Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×
The Internet

Easy Remote Access? 99

Posted by Cliff from the for-those-of-us-that-tech-support dept.
TinyApps asks: "How do Slashdot readers make remote connections through firewalls and NAT routers when assisting friends/family/customers? Reverse VNC connection are relatively easy to setup, but there is also the free LogMeIn and WebEx's new free service that startstarted, this week. Do you all have any other ideas?"
This discussion has been archived. No new comments can be posted.

Easy Remote Access? More

Easy Remote Access?

Comments Filter:
  • vnc works fine. i usally do a linux firewall and vnc in to it and then on to whatever i need on the network not pretty but it works
  • Tunnel X through ssh.
    • I always use SSH to get in, but I don't necessarily tunnel X. In my experience, VNC and RDP handle medium-bandwidth connections (upstream capped) connections better.
      • You SSH into your friends, clients, and family's machines? They ALL run SSH? Hrm. I can never get my mom run SSH on her windows 98 machine.

  • The old fashioned way... (Score:3, Funny)

    by tibike77 ( 611880 ) <.moc.oohay. .ta. .zemagekibit.> on Wednesday January 26, 2005 @03:01AM (#11477788) Journal
    ...use a (cell)phone and talk to the user in front of the other computer :P

    A joke ? In some cases, yes (I meant the other user, har har).
    Secure ? Depends on the user on the other end too ;)

  • Remote assistance (Score:3, Informative)

    by Dr.Opveter ( 806649 ) on Wednesday January 26, 2005 @03:04AM (#11477800)
    On XP Remote assistance works well, you instruct them to go Start -> Help & Support -> Ask for assistance.
    On other windows platforms i've been able to help people out with Netmeeting as well.
    Otherwise VNC works fine..

    • Re:Remote assistance (Score:5, Informative)

      by Cyberop5 ( 520141 ) * on Wednesday January 26, 2005 @03:37AM (#11477920) Homepage Journal
      If you have Windows XP Professional, Microsoft Terminal Services is awesome, even over some slower connections. You can map the drives and printers to the computer you're on you can access any of your local files remotely or print remote files to a closer printer.

      You can activate it by enabling remote desktop from the System Properties dialog and adding whichever users you want to be able to use it. It uses port 3389 so you'll need to open it with whatever firewall you're using. Any windows XP machine has the client by default. Simply go to start, run, and type mstsc. Linux has a client called rdesktop, although its not as great as Microsoft's last I checked. Other Windows versions can run the client off the XP install CD or downloadable from microsoft. I keep a copy on my thumb drive.

      Also, netmeeting is still avaible on windows XP by running the program conf.exe. It'll start the netmeeting wizard then launch the program subsequently.
      • You're quite right about the Terminal Services. I use them to admin some of my own Windows XP machines all the time. It does indeed feel speedy even on dial-up connections usually.

        So if your friend/family/customer runs Windows XP Professional and you foresee future remote access to the machine will be needed, set up the Terminal Services for them. You don't even have to run it over port 3389 if that's a problem, you can configure it to run on any free port (except i think port 21 didn't work well for some
        • I use an SSH tunnel to push my RDP connection through my work's firewall so that I can access my work machine from home, and since I have a similar arrangement at home, (Linux-based firewall on a cheap Poweredge 350) I can pretty much do the same the other way as well.

          Let me tell you, that's a real life saver on occasion.

          Though, I'm curious-- does anyone know if Mac OS X supports RDP? Not as a client, I mean, but is there a RDP server built-in? I've been looking at the Mac Mini, and it'd be really nice to
          • Though, I'm curious-- does anyone know if Mac OS X supports RDP? Not as a client, I mean, but is there a RDP server built-in?

            Unfortunately, there's no RDP server available for the Mac (and I've looked pretty hard for one). I have a G3 that I use as an HD PVR, and I use VNC to access it -- like you, I'd much rather use RDP.
        • opening up the RDP service to the internet? i'm sure you could use ssh etc etc but what'd be really useful is being able to connect to an non-tech savvy users' pc without extra installs on their end...just opening up the ports for RDP on the firewall sounds pretty dangerous...
        • Forgive me for asking a complete noob question, but here goes...

          Does Terminal Services allow two separate users to run two separate sessions, or are the local and remote users stuck staring at the same screen?

          If the local and remote sessions are different, is the client and server both free, or do you have to pay M$ some $$$?

          If the local and remote sessions are the same, what is the cheapest (preferably free) alternative to allow local and remote users to work separately? Does VNC do this (I suspect not
          • There are actually 3 versions of Terminal Services

            1. Terminal Server: This requires a server OS (W2K Server, W2K3, NT Server), and a license server. You can have as many sessions as you have licenses. (either per user or per seat).

            2. Terminal Services for Administration. This comes with the Server OS. You are limited to the console session and two remote sessions.

            3. Remote Desktop. Comes with XP Pro. You can have a remote session if it is the same as the logged in user. Otherwise, the logged in user will
            • Bummer. I only have XP pro. I was hoping that I could have myself and my wife work at the same time on the same computer (me on the machine, my wife on a thin client)

              Does anybody know the cheapest way to accomplish this (preferably free)?
              • Option one: Buy a Jetway MiniQ MagicTwin SFF rig, and throw XP on it. Plug two sets of monitors, keyboards, and mice in, and voila, you've got a 2-user XP rig.

                Option two: Ditch XP, and (free if you don't want Windows Update) grab a copy of Server 2003. Install it on the XP box. Use the other box as a thin client.

                Option three: Ditch XP, and use Linux. Unfortunately, you're screwed if you want to use many Windows apps.
              • You can get WinConnect Server XP. It allows Winders XP to have more than user active. You can have up to 21 RDP connections and still be using the desktop. It may not be fast or usable with that much load, but it can be done.
                • Thanks for the info. But that version is $299. I might as well get an eMachine for that type of money.

                  I am surprised that nobody makes one for $49.99 (plus the free Ginsu knives and bamboo steamer).

                  Hint: Great business opportunity for one very skilled coder with too much time!

              • Re:Remote assistance (Score:3, Informative)

                by DA-MAN ( 17442 )
                Go here:
                http://sig9.com/articles/concurrent-remote- desktop

                Get this file:
                http://sig9.com/files/termserv.zip

                Multiple Users for free on XP Pro!!!
              • This might work http://profiles.indesolutions.com/paul/tech/archiv es/000064.html
          • The terminal services server combined with roaming profiles works pretty well. I say pretty well because roaming profiles in w2k server has some quirks to it.
            A few of my users work from home when they're on call. Roaming profiles + terminal services means they get the exact same desktop/icons/email settings/bookmarks/etc at home that they do at work. Each user gets their own screen that cannot be viewed by any other remote user or even from the server itself. They can even print to their printer at home fro
      • Yup, terminal services works great. Just remember to set a strong password on the accounts allowed to remote in. Home users are notoriously lax about choosing passwords. I just wish those home broadband routers could restrict incoming connections by source IP for a little extra security.

  • Trust (Score:4, Insightful)

    by tonsofpcs ( 687961 ) <slashback@NOSPAm.tonsofpcs.com> on Wednesday January 26, 2005 @03:14AM (#11477846) Homepage Journal
    I use VNC [realvnc.com]. I do not trust those companies that offer the service of allowing you to log into your own pc remotely, using a password that is stored in their database. But hey, I'm paranoid in that I don't like big corporations having a way to get into my pc.

  • Run VNC over a VPN. (Acronyms!) (Score:4, Informative)

    by Futurepower(R) ( 558542 ) on Wednesday January 26, 2005 @03:25AM (#11477886) Homepage

    Set up a VPN, which you need anyway to automate the transfer of files and do automated registry maintenance on Windows computers.

    Then run VNC, such as TightVNC or UltraVNC over the VPN. If the VPN is secure, and remote network is not suspect, then VNC over the VPN is secure.

    Beware, however, of Netgear's VPN routers. In my experience they are quirky and the technical support is very, very poor.

    I have questions myself. What is the best way to form a VPN? What is the best VNC?

  • How to do it (Score:1, Informative)

    by Anonymous Coward
    1) Compile up a custom UltraVNC server that reads the initial settings (which should be pretty much disabling all listening and ability to accept connections, etc) out of an ini so that it does not prompt the user for a bunch of confusing settings and instead immediately throws up the 'add new client' dialog box (with the form prefilled of course). Also, your custom compile should use the RC4 crypto plugin with some pregenerated keys. It's a little insecure but better than nothing. Bonus points to regenerat

  • RADMIN always works (Score:3, Interesting)

    by jptechnical ( 644454 ) on Wednesday January 26, 2005 @03:52AM (#11477973) Homepage
    It isnt free but it ALWAYS works. You can even run it with only 2 files without an install. All you need is r_server.exe and adm(something).dll.

    Myself and some other IT workers (different companies) use it constantly. One of the nice features is you can connect through one computer with the open port and bounce to the others in the local lan.

    If you haven't tried it you should at least download and install it. It has a 30 day trial and is $35 per 2 computers. You can even install the serial number remotely... when expired it prompts you to enter the install key.

    It is so popular it has been featured in worms to make zombies. So when it asks for a password... you better use one! famatech.com [famatech.com]

    • I bought 5 copies of Radmin and used them for a while. However, I got nervous because Radmin would leave icons in the system tray when it was not supposed to be running.

      Famatech is a Russian company, apparently. What would keep them from installing a back door? Granted, Russians haven't been killing Iraqis, but Russia is a relatively unlawful country.

      A back door might be justified by management as a way of insuring that you are using legal copies. A back door might mean that Famatech had access to any
  • but no one seems to understand the question.

    I'll try to make this as easy to understand as possible. Imagine this scenario...

    Your |insert computer illiterate relation| needs help fixing something that VNC'ing into their box would easily fix. However, because you recommended that they put their windows box behind a firewall, which oddly enough they did, leaves you without the ability to easily connect to their machine without yet another couple steps, mainly setting up their firewall to allow you to conn

    • Re:Not many posts yet... (Score:2, Funny)

      by Anonymous Coward
      sounds like the guy who locked his keys and his family inside his car...
    • Format c: ?

      The level of these ask slashdot questions seem to be dubmed down more and more every week.....
    • I understand the question, The reverse VNC deal meets the criterea you state. The only tricky part is having them install the server. If you preinstall VNC on the user's machine, then it's a piece of cake, for them: "Double-click on the VNC icon. Type this IP address" and you are done. The tricky stuff is on your end, under your control: forwarding the VNC port through your firewall and setting up the listening VNC client. That's pretty easy, too.

      What this lacks is security over the Internet. Adding an SS
      • You can also add a couple more steps to this to make things easier.

        0. Configure TCP/5500 on your firewall to forward to your machine
        1. Setup a DynDNS account (or equiv.) to resolve your dynamic IP
        2. Walk them through installing RealVNC (just click Next on everything)
        3. Manually have them do a reverse VNC connection
        4. Once you are connected, create a batch file called "Connect to " on their desktop (right next to the VNC Server icon)

        $PATH\winvnc4.exe -connect yourhostname.dyndns.org

        5. Now, anytime
        • I don't want to forward port 5500 to my home box, even on an incident by incident basis. I want my mom to start an encrypted tunnel and enter a passphrase. It's OK if she writes it down, but not OK if she stores it on the computer. With scripting, that makes the process one of launching the Perl/Tk script that prompts for the hostname and/or IP address, and for the passphrase. That's two more pieces of information than your scheme using mydyndns, and one more than the original reverse VNC proposal. But for
    • > Your |insert computer illiterate relation| needs help fixing something
      > that VNC'ing into their box would easily fix. However, because you
      > recommended that they put their windows box behind a firewall, which
      > oddly enough they did, leaves you without the ability to easily connect
      > to their machine without yet another couple steps, mainly setting up
      > their firewall to allow you to connect to their machine.

      Oooh, let me answer this one. This one's easy:

      Since the firewall is an old Penti
  • I use Putty to make an SSH tunnel for VNC.

  • SSH is your friend (Score:2, Informative)

    by agm ( 467017 ) *
    All of my remote access needs are satisfied using ssh. I use NXClient for GUI stuff (when a GUI is needed) and plain old ssh when a GUI is not needed (like when doing a remote "emerge world").

    NXClient will do remote X (with or without a remote desktop), RDP, VNC all wit hvery good performance (as long as the latency of the link is low enough).
    • The NX software is absolutely wonderful - I could log in to my home linux box in California from my parent's dial-up connection across the country, and the GUI was usable, beautiful, and secure.

      However, when I'm behind a bunch of firewalls at work, 20 minutes away, I have a difficult time getting the connection going - So I have a few reservations about fully recommending it for everyone. As soon as I figure out WTH I can do about it, I think it should quickly conquer the world. ;)

  • GoToMyPC (Score:3, Informative)

    by freitasm ( 444970 ) on Wednesday January 26, 2005 @04:28AM (#11478099) Homepage
    Everyone talking about Remote Desktop, Terminal Services, VNC - but these solutions require a port open on the server and firewall.

    LogMeIn and GoToMyPC only need an outgoing connection.

    I use GoToMyPC, and with a keyphrase plus a one time password automatically generated.

    • Re:GoToMyPC (Score:3, Insightful)

      by wowbagger ( 69688 )

      Everyone talking about Remote Desktop, Terminal Services, VNC - but these solutions require a port open on the server and firewall.

      LogMeIn and GoToMyPC only need an outgoing connection.

      Which they use to create the same result - a way an incoming connection can be established to your PC.

      The only difference is that instead of opening a port on your firewall that you can pick (allowing you to use a non-standard port to raise the bar above the heads of the script kiddies), you use somebody else's computer

      • So instead of trusting a remote-access server company, you trust a vendor of remote access software. If that vendor happens to be Microsoft, that's way more trust than most of us are willing to give. That's not Microsoft-bashing, that's a reasonable response to their shitty record on security issues.

        I agree that setting up your own remote access infrastructure, as you describe, is the most secure method -- if you have the expertise to do it right. (Using the method you describe, or something similar.) Yo

      • Were I a system administrator, I would null route all of these services at the firewall, and would log any attempt to access them from within my network and kill the connection of the PC that attempted them - then proceed to LART the user that did so in a fashion that would make the BOFH wince. Their main purpose is to allow stupid lusers to do an end-run around the "meeny stupid-head network admin who won't let me access MY computer" (because he is doing his job of maintaining network security).

        Althoug

    • Our company started using GoToMeeting [gotomeeting.com] (same company and technology as GoToMyPC), and we're extremely happy with it. We're using it for tech support, training, software installation assistance, sales product demos... oh, and even actual meetings (between our American and Canadian offices, between our office and our "road warrior" sales reps, etc.).

      The software allows you to pass screen sharing, keyboard/mouse control, etc. from participant to participant. For our customers, it's a quick download that unins

  • Not free, but... (Score:3, Interesting)

    by jbarr ( 2233 ) on Wednesday January 26, 2005 @05:27AM (#11478294) Homepage
    The Workstation edition of Remotely Anywhere [remotelyanywherre.com] is a VERY solid application. It costs about a hundred bucks, and is for Windows, but it offers excellent remote features including file transfer, remote computer management of resources and services, and full remote desktop control that in my opinion surpasses Microsoft Remote Desktop in speed and function. It uses either Active X, Java, or plain HTML for remoe access providing you maximum flexibility.

    It is highly configurable and full of "geekiness" that should please most Windows-based /.ers. It also doesn't blank the host screen or lock the keyboard by default, though it can.

    Also, it only works with one host per license, which can be expensive if you manage multiple hosts, but if you are looking for a remote access solution, this is a solid one. It's certainly not a cheap solution, but if you want rock-solid and secure access, Remotely Anywhere is worth a look.

    Not affiliated with the company, just using Remotely Anywhere and certaily enjoying it.
    • One thing that I just discovered is that it turns out that LogMeIn.com [logmein.com] is owned by 3am Labs [3amlabs.com] who also owns Remotely Anywhere [remotelyanywhere.com], so they are using the same technology. The free version of Logmein.com provides simple, secure remote connectivity to one host. The "pro" version (which costs a monthly fee) allows full remote control of one host as well as other nice features such as full file transfer capabilities, remote printing, and other features. You can add additional hosts for a reduced fee.

      My advice is that
  • Are any of these mentioned softwares suitable for slow dial-up modem connections that average about 3 KB/sec?

    I know text mode like SSH, telnet (insecured), etc. is fine, but how about GUI based?
  • These sollutions all seem to work only if only one side is behind a nat, or if a dedicated third party server is available that both sides can use.

    From my rudimantary understanding of tcp/ip, I am wondering if the following would work too:

    A and B are behind a NAT or a firewall that blocks all incomming connections.

    Asuming A and B have some (inefficient) way to communicate, like email:

    - A and B agree on a TCP sequence number and a time per mail.

    - Both A and B send a SYN with that number at the defined t
    • VNC works perfectly even if both parties are behind a NAT device.

      I prefer to set up a shortcut on the start menu for my rels where the command is:

      "c:\program files\ultravnc\winvnc.exe" -connect my.dyndns.hostname

      My firewall port-forwards TCP/5500 to my desktop PC, where UltraVNC view is running in "Listen mode".

      The rel just clicks on "start", then "remote control - bern". Works every time.

      Also, I have a few clients/rels where I have an TCP-based OpenVPN tunnel (manual server at my end, service-bas

    • It's easier to just tunnel through one of the firewalls. From system A, ssh
      into the firewall on system B's end, then from there do whatever you need to
      do over the LAN to system B. Alternatively, if you're sitting at system A,
      shell into your own firewall and temporarily forward a port back to yourself,
      which system B can use to connect to you. This can be reasonably secure if
      you 1: use a nonstandard port to ward off automated attacks, script kiddies,
      and worms, 2: use ssl or somesuch so the traffic is hard
      • But what if you do not have any control over either firewall?
        Say, A is you at work, or at a public access point that only offers nat, and B is the person you want to help who has no idea how to configure his router.
    • If the syn is blocked by the firewall, then the pc won't know that it ever existed. The ack will look like it came from out-of-the-blue. That is, if the ack makes it through the firewall as well.
      • If A sends a SYN, it will be blocked by B's firewall, but thats why they have to agree bevorehand about the sequence number and the time to send the ACK.

        The following ACK from B should not get blocked, since B'S firewall does not block outgoing packets (Assuming standard nat, and no additional blocks), and A's firewall will see it as the response to the previous SYN from A.

        At least that is how i figure it.

  • UltraVNC - SC (Score:2, Informative)

    by nafrance ( 66955 )
    I had been searching for this for a long time myself, and found...
    http://gotovnc.dynalias.com/

    Totally recommended. Rudi there has made a package of UltraVNC that is a single exe, no-install system.

    Basically, you download a zip file with some configs and bitmaps in, and customise them.
    I got a free dyndns alias to use for this purpose.
    Then you upload the files, and you get back a 160KB .exe that you can send you your client/brother/friend etc.

    They run it, and it establishes a reverse-vnc connection to the

    • That is someone's personal scheme. It is not connected with Sourcforge, although there is a link to Sourceforge. It is not connected with UltraVNC, apparently.

      In this scheme, you give away the password to your UltraVNC sessions, and send the password over the Internet. If you change your IP address, you must go back to that website and disclose again how you plan to connect.
  • I have two One-way NAT firewalls and a way to get around them. Of course, this requires a machine with a public IP and ssh account to work...

    http://www.linuxlogin.com/linux/admin/sshtunnels. p hp [linuxlogin.com]

    I then use a cron script to check the tunnel at home, if it's down it reconnects so I can always get back into my network at home. I use ssh-keys with ssh-agent to keep my passphrase. The box can then login without a password.
    You can foward as many ports as you like and don't need to change your firewall r

  • Free remote admin tools (Score:5, Funny)

    by stinkydog ( 191778 ) <sd@s t r angedog.net> on Wednesday January 26, 2005 @09:55AM (#11479260) Homepage
    I have my family connect their Windows machines directly to the Internet and to not bother with those pesky security updates. Within an hour, the internet installs all the remote access tools I need. Ftp servers, irc bots and keystroke loggers are just some of the handy tools that come through this way. I have to go, I just got an email about Snow White and I can't wait to check out the attachment.

    SD
  • First, my universal advice: DON'T get in the habit of fixing remote systems for free. It is a huge time-sink & it would be better if you don't foster that dependence. I sometimes fix problems over email or in person for friends/family, but I also usually weasel some free beer out of the deal.

    That being said, many have to remotely administer machines for OTHER reasons. Oftentimes, a shell is all that is needed & having OpenSSH [openssh.com] is good enough. It is available for win32 [sourceforge.net] too. This can also be used
  • I use TightVNC for remote connectivity, and it works great. All you have to do is initially install, configuure, and place an icon on the desktop for it. You would also need to forward a port(5900 is the default) on the person's firewall to their computer if one is in use. This could enabled and disabled with extra work if you weren't okay with leaving it open. As long the TightVNC server wasn't running, nothing would be listening on the port 24/7 anyway.

    In order to connect, you would need to know the
  • We evaluated several "remote control" solutions over the last few months and found that Remote-Anything from TWD Industries [twd-industries.com] provided an affordable and easy to use solution. After we configured our server component, clients are able to download a 90k "slave" execuatable when they need help. When executed the slave .exe just runs...there is no install process for the user to go through. We set it up so that it uses port 443 and it seems to work fine through NAT and firewalls on both sides
  • Comment removed based on user account deletion

  • <attemptedHumour>

    Remote connectivity to manage a neighbor's,

    ahem, family member's machine? Simple. Tell them they don't need those software update thingies. Then overflow their buffer with say the MS04-011 [microsoft.com]or something of the like, appending desired code to make desired changes, and ... Presto Change-o. It works.

    </attemptedHumour>

Slashdot Top Deals

He has not acquired a fortune; the fortune has acquired him. -- Bion

Close