Suggestion to make remote recovery easier

Justin M. Wray wray.justin.ubuntu at gmail.com
Wed May 7 08:20:01 UTC 2008 

True the lack of X would cause a problem, but that is when the "helper" could resort to the SSH option.  It is also possible to make this an addition option, maybe:

remote-recovery --gui

and

remote-recovery --cli

and

remote-recovery --both

With the --both being the default?

This gives a bit more control, and I am sure even a new user can type the extra option in for the command, and with a GTK frontend this should't be a problem at all.

As per your note on ssh, and key based authentication.  Even internally, key-authentication is smarter, more secure, and ultimatly easier.  It is easier to manage keys and access.  It would be a wise, sane default.  Passwords are a stupid (authentication) mechanism and are being phased out more-and-more.  And if you want to run password authentication internally it is a quick and easy change, in one file.

It think it is more wise to go with a secure default, and allow the experience users to deviate from the default, then to ship a less-secure option with the hopes that people will know when to enable it.

Thanks,
Justin M. Wray

Sent via BlackBerry by AT&T

-----Original Message-----
From: Milan Bouchet-Valat <nalimilan at club.fr>

Date: Wed, 07 May 2008 10:00:31 
To:wray.justin.ubuntu at gmail.com
Cc:Christopher Halse Rogers <chalserogers at gmail.com>, Andrew Sayers <andrew-ubuntu-devel at pileofstuff.org>, ubuntu-devel-discuss at lists.ubuntu.com
Subject: Re: Suggestion to make remote recovery easier


Le mercredi 07 mai 2008 à 03:44 +0000, Justin M. Wray a écrit :
> Another idea would be to not only tunnel SSH but also VNC.
> 
> Allowing the "newbie" to watch the "helper" do something at times might be the goal, and will make help facilitate learning.  In addition the issue might be with a GTK/GUI app, and VNC would be the fastest approch.
If you limit your goal in this spec to "general help" (as opposed to "recovery from an unusable system"), then you can do it in a nice and easy way with Telepathy. The "newbie" only has to select his technical friend while they chat on Empathy, and say "Give this contact control on my desktop". Then if a console is needed the geek will start it by itself (gnome-terminal).

The drawback here is that in case X does not start anymore, this would not work. But for the most common case of a new Linux user asking "how can I do that", this is perfect since you can see what the friend is doing, and possibily learn. And this is nicer because you don't give total control on the computer to a friend who may install what he wants (even if you trust him, this possibility may refrain you from remote help).


A word about openssh-server:
Please don't disable password connexions by default, it is your script
that will have to do so. The defaults now are sane and quick to use.
Many people are behind firewalls and can install a SSH server without
fear of terrible attacks on their LANs.

Only when the user is known to be a newbie not controlling the SSH
server we should secure it the most.


Very nice idea anyway!

More information about the Ubuntu-devel-discuss mailing list