Secure point-to-point remote maintenance explained simply
Egg, 4 May 2023: Today’s article is about comfortable working with X2Go under Linux with the ArchivistaBox or also with AVMultimedia. In doing so, it will be shown why the joy with Teamviewer and Co. is still limited today. Also at this point it will be “revealed” why there is an order stop for the summer months.
Remote maintenance at Archivista GmbH
Archivista GmbH has been working almost exclusively with Linux for 20 years now. Well over 15 years, incidentally, with the ArchivistaBox, as this has always been used internally as a desktop environment. Of course there are two virtual guests running Windows. In addition, an Apple computer has also been available for two years if required. But as I said, the daily work without Linux, unthinkable.
Since many years SSH (Secure Shell) accompanies us. Of course, remote maintenance via the console may seem more than archaic at first glance, but it allows us to work very efficiently even with extremely poor bandwidth. There are clients for both smartphones (JuiceSSH) and Windows (Putty). Remote maintenance via SSH is always encrypted point-to-point. This usually requires adjustments to the firewalls, but it is for security reasons — and therefore makes good sense.
VNC – the good old companion
If, as an exception, a graphical screen should be available during support, e.g. to show the customer functions directly on an ArchivistaBox, VNC still provides good service. The protocol is trivial, the technology is somewhat older, but as long as VNC runs over the secure channel SSH, VNC sessions can be set up very easily and again point to point. The only disadvantage of this solution is that VNC sometimes reacts very slowly when bandwidth is low.
Experiences with TeamViewer and Co
Remote maintenance without configuration is promised by solutions like TeamViewer or AnyDesk. The manufacturers provide servers so that no configuration is necessary for either the sender or the receiver. The problem with the “third party” is that, due to the technology, the third party can always listen in. In 25 years of company history, there have been many security concepts in contact with companies. However, it has come as a surprise in the last few years that companies with extremely high requirements for remote access often see no problem in their employees making quick use of TeamViewer. In this context, (even “good-natured”) third parties always pose security problems.
Even more “disturbing” with TeamViewer is the license management. Originally, the one who wanted the remote maintenance in the commercial environment paid. Later it was said that the use was free of charge only for private users. Even then, the question arose as to whether a private customer who invites to a remote session mutates into a corporate customer if, for example, he obtains paid support from Archivista GmbH? According to my own experience, this was the case. Almost every year there were or are new “rules” for usage — usually with correspondingly hefty price increases.
Recently, TeamViewer can only be used with a registration requirement. Therefore, in the future we will only use TeamViewer if the customer provides us with all licenses and accounts.
X2Go fits perfectly with ArchivistaBox and AVMultimedia
X2Go is a remote maintenance software (analogous to RDP under Windows) that was created specifically for remote maintenance of Linux environments. Because X2Go sessions run over the SSH port, X2Go is state of the art in terms of security. Also (as will be shown here) X2Go is easy to set up and use.
X2Go always distinguishes between a client and a server. The client is the one that wants to control another computer and the server is the computer to be controlled. X2Go is not included in the standard scope of delivery on either the ArchivistaBox or AVMultimedia. However, both components can be easily “retrofitted”.
The installation from and to an ArchivistaBox is described below. In principle, the instructions can be extended for any environment. Linux is “simply” required as the “server”, for the client there are programs for Windows, Mac and Linux. Back to the installation on an ArchivistaBox or AVMultimedia. Either the packages to the server are to be installed via the menu or there ‘Synaptic’ or then the X2Go server can be activated via the console (as root):
apt update apt install x2goserver
Nothing more is necessary, the X2Go server is started automatically. On the client, two steps are required. First of all the package has to be activated (Synaptic or also as root):
apt update apt install x2goclient
The client is set up, but it has to be started manually. Either an entry can be found in the start menu or then the program can be started on the console (this time user archivista):
x2goclient
After the start the following window appears:
To create a session, select the ‘Session’ menu and then ‘New session’ (or Ctrl+N):
Enter the desired IP address (DNS name). Port 22 must be replaced by the address specified in the firewall for SSH access and the user must be ‘archivista’, as there is only this user on the ArchivistaBox or AVMultimedia. In order for remote access to work, the desktop must also be specified, whereby in our case ‘Mate’ is required. The process is completed with ‘OK’. An entry appears in the bar on the right.
Clicking on the title of the entry (marked by red dot) starts the connection establishment. The password of the user ‘archivista’ of the remote computer is to be entered.
After confirming the entries, either the desktop is opened directly or a query about the fingerprint is made (for the first access).
The desktop with 800×600 pixels may seem small, but the desktop can be adjusted virtually by enlarging the window as required. The entire desktop of the ArchivistaBox is now available. The only restriction is Firefox. Here it is necessary that Firefox is not previously started on the “real” desktop.
Finally, it should be noted that with X2Go a very simple open source remote environment is available for Linux computers (here specifically for the ArchivistaBox and AVMultimedia). And because the client (below an example of a session of an ArchivistaBox from Windows11) is available for all common operating systems Windows, Mac and Linux, X2Go can be used very universally.
The possibilities of X2Go are almost unlimited. With the right settings (sshfs package under Linux), folders can be ‘exchanged’ (shared), for example. Likewise, with the package ‘x2goserver-desktopsharing’ it is possible to conduct remote sessions together.
The question remains as to why the ArchivistaBox or AVMultimedia should be used remotely (apart from support sessions). The answer is simple. On the ArchivistaBox or AVMultimedia there are many top-class desktop applications (especially in the area of video editing). As much as these applications can run on a powerful notebook, desktop computers still offer significantly more power and memory than notebooks do.
Further, remote sessions can also result as an alternative to VPN services like ProtonVPN. With private VPN services, other computers are accessed on the move as if my computer were located elsewhere. However, this is done by the service provider (e.g. the company Proton). As a rule, the service called up (e.g. streaming provider) does not notice that my computer is faking something. From a legal point of view, it is unclear whether the rules of the country from which the original access is made do not apply. In the case of an encrypted remote session via one’s own home computer, the legal action may be considered to clearly “apply”, the access takes place from the server location of the X2Go server.
Order stop summer 2023
Archivista GmbH is celebrating a quarter of a century of company history in these months. Even after 25 years, the daily routine is exciting as well as stimulating. However, after this long period of time (not least fueled by the possibilities of the Internet or remote access as described above), there is also a desire for longer periods of time off. For this reason, the summer months of June, July and August will be used to recharge our batteries.
Therefore, as of June 5 (i.e. one month from today), no new orders will be accepted for the period until deep August 2023. Of course, this does not affect maintenance contracts. All customers will receive support within 4 (Platinum) or 8 (Gold level) hours of business time, depending on the service level.
However, no training orders or new projects will be accepted or executed during this time. For web-shop orders, a delay of a few days is to be expected. Product availability can only be confirmed by e-mail after an order has been placed. If you have any questions regarding the availability of our service, please do not hesitate to contact us by mail at webmaster@archivista.ch or by phone +41 44 350 05 50.
Update June 12, 2024: Currently (version 15) the account requirement for Teamviewer seems to be activated. In the meantime, the solution with Pagekite is available for support.