<section data-background="images/25-linux-remote-support/remote-support.jpg" data-state="frontpage"> <div class="atitle2">How to do<br> <div class="atitle" style="font-size:200% !important"><span class="db8orange">Linux Remote Desktop Support</span></div> <br><br><br><br> <span class="apage1">by Peter Martin / <a href="https://db8.nl" target="_blank">db8.nl</a></span> <br> <span class="apage1">slides: <a href="https://slides.db8.nl" target="_blank">https://slides.db8.nl</a></span> <style>.atitle{text-shadow: 2px 2px 2px #000;} .atitle2{text-shadow: 2px 2px 2px #000;} </style> <div style="margin: 0 auto;"> <a href="https://db8.nl" title="Joomla Specialist db8 Nijmegen" target="_blank"> <img height="50" style="border:0;background:transparent;margin-right:20px; box-shadow: 0 0 0 rgba(0, 0, 0, 0.15);" src="images/db8-logo.svg" alt="db8"> </a> </div> </div> <!-- source: ChatGPT --> <link href="images/style.css" rel="stylesheet" type="text/css" /> --- <!-- .slide: data-background="images/25-linux-remote-support/computer-says-no.jpg" --> <div class="title"><span class="db8orange">Computer says No?</span></div> <!-- source: ChatGPT --> ---- ### Remote Support - Eessential for IT and user assistance - Common tools: TeamViewer, AnyDesk - Easy to use but with disadvantages ---- #### Issues with TeamViewer and AnyDesk <span style="font-size:80%"> - **Closed source**: You cannot verify what happens with your data. - **Paid licenses**: - Free only for personal use - business use is expensive. - **Privacy concerns**: All sessions route through their servers. - **Vendor lock-in**: - No self-hosted option - depended entirely on their infrastructure. - **Limitations**: Forced updates, blocked access, or commercial-use detection. </span> --- <!-- .slide: data-background="images/25-linux-remote-support/it-support.jpg" --> <div class="title"><span class="db8orange">Remote Support</span></div> <!-- source: ChatGPT --> ---- ### Why Open Source Is Better - **Transparency**: Source code is public. - **Security**: Auditable and self-hosted. - **Freedom**: No vendor lock-in. - **Cost**: Free for both personal and commercial use. - **Active community**: Continuous improvements and shared knowledge. ---- ### Open-Source Alternatives - **RustDesk** - Modern, written in Rust. - Cross-platform and efficient. - Peer-to-peer or relay-based connections. - **MeshCentral** - Node.js-based remote management. - Ideal for multi-device or enterprise setups. - Browser-based control interface. --- <!-- .slide: data-background="images/25-linux-remote-support/it-support2.jpg" --> <div class="title"><span class="db8orange">How RustDesk Works</span></div> <!-- source: ChatGPT --> ---- ### How RustDesk Works - Client–Server model with optional relay. - Designed for secure and private remote sessions. ---- ### RustDesk Architecture <span style="font-size:80%"> - **HBBS (Rendezvous Server)** - Host-Based Broker Server - Handles client registration and NAT traversal coordination. - Acts as a connection broker. - **HBBR (Relay Server)** - Host-Based Broker Relay - Relays encrypted traffic when direct peer-to-peer is not possible. - Ideal for firewalled or NATed systems. </span> ---- ### RustDesk Connection Flow <span style="font-size:80%"> 1. Client connects to **HBBS** to register. 2. Peers locate each other through the broker. 3. If direct P2P fails, data routes through **HBBR**. 4. All communication uses **end-to-end encryption**. </span> ---- ### RustDesk Security Model <span style="font-size:80%"> - Encrypted connections using TLS. - Public/private key pairs for authentication. - End-to-end encryption ensures no one can intercept the session. </span> --- <!-- .slide: data-background="images/25-linux-remote-support/client.jpg" --> <div class="title">RustDesk <span class="db8orange">Client</span></div> <!-- source: ChatGPT --> ---- ### Setting Up RustDesk Client 1/2 #### Flatpack ```bash sudo apt update sudo apt install flatpak -y sudo flatpak remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo flatpak install flathub com.rustdesk.RustDesk -y ``` ---- ### Setting Up RustDesk Client 2/2 #### .deb version ```bash wget https://github.com/rustdesk/rustdesk/releases/download/1.4.2/rustdesk-1.4.2-x86_64.deb sudo dpkg -i rustdesk-1.4.2-x86_64.deb sudo apt install --f sudo dpkg -i rustdesk-1.4.2-x86_64.deb ``` --- <!-- .slide: data-background="images/25-linux-remote-support/server.jpg" --> <div class="title">RustDesk <span class="db8orange">Server</span></div> <!-- source: ChatGPT --> ---- #### Use <span class="db8orange">RustDesk’s public relay servers</span> - Easy to setup - (not for me) - I could connect laptop A to laptop B - couldn't connect laptop B to laptop A ---- #### <span class="db8orange">Self-hosted</span> with your own HBBS + HBBR servers. - Run Docker containers: - hbbs – starts the rendezvous (broker) server - hbbr – starts the relay server - Configure ports (TCP/UDP 21115–21119 default). - Update RustDesk clients with your server address in the “ID/Relay” settings. ---- ### Docker compose.yml file 1/2 ```yaml services: hbbr: container_name: hbbr image: rustdesk/rustdesk-server:latest command: hbbr volumes: - ./data:/root network_mode: "host" restart: unless-stopped healthcheck: test: ["CMD-SHELL", "ss -ltn | grep -q ':21117'"] interval: 30s timeout: 5s retries: 5 ``` ---- ### Docker compose.yml file 2/2 ```yaml hbbs: container_name: hbbs image: rustdesk/rustdesk-server:latest # Verwijs hbbs naar hbbr op dezelfde host/domein command: hbbs -r rustdesk.8db.nl:21117 volumes: - ./data:/root network_mode: "host" depends_on: - hbbr restart: unless-stopped healthcheck: test: ["CMD-SHELL", "ss -ltn | egrep -q ':21114|:21115|:21116|:21118'"] interval: 30s timeout: 5s retries: 5 ``` ---- ### Verification - Test connection between two clients. - Ensure NAT traversal and relay fallback works. - Optional: Enable encryption key verification. ---- ### Request server encryption key ```bash # sed -n '1p' ./data/id_ed25519.pub ``` ---- #### id_ed25519.pub <span style="font-size:80%"> - ed25519 = EdDSA + Curve25519 (twisted Edwards version) - **EdDSA** is a digital signature scheme - using a **variant of the Schnorr signature** - based on **twisted Edwards curves** - (anyone?) </span> ---- ### Check on server check if devices work ok ```bash # docker logs hbbs | grep update_pk ``` --- <!-- .slide: data-background="images/25-linux-remote-support/anyone-anyone.jpg" --> <div class="title">Questions? <span class="db8orange">Anyone, anyone?</span></div> <!-- source: ChatGPT --> ---- ## Photo Credits <ul style="font-size:50%"> <li>All photos generated with ChatGPT 5</li> </ul> </section>