Best Way To Update a Computer I Won't Be Near? (Remote access vs other)

All Gurus once were Newbies
Forum rules
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Please stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions prefer the other forums within the support section.
Before you post please read how to get help
Post Reply
Ow That Hurts
Level 2
Level 2
Posts: 99
Joined: Fri Sep 27, 2013 6:50 pm

Best Way To Update a Computer I Won't Be Near? (Remote access vs other)

Post by Ow That Hurts »

What would be the best way to access a computer that I won't be near but will have internet access, and will be used by people who are pretty much computer illiterate (i.e., my wife)?

My wife owns a couple of small clothing stores. I am setting up a point of sale system on some Mint 19 installs.

The boxes will be connected to the internet, I guess so she can send emails and watch cat videos in between customers.

I would like to make sure that Mint is kept up to date with updates.

1) is there a safe way to login from my home computer over the internet to that computer that won't expose either computer to security risks??? I have head of various remote access programs and SSH, but not sure how difficult it is to set up without causing a security concern. (I admit that I am completely ignorant of remote access and so your patience with me on this is really appreciated.)

2) Would it be better to set up my wife as a user in Linux Mint with a limited number of rights? I am also pretty ignorant of how users and groups work in Linux Mint, but I am guessing that there might be a way to set it up so that the ONLY administrative task she can do is apply updates???

I think option 1 (remote access over the internet of some kind) would be preferable if it can be done safely. I saw a couple of threads on redit about whether it was safe or not, and 25% of the threads said it was safe, 25% said it was NOT safe, and the other 50% of the threads were just a bunch of insults being hurled at one another :(

Thanks in advance and pardon my ignorance about the matter.
User avatar
JerryF
Level 13
Level 13
Posts: 4752
Joined: Mon Jun 08, 2015 1:23 pm
Location: Rhode Island, USA

Re: Best Way To Update a Computer I Won't Be Near? (Remote access vs other)

Post by JerryF »

Ow That Hurts wrote:
Sun Nov 22, 2020 12:18 pm
What would be the best way to access a computer that I won't be near but will have internet access, and will be used by people who are pretty much computer illiterate (i.e., my wife)?

My wife owns a couple of small clothing stores. I am setting up a point of sale system on some Mint 19 installs.

The boxes will be connected to the internet, I guess so she can send emails and watch cat videos in between customers.

I would like to make sure that Mint is kept up to date with updates.

1) is there a safe way to login from my home computer over the internet to that computer that won't expose either computer to security risks??? I have head of various remote access programs and SSH, but not sure how difficult it is to set up without causing a security concern. (I admit that I am completely ignorant of remote access and so your patience with me on this is really appreciated.)

2) Would it be better to set up my wife as a user in Linux Mint with a limited number of rights? I am also pretty ignorant of how users and groups work in Linux Mint, but I am guessing that there might be a way to set it up so that the ONLY administrative task she can do is apply updates???

I think option 1 (remote access over the internet of some kind) would be preferable if it can be done safely. I saw a couple of threads on redit about whether it was safe or not, and 25% of the threads said it was safe, 25% said it was NOT safe, and the other 50% of the threads were just a bunch of insults being hurled at one another :(

Thanks in advance and pardon my ignorance about the matter.
1) Teamviewer has always been a good choice. You can install it from their website. It is safe as any other remote access.

2) You should set up an Administrator account for yourself with sudo rights available so that if she needs to, she can run updates when available using your rights. She could be set up as a Desktop User account.

If all that is concerning you is having the system updated, you could turn on Automation within Update Manager (depending on your version). It will use your account and rights to install updates. I believe 19.3 started having that option:
Click to enlarge
Click to enlarge
*** IF your problem has been solved, please edit your ORIGINAL post and add [SOLVED] to the beginning of the Subject Line. It helps other members when browsing posts. ***
Ow That Hurts
Level 2
Level 2
Posts: 99
Joined: Fri Sep 27, 2013 6:50 pm

Re: Best Way To Update a Computer I Won't Be Near? (Remote access vs other)

Post by Ow That Hurts »

JerryF wrote:
Sun Nov 22, 2020 2:01 pm

1) Teamviewer has always been a good choice. You can install it from their website. It is safe as any other remote access.

2) You should set up an Administrator account for yourself with sudo rights available so that if she needs to, she can run updates when available using your rights. She could be set up as a Desktop User account.

If all that is concerning you is having the system updated, you could turn on Automation within Update Manager (depending on your version). It will use your account and rights to install updates. I believe 19.3 started having that option:
Shutter_01.jpg
Thank you for the reply.

Yes, I do have my account which is set up for sudo rights (which I think is how Mint is set up by default, isn't it??? That there is one "administer" account set up with sudo rights?)

I know I could have her log in to this account, but I kind of don't trust her that much. I think she might accidentally mess something up. I mean, my wife has had an iPhone for 8 months now and she is constantly messing it up and my 14-year-old son and I are constantly having to do tech support for her, even though normally neither of us would touch an apple product with a ten foot pole.

(No offence to apple users / iphone owners. I am sure they are wonderful products. Just I don't have the time to learn a new / different operating system than Windows / android / linux)

In the meantime I will look into turning on Automation in the update manager. I am currently on LM 19.3
User avatar
JerryF
Level 13
Level 13
Posts: 4752
Joined: Mon Jun 08, 2015 1:23 pm
Location: Rhode Island, USA

Re: Best Way To Update a Computer I Won't Be Near? (Remote access vs other)

Post by JerryF »

Ow That Hurts wrote:
Sun Nov 22, 2020 3:02 pm

Thank you for the reply.

Yes, I do have my account which is set up for sudo rights (which I think is how Mint is set up by default, isn't it??? That there is one "administer" account set up with sudo rights?)

I know I could have her log in to this account, but I kind of don't trust her that much. I think she might accidentally mess something up. I mean, my wife has had an iPhone for 8 months now and she is constantly messing it up and my 14-year-old son and I are constantly having to do tech support for her, even though normally neither of us would touch an apple product with a ten foot pole.

(No offence to apple users / iphone owners. I am sure they are wonderful products. Just I don't have the time to learn a new / different operating system than Windows / android / linux)

In the meantime I will look into turning on Automation in the update manager. I am currently on LM 19.3
Wasn't sure how you had set it up. Yes, the default for the first account created has "sudo" rights.

Your wife won't need to log in as you to have updates applied. I think once you set up Automatic Updates (using your account and password) that it will run without her intervention. I'm now checking to see if that's correct.
*** IF your problem has been solved, please edit your ORIGINAL post and add [SOLVED] to the beginning of the Subject Line. It helps other members when browsing posts. ***
User avatar
phd21
Level 19
Level 19
Posts: 9829
Joined: Thu Jan 09, 2014 9:42 pm
Location: Florida

Re: Best Way To Update a Computer I Won't Be Near? (Remote access vs other)

Post by phd21 »

Hi "Ow That Hurts",

Big +1 for TeamViewer (TV) one of the easiest and best remote support applications. I would recommend fully installing TeamViewer on the remote computers so that they start TV when the computers startup and login. I have used TV for many years both professionally and personally. I have even used TV from my Android phone to a remote computer which worked well despite the smaller screen size.


Hope this helps ...
...
Phd21: Mint 20 and 19.2 Cinnamon & xKDE (Mint Xfce + Kubuntu KDE) & KDE Neon 64-bit (new based on Ubuntu 20.04) Awesome OS's, Dell Inspiron I5 7000 (7573) 2 in 1 touch screen, Dell OptiPlex 780 Core2Duo E8400 3GHz,4gb Ram, Intel 4 Graphics.
User avatar
Termy
Level 5
Level 5
Posts: 930
Joined: Mon Sep 04, 2017 8:49 pm
Location: UK
Contact:

Re: Best Way To Update a Computer I Won't Be Near? (Remote access vs other)

Post by Termy »

I do this with my laptop, using SSH, and I use SSH when connecting to a server I help to maintain, but it'll probably be a pain to set up if you're not familiar with SSH or the terminal. TeamViewer is a good choice, as mentioned elsewhere in this thread; I sometimes have to use it for the aforementioned server, when SSH won't suffice. :roll:

I don't trust TeamViewer though, so I sandbox it in a virtual machine. I also don't use an account; I just use it as-is, and I thoroughly recommend you do the same, if possible. TeamViewer spokesman Axel himself stated there have been a significant amount of account breaches; he may have fobbed it off as poor password choice, but I'm far from convinced.

Just remember, with ease comes a higher risk of compromise.

If you can be bothered, I recommend setting up SSH, but follow reputable sources and stay safe. SSH is great, but not if it's configured like a wet sandwich. What? Oh yeah, wet sandwiches are really badly configured, just in-case you didn't know. :wink:
I use Linux Mint 18.3 with Cinnamon in a VirtualBox VM for testing & sandboxing.

I'm LearnLinux (LL) on YouTube: https://www.youtube.com/channel/UCfp-lN ... naEE6NtDSg
I'm also terminalforlife (TFL) on GitHub: https://github.com/terminalforlife
Ow That Hurts
Level 2
Level 2
Posts: 99
Joined: Fri Sep 27, 2013 6:50 pm

Re: Best Way To Update a Computer I Won't Be Near? (Remote access vs other)

Post by Ow That Hurts »

Termy wrote:
Sun Nov 22, 2020 6:52 pm
I do this with my laptop, using SSH, and I use SSH when connecting to a server I help to maintain, but it'll probably be a pain to set up if you're not familiar with SSH or the terminal. TeamViewer is a good choice, as mentioned elsewhere in this thread; I sometimes have to use it for the aforementioned server, when SSH won't suffice. :roll:

I don't trust TeamViewer though, so I sandbox it in a virtual machine. I also don't use an account; I just use it as-is, and I thoroughly recommend you do the same, if possible. TeamViewer spokesman Axel himself stated there have been a significant amount of account breaches; he may have fobbed it off as poor password choice, but I'm far from convinced.

Just remember, with ease comes a higher risk of compromise.

If you can be bothered, I recommend setting up SSH, but follow reputable sources and stay safe. SSH is great, but not if it's configured like a wet sandwich. What? Oh yeah, wet sandwiches are really badly configured, just in-case you didn't know. :wink:
Thank you for the input. I will look in to team viewer.

You say that you use it in a virtual machine... I assume that means you are using a virtual machine on the computer you are sitting in front of, right?

I guess my question is the computer that is at the remote location (i.e., at my wife's store on the other side of the Bay), how would I make sure that no one scanning open ports gets in to it. There certainly won't be a whole lot of information on the computer. But if someone ever did get in there and either erased our data files or encrypted the drive, that would be a pain, obviously.

In the meantime I will at least look into what SSH is so I have a better understanding what people mean when they refer to it.

Thanks again.
User avatar
phd21
Level 19
Level 19
Posts: 9829
Joined: Thu Jan 09, 2014 9:42 pm
Location: Florida

Re: Best Way To Update a Computer I Won't Be Near? (Remote access vs other)

Post by phd21 »

Hi "Ow That Hurts"

It is not recommended to have any remote access enabled all the time unless you really need it.

With all computers using any operating system, make sure the hardware routers have their firewall enabled (usually automatic by default), and that all computer software firewalls are also enabled. Using a VPN provider's servers can also protect anyone doing anything on the Internet including remote access.
Termy wrote:Just remember, with ease comes a higher risk of compromise.
I do not totally agree with this statement. If you have not fully installed TeamViewer (TV) as a service where it is running all the time, it is very secure and super easy to start, connect, and use. You do not even need to setup firewall port rules. You can simply contact a person at the remote site and tell them to start TV and give you the login information, then you are connected and ready to use the computer remotely.

SSH is used by most professional computer support staff, but it does require a fair amount of setup to be truly secure including changing the default SSH ports and setting up firewall rules for the new SSH ports (for servers and clients). Once SSH is set up properly (see "Linux hardening SSH"), then it is simple to access the remote computers using various SSH options including through file managers, Remote access applications (Remmina, etc...), the console terminal prompt, etc...

There are applications anyone can install to prevent brute force attacks against your system; "SSHguard", "fail2ban", "libpam-abl" are some of them.

Remote Desktop for Linux | TeamViewer
https://www.teamviewer.com/en-us/soluti ... %20secure.

FYI: I use the TeamViewer self-contained ready to run archive file that I download from their website under Linux options "Other systems (not officially supported) *.tar package 15.11.6" because this does not install their TV service (teamviewerd) so it is not always running. I manually create a desktop launcher shortcut.

Good read with tips on making TeamViewer more secure
Is Teamviewer safe? | NordVPN
https://nordvpn.com/blog/is-teamviewer-safe/

How to make TeamViewer more secure | Tutorials
https://www.tenforums.com/tutorials/158 ... ecure.html


Hope this helps ...
Phd21: Mint 20 and 19.2 Cinnamon & xKDE (Mint Xfce + Kubuntu KDE) & KDE Neon 64-bit (new based on Ubuntu 20.04) Awesome OS's, Dell Inspiron I5 7000 (7573) 2 in 1 touch screen, Dell OptiPlex 780 Core2Duo E8400 3GHz,4gb Ram, Intel 4 Graphics.
User avatar
Termy
Level 5
Level 5
Posts: 930
Joined: Mon Sep 04, 2017 8:49 pm
Location: UK
Contact:

Re: Best Way To Update a Computer I Won't Be Near? (Remote access vs other)

Post by Termy »

phd21 wrote:
Mon Nov 23, 2020 2:16 am
If you have not fully installed TeamViewer (TV) as a service where it is running all the time, it is very secure and super easy to start, connect, and use. You do not even need to setup firewall port rules. You can simply contact a person at the remote site and tell them to start TV and give you the login information, then you are connected and ready to use the computer remotely.
I agree that it's easy to get started. I don't entirely agree with your optimistic "It's very secure". Still, it's better than running Windows. :P Nice one in using the tar. I think I just used the Deb file they offer, but then it's just in a virtual machine which isn't running all the time anyway, but I'll try your approach.

Conceptually though -- I mean, I didn't just make it up -- it's well known that security and convenience often go toe-to-toe. I probably should've been more specific though, in saying that it can and often does result in a higher risk of compromise, but not always. :P
phd21 wrote:
Mon Nov 23, 2020 2:16 am
SSH is used by most professional computer support staff, but it does require a fair amount of setup to be truly secure including changing the default SSH ports and setting up firewall rules for the new SSH ports (for servers and clients). Once SSH is set up properly (see "Linux hardening SSH"), then it is simple to access the remote computers using various SSH options including through file managers, Remote access applications (Remmina, etc...), the console terminal prompt, etc...
I've done all of the usual hardening stuff regarding SSH. I think it comes down to disabling things in 'sshd_config' you don't need and probably shouldn't use, such as X11 Forwarding, ensure you use keys and disable access via passwords, and of course, don't use the default port of 22. I tend to also make the permissions of ~/.ssh sane.

The rest of the system is largely tweaked for security, even at the expense of convenience; I'm honestly appalled with how Ubuntu and its derivatives come, out of the box, which is why I wrote a program called UbuChk, which looks at some of these things.

The firewall is easy enough with UFW: sudo ufw allow in PORT comment DESCRIPTION
I use Linux Mint 18.3 with Cinnamon in a VirtualBox VM for testing & sandboxing.

I'm LearnLinux (LL) on YouTube: https://www.youtube.com/channel/UCfp-lN ... naEE6NtDSg
I'm also terminalforlife (TFL) on GitHub: https://github.com/terminalforlife
User avatar
phd21
Level 19
Level 19
Posts: 9829
Joined: Thu Jan 09, 2014 9:42 pm
Location: Florida

Re: Best Way To Update a Computer I Won't Be Near? (Remote access vs other)

Post by phd21 »

Hi Termy, "Ow That Hurts", everyone else,

FYI: I was a software developer for years which required local and remote support (mostly remote) and training for our software and operating systems, hardware, networking (software and hardware), and any other software they may have installed. If the remote computer is part of a home or business network with other computers and devices, remote access, remote control, was a total pain to set up properly especially if you are trying to talk non-technical people through modifying hardware router settings or editing MS Windows registry and other settings, etc... When TeamViewer came out it was a huge improvement in remote support options that benefited everyone. Now, there are a few TeamViewer type applications available for any operating system.

If you use SSH, or RDP (remote desktop), then it is recommended to use static IP addresses for each remote computer, create firewall port forwarding rules in the remote hardware router for each workstation computer and in each workstation computer's software firewall. Unless you are onsite or they have competent computer people onsite, that can be daunting and time-consuming tasks. Applications like TeamViewer can bypass all that.

I actually like the "x11" SSH option being enabled so that if I want to run desktop applications on the remote I can.

Here is an older link on SSH, but one that I have always liked.
SSH: An Easier-Than-You-Thought Tutorial
http://pclosmag.com/html/Issues/201102/page18.html

10 Best Team Viewer Alternatives for Linux in 2019
https://www.fossmint.com/teamviewer-alt ... for-linux/

Best 14 teamviewer alternatives for Linux/Ubuntu
https://net2.com/best-14-teamviewer-alt ... ux-ubuntu/

An excellent security analysis tool "Lynis".
Install and Setup Lynis Security Auditing tool on Ubuntu 20.04 - kifarunix.com
https://kifarunix.com/install-and-setup ... ntu-20-04/

How to Secure and Harden OpenSSH Server
https://www.tecmint.com/secure-openssh-server/

How To Harden OpenSSH on Ubuntu 18.04 | DigitalOcean
https://www.digitalocean.com/community/ ... untu-18-04

Enable Root Login via SSH In Ubuntu | Liquid Web
https://www.liquidweb.com/kb/enable-root-login-via-ssh/


Hope this helps ...
Phd21: Mint 20 and 19.2 Cinnamon & xKDE (Mint Xfce + Kubuntu KDE) & KDE Neon 64-bit (new based on Ubuntu 20.04) Awesome OS's, Dell Inspiron I5 7000 (7573) 2 in 1 touch screen, Dell OptiPlex 780 Core2Duo E8400 3GHz,4gb Ram, Intel 4 Graphics.
User avatar
Termy
Level 5
Level 5
Posts: 930
Joined: Mon Sep 04, 2017 8:49 pm
Location: UK
Contact:

Re: Best Way To Update a Computer I Won't Be Near? (Remote access vs other)

Post by Termy »

phd21 wrote:
Mon Nov 23, 2020 12:07 pm
FYI: I was a software developer for years which required local and remote support (mostly remote) and training for our software and operating systems, hardware, networking (software and hardware), and any other software they may have installed. If the remote computer is part of a home or business network with other computers and devices, remote access, remote control, was a total pain to set up properly especially if you are trying to talk non-technical people through modifying hardware router settings or editing MS Windows registry and other settings, etc... When TeamViewer came out it was a huge improvement in remote support options that benefited everyone. Now, there are a few TeamViewer type applications available for any operating system.
I definitely appreciate that it makes life easier, and would definitely not refute that!
phd21 wrote:
Mon Nov 23, 2020 12:07 pm
I actually like the "x11" SSH option being enabled so that if I want to run desktop applications on the remote I can.
I think it's cool, but a lot of people seem to question how secure it is, plus in my experience it's slow as hell, so I keep it disabled.
I use Linux Mint 18.3 with Cinnamon in a VirtualBox VM for testing & sandboxing.

I'm LearnLinux (LL) on YouTube: https://www.youtube.com/channel/UCfp-lN ... naEE6NtDSg
I'm also terminalforlife (TFL) on GitHub: https://github.com/terminalforlife
User avatar
majpooper
Level 6
Level 6
Posts: 1332
Joined: Thu May 09, 2013 1:56 pm
Location: North Carolina, USA

Re: Best Way To Update a Computer I Won't Be Near? (Remote access vs other)

Post by majpooper »

Just go with automatic updates - I have that set up for a couple of folks that I installed LM for and it has been working hassle free for months.

TeamViewer is great until it's not. It seems arbitrarily TV decides you are a commercial enterprise and the free version stops working. Of course in a sense you are a commercial enterprise so I guess you should pony up for the paid version. Also TeamViewer has had some security issues in the past - maybe that has be fixed . . . dunno. I have switched to AnyDesk, which gets dumped on pretty bad in this forum but has worked for me just fine.

Again - for daily update support - auto-updates - too easy.
For remote support - if TV works great if not AnyDesk.
Ow That Hurts
Level 2
Level 2
Posts: 99
Joined: Fri Sep 27, 2013 6:50 pm

Re: Best Way To Update a Computer I Won't Be Near? (Remote access vs other)

Post by Ow That Hurts »

majpooper wrote:
Mon Nov 23, 2020 12:23 pm
Just go with automatic updates - I have that set up for a couple of folks that I installed LM for and it has been working hassle free for months.

TeamViewer is great until it's not. It seems arbitrarily TV decides you are a commercial enterprise and the free version stops working. Of course in a sense you are a commercial enterprise so I guess you should pony up for the paid version. Also TeamViewer has had some security issues in the past - maybe that has be fixed . . . dunno. I have switched to AnyDesk, which gets dumped on pretty bad in this forum but has worked for me just fine.

Again - for daily update support - auto-updates - too easy.
For remote support - if TV works great if not AnyDesk.
Thank you so much for the input and for sharing your experience.

I will look in to AnyDesk as well as in to the commercial license for TeamViewer.

And yes, will see if I can just set up autoupdates and be done with it.

Thanks again!!!
Post Reply

Return to “Newbie Questions”