N to the command to set up the tunnel, but I didn't do that in my tests. The -X means you can run x-apps that are installed on her machine.

Anyway, once you get in, if you think you'll be doing this again some time (i.e. if you don't set up port forwarding on her router) make a script that contains the command she uses to create the tunnel, make it executable, put it in /usr/local/bin/ then make a .desktop file that has the path to that script on the Exec line (look at examples) and put it with the others in /usr/share/applications, and it will appear in the apps menu. You could also put the .desktop file on her desktop if that's easier for her.

I haven't tried this yet, but her script might need to open a terminal and run the command inside the terminal. It might look like this:

#!/usr/bin/env bash

xterm -hold -e ssh -X -R 12345:localhost:22 gnuuser@gnuhost

If you want to see my notes on vnc over ssh (not reverse), go here and scroll down near the bottom of the page.
http://www.ibiblio.org/refracta/docs/Re … es_8.2.txt
If you have two machines at home, you can play with controlling two computers on opposite sides of the room or house without getting up. You would need to install x11vnc and a vncviewer. I use xtightvncviewr and Ralph uses a different one that I've never tried. And if we figure out how to do vnc with a reverse tunnel, (or if you open a port for ssh on the remote router) then MIL's computer will need x11vnc.

GNUser · 2017-09-10 01:59:26

I played around for many hours today. I was able to establish a reverse SSH connection, but couldn't get VNC to work over it.

However, I managed to get gitso to work and it is perfect for what I need: Nothing for my MIL to do other than type in my public IP address (which I'd tell her over the phone)

The problem was that despite forwarding of port 5500 being setup in my router and, on my laptop, "nmap <mylocalip>" showing 5500 open while gitso is running, a remote desktop connection could not be established. Also, canyouseeme.org kept saying that port 5500 was closed. I was on the verge of calling my ISP to see if they were blocking traffic on this port for some reason.

After hours going round and round, typing this into a terminal on my laptop fixed everything:

sudo iptables -I INPUT -p tcp -m tcp --dport 5500 -j ACCEPT

It's odd that nmap lies about the port being open. It's also odd that the kernel was blocking traffic on that port even though I'm not running a firewall on the laptop. (EDIT: It turned out that there was a firewall running on my laptop after all. "sudo ufw disable" turned it off, and now I no longer need the above iptables command.)

To summarize, gitso turned out to be exactly what I was looking for, and this is how to make it work:
1. Get a static local ip for your machine (many ways to do this--either through router or, probably easier, through your network manager)
2. Configure your router to forward port 5500 to your machine's static local ip (how to do this varies depending on your router firmware)
3. Make sure you don't have a firewall running on your machine (e.g., if "sudo ufw status" says firewall is active, do this: "sudo ufw disable")
4. Install gitso from Devuan's official repository, start it (in MATE, it shows up in the Internet submenu), chose "Give support"
5. Ask your friend who needs help to install gitso, start it, choose "Get help", and enter your public ip address (output of "wget http://ipinfo.io/ip -q -O -" on your machine)

Last edited by GNUser (2017-09-10 21:47:58)

nixer · 2017-09-10 03:15:22

Glad you got it working GNUser!

Thanks for the instructions that you used to get it working. I have not had the issue with the closed port before, but if I do I will know what to do to open that port.

GNUser · 2017-09-10 21:38:50

Thank you for the thoughtful recommendation, nixer. It turned out to be exactly what I was looking for

A quick follow-up: I discovered that the ufw package (firewall application) was installed on my laptop. Disabling the firewall with "sudo ufw disable" did the trick. I've updated the summary steps in post #12 accordingly.

I'm not sure how ufw ended up on my system. My guess is that ufw came with the Star live desktop iso that I used many months ago when I installed Devuan on this laptop.

Last edited by GNUser (2017-09-10 21:50:20)

ralph.ronnquist · 2017-09-10 22:52:21

... a bit sad to learn there was no magic

As for the reverse port forwarding, you might have overlooked the option of reverse-forwarding port 5900, which is the default port vnc uses for the :0 display. Though, with gitso working for you, there's no need to pursue this.

GNUser · 2017-09-11 00:50:29

@ralph.ronnquist - Haha, I think I found enough magic to go around! Read on...

There was one reason to keep pursuing the old-fashioned way: With gitso the connection is unencrypted. So I kept pushing and finally figured it out. It's a bit complicated--involves leaving two terminals open on each end--but it works, requires no configuration on helpee's end, is through an encrypted tunnel, and uses only free software. Totally worth my splitting headache

Setup:
- Packages on gnuser/helper's computer: ssh and vinagre
- Configuration on gnuser/helper's router: Forward ports 22 and 5500 to gnuser/helper's machine

- Necessary packages on motherinlaw/helpee's computer: ssh and x11vnc
- Configuration steps on motherinlaw/helpee's computer/router: none

Steps:
1. Helpee opens up a terminal:

motherinlaw$ x11vnc

2. Helpee opens up a second terminal:

motherinlaw$ ssh -R 7000:localhost:22 gnuser@<gnuser's public ip address>
[motherinlaw types gnuser's password]

Helpee leaves her two terminals open and waits.

3. Helper opens up a terminal:

gnuser$ ssh motherinlaw@localhost -p 7000
[gnuser enters motherinlaw's password]

4. Helper opens up a second terminal:

gnuser$ ssh -L 5901:localhost:5900 motherinlaw@localhost -p 7000
[gnuser enters motherinlaw's password again]

Helper leaves his two terminals open.

5. Now helper goes to application menu, internet submenu, and selects "Remote Desktop Viewer" (that's how vinagre shows up in the menus).
Click "Connect"
Choose "VNC" protocol
in Host window, type: localhost:5901
click Connect

Bingo!

Last edited by GNUser (2017-09-11 12:18:54)

ralph.ronnquist · 2017-09-11 01:32:08

If I may suggest a couple of "improvements" within that scheme, to in particular simplify the picture for the helpee.

Firstly that you set up key based authentication for helpee, to ssh to you without password.

Secondly that you set up ~/.ssh/config for helpee with a short logical hostname to your host. In that you would also reverse forward to both ports 22 and 5900 in the single ssh link. E.g. like the following stanza

Host help
   hostname ...
   user ...
   identityfile ...
   remoteforward 7000 localhost:22
   remoteforward 5901 localhost:5900

Thirdly a script for the helpee to run the two things as one:

ssh help & x11vnc

With the second forwarding, you, the helper, would only need to run vinagre against localhost:5901, or indeed xvnc4viewer against :1, and also have the ssh back link on localhost:7000.

GNUser · 2017-09-11 12:07:48

@ralph.ronnquist - I briefly played with this this morning. It is MUCH nicer than what I had proposed, but I needed to make two tweaks for it to work:

a. The 5901 <-> 5900 forwarding only seems to work if done from helper's computer
b. The ssh command on helpee's computer doesn't seem to like running in the background, so I reversed the order of the commands

In summary, a cleaned-up version of #16 would involve:

1. Setting up key-based authentication for helpee, to ssh to helper without password (see http://www.rebol.com/docs/ssh-auto-login.html). ~/.ssh/config on helpee's computer would look something like this:

Host help
   hostname <helper's public ip address>
   user gnuser
   identityfile ~/.ssh/myserver.rsa
   remoteforward 7000 localhost:22

2. Helpee runs this command in a single terminal and leaves the terminal open:

helpee$ x11vnc & ssh help

3. Helper runs this command in a single terminal and leaves the terminal open:

helper$ ssh -L 5901:localhost:5900 helpee@localhost -p 7000

4. Helper opens up vinagre and connects to localhost:5901 using VNC protocol

Last edited by GNUser (2017-09-11 12:12:44)

GNUser · 2017-09-11 12:15:42

Ralph, please forgive me for asking a newbie question (I don't have much experience with SSH).

Can you confirm that using this setup the VNC connection would be encrypted?

Last edited by GNUser (2017-09-11 12:16:28)

GNUser · 2017-09-11 16:44:54

I created this script for my own use, but thought I'd share.

If required packages (listed near top of the script) are installed, just run the script on both helper and helpee's machine, and it sets up a reverse SSH tunnel containing a reverse VNC connection (reversing the connections causes port forwarding to only be needed on helper's end, a big plus since helpees will probably not know how to setup port forwarding on their router).

#!/bin/bash

# No-config* Encrypted Remote Desktop (NERD), version 2.3
# * for helpee
# Author: Bruno "GNUser" Dantas
# License: GPLv3
# Last update: 18Sep2017

# Usage:
# To use this script, just run it in a terminal on both machines (as regular user, not root/sudo) and follow the prompts :)

# Rationale:
# This script sets up a remote desktop session using VNC, through SSH for encryption/privacy. All configuration is done on helper's end.

# Requirements/setup:
# Packages installed on helpee's machine: openssh-client, openssh-server, sshpass, x11vnc
# Configuration on helpee's router: none
# Configuration on helpee's computer: none
#
# Packages installed on helper's machine: openssh-client, openssh-server, sshpass, vinagre, nmap
# Configuration on helper's router: sshd listening port (default in /etc/ssh/sshd_config is port 22) forwarded to helper's local ip.
# Configuration on helper's computer: Firewall off (or firewall on with port 22 open)

# Note:
# If you don't want the sanity checks, feel free to comment out the "check-..." lines in the main function. 
# Without the sanity checks, nmap is not required to be installed on the helper's machine.

main()
{
	savefile=$HOME/.nerd
	sshd_port=22
	clear
	show-greeting
	ask-purpose
	load-variables
	if [ "$mode" = "helpee" ]; then
		check-internet
		check-dependencies ssh sshpass x11vnc
		check-sshd-running
		initial-instructions
		confirm helper_username
		confirm helper_password
		confirm helper_public_ip
	elif [ "$mode" = "helper" ]; then
		check-internet
		check-dependencies ssh sshpass vinagre nmap
		helper_public_ip=$(wget http://ipinfo.io/ip -q -O -)
		check-sshd-running
		check-sshd-port
		check-port-forwarding
		initial-instructions
		confirm helpee_username
		confirm helpee_password
	fi
	save-variables
	final-instructions
	connect
}

red='\033[0;31m'
green='\033[0;32m'
nc='\033[0m' # no color

terminal_width=$(tput cols)
pretty()
{
	fold -s -w $terminal_width
}

show-greeting()
{
	printf "Welcome to the No-config* Encrypted Remote Desktop\n* for helpee\n\n" | pretty
}

ask-purpose()
{
	while true; do
		read -n 1 -p "Will you get (g) or offer (o) help? [g/o] " -e ans
		case $ans in
			g) mode="helpee"; break;;
			o) mode="helper"; break;;
			q) exit 0;;
			*) echo "Please enter a valid choice or q to quit";;
		esac
	done
	echo ""
}

check-internet()
{
	printf '%-50s' "Checking for internet connection..."
	if ping -c 1 8.8.8.8 &>/dev/null; then
		printf "${green}PASS${nc}\n"
	else
		printf "${red}FAIL${nc}\n"
		printf "No internet connection. This script requires an internet connection.\n"
		exit 1
	fi
}

check-port-forwarding()
{
	printf '%-50s' "Checking for port $sshd_port forwarding..."
	local_response=$(timeout 1 ncat -v localhost $sshd_port 2>/dev/null | grep -i ssh)
	remote_response=$(timeout 1 ncat -v $helper_public_ip $sshd_port 2>/dev/null | grep -i ssh)
	if [ "$local_response" = "$remote_response" ] && grep -iq ssh <<<"$remote_response"; then
		printf "${green}PASS${nc}\n"
	else
		printf "${red}FAIL${nc}\n"
		echo "Port $sshd_port not forwarded correctly.
Things to check:
- Router is forwarding port $sshd_port to your machine's local ip?
- Your local ip matches the ip address in router's port forward rule?
- Firewall off (or on with port $sshd_port open) on your machine?
- VPN off?" | pretty
		exit 1
	fi
}

check-sshd-running()
{
	printf '%-50s' "Checking for running sshd..."
	if ps -ef | grep -q [s]shd; then
		printf "${green}PASS${nc}\n"
	else
		printf "${red}FAIL${nc}\n"
		echo "sshd is not running. Please install openssh-server and/or start it (on Devuan/SysVinit, it can be started with this command: sudo service ssh start)." | pretty
		exit 1
	fi
}

check-sshd-port()
{
	printf '%-50s' "Checking that script uses system's sshd port..."
	system_port=$(nmap localhost | grep ssh | grep -Eo "^[0-9]+")
	if [ $sshd_port -eq $system_port ]; then
		printf "${green}PASS${nc}\n"
	else
		printf "${red}FAIL${nc}\n"
		echo "Your sshd is listening on port $system_port, but this script is configured to use $sshd_port. Please change one or the other so that they match."
		exit 1
	fi
}

check-dependencies()
{
	for dep in "$@"; do
		printf '%-50s' "Checking for $dep..."
		if which $dep >/dev/null; then
			printf "${green}PASS${nc}\n"
		else
			printf "${red}FAIL${nc}\n"
			echo "Please install $dep then try again."
			exit 1
		fi
	done
}

initial-instructions()
{
	if [ "$mode" = "helpee" ]; then
		printf "\nTo initiate an encrypted remote desktop session, simply answer these three questions:\n\n" | pretty
	elif [ "$mode" = "helper" ]; then
		printf "\nYour public ip address is $helper_public_ip\n\n"
	fi
}

load-variables()
{
	if [ ! -f $savefile ]; then # initial/default values go here
		echo "helper_username='gnuser'
helper_password='linuxrocks'
helper_public_ip='123.45.123.45'
helpee_username='motherinlaw'
helpee_password='windowsnomore'" >$savefile
	fi
	. $savefile
}

confirm()
{
	var_name=$1
	current_value="$(eval echo \$$1)"
	read -n 1 -p "Is $var_name '$current_value'? [y/n] " -e ans
	if [ "$ans" = "n" ]; then
		read -p "Enter $var_name: " -e new_value
		eval $var_name=\"$new_value\"
	fi
}

save-variables()
{
	echo "helper_username='$helper_username'
helper_password='$helper_password'
helper_public_ip='$helper_public_ip'
helpee_username='$helpee_username'
helpee_password='$helpee_password'" >$savefile
}

final-instructions()
{
	if [ "$mode" = "helpee" ]; then
		printf "\nPress Enter to connect, then tell helper when things stop scrolling by in this terminal..." | pretty
		read
	elif [ "$mode" = "helper" ]; then
		printf "\nHelpee initiates the connection. Once they are connected, they'll say things have stopped scrolling by in their terminal. At that point, go ahead and press Enter to complete the connection and view/control their destkop..." | pretty
		read
	fi
}

connect()
{
	if [ "$mode" = "helpee" ]; then
		x11vnc & sshpass -p "$helper_password" ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -R 7000:localhost:$sshd_port "$helper_username"@"$helper_public_ip"
	elif [ "$mode" = "helper" ]; then
		{ sleep 3; vinagre localhost:5901; } & sshpass -p "$helpee_password" ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -L 5901:localhost:5900 "$helpee_username"@localhost -p 7000
	fi
}

main

Last edited by GNUser (2017-09-18 13:32:29)

fungus · 2017-09-11 21:42:38

motherinlaw milfpassword, I think you just have the hots for your mother in law. Which is OK

garyz.dev1 · 2017-09-12 19:27:02

@fungus - that was

initial_helpee_password="milpassword"
helpee_password_save_file=$HOME/.helpee_password

GNUser · 2017-09-15 20:10:11

I updated post #20 with a massively overhauled version of my script, which features:

1. Organization (go functions!)
2. Extensive, optional sanity checks--mostly to help "future me" get things working on my (helper) end
3. @fungus - Default/initial variable values less prone to optical illusions

BTW, I tried the script with firewall active on my machine and only port 22 open. Script worked. Script also worked with router forwarding nothing but port 22. I think this proves that the remote desktop session is traveling within the SSH tunnel.

Last edited by GNUser (2017-09-16 11:54:33)

The officially official Devuan Forum!

#1 2017-09-08 19:50:03

free software alternative to Teamviewer? [SOLVED]

#2 2017-09-08 20:16:04

Re: free software alternative to Teamviewer? [SOLVED]

#3 2017-09-08 23:15:33

Re: free software alternative to Teamviewer? [SOLVED]

#4 2017-09-09 00:00:05

Re: free software alternative to Teamviewer? [SOLVED]

#5 2017-09-09 00:32:58

Re: free software alternative to Teamviewer? [SOLVED]

#6 2017-09-09 01:43:31

Re: free software alternative to Teamviewer? [SOLVED]

#7 2017-09-09 01:55:00

Re: free software alternative to Teamviewer? [SOLVED]

#8 2017-09-09 14:28:52

Re: free software alternative to Teamviewer? [SOLVED]

#9 2017-09-09 17:59:42

Re: free software alternative to Teamviewer? [SOLVED]

#10 2017-09-09 19:25:10

Re: free software alternative to Teamviewer? [SOLVED]

#11 2017-09-09 22:01:42

Re: free software alternative to Teamviewer? [SOLVED]

#12 2017-09-10 01:59:26

Re: free software alternative to Teamviewer? [SOLVED]

#13 2017-09-10 03:15:22

Re: free software alternative to Teamviewer? [SOLVED]

#14 2017-09-10 21:38:50

Re: free software alternative to Teamviewer? [SOLVED]

#15 2017-09-10 22:52:21

Re: free software alternative to Teamviewer? [SOLVED]

#16 2017-09-11 00:50:29

Re: free software alternative to Teamviewer? [SOLVED]

#17 2017-09-11 01:32:08

Re: free software alternative to Teamviewer? [SOLVED]

#18 2017-09-11 12:07:48

Re: free software alternative to Teamviewer? [SOLVED]

#19 2017-09-11 12:15:42

Re: free software alternative to Teamviewer? [SOLVED]

#20 2017-09-11 16:44:54

Re: free software alternative to Teamviewer? [SOLVED]

#21 2017-09-11 21:42:38

Re: free software alternative to Teamviewer? [SOLVED]

#22 2017-09-12 19:27:02

Re: free software alternative to Teamviewer? [SOLVED]

#23 2017-09-15 20:10:11

Re: free software alternative to Teamviewer? [SOLVED]

Board footer