I'm against running VNC these days. It's too easy to hijack the agent for an attacker to take control.
MeshCentral is free and it works ok. Pretty rough around the edges.
Simple Help is self hosted and fairly cheap.
Splashtop is another option, you'll just need a tech license. One tech license covers as many computers as you want.
I fixed this last night, there was a breaking change to the "node-windows" module that caused trouble. MeshCentral Windows Installer 2.7 should fix this. Let me know if it works. Thanks.
Mesh Central (https://www.meshcommander.com/meshcentral2) should probably be added to the list of remote destkop/control tools that are selfhosted.
​
But overall what the op needs is a way to make it simple to spin up various (predefined) vm's with a desktop if i understand well.
Many alternatives have been mentioned already. To complete the list, here are two more.
Both a self-hosted and open source. No data is sent anywhere, except to your own server.
I personally like Rport more than meshcentral. Both are focussed on remote access . Rport has better support of scripting and automation. They adopted many concepts from Ansible and Salt but with two significant differences. You can do everything with a UI, and they provide self-containing static binaries for any operating system. The installation is quick and easy. You don't need tons of python libraries.
Using remote desktop or SSH over meshcentral feels cumbersome. Why do I need a screen-mirroring agent when I want to do native SSH? But the agent is lightweight, and you won't notice it's running.
Both cannot replace a monitoring solution like Zabbix or Nagios. It's not their business. But Rport has announced extended monitoring functionality.
Due to the nature of Golang the Rport server is also a single file. Just run it, and done. But the installation of Meshcentral is fast and easy too. Meshcentral is developed with Nodejs and the installation is fully automated with npm.
Golang-Software for me feels more modern. You don't have any hassle resolving dependencies.
Regarding the user interface, Meshcentral looks a bit outdated. But it's easy to understand, and it does a good job. The UI of RPort is based on Vuejs and looks very modern. Both are intuitive.
I've been running Mesh Central on one, and I had Minecraft on the other, I think both were Oracle Linux 7.
I shut down the minecraft, but it worked fine for 4 or 5 players. I'm still running Mesh Central, no problems
You should look at MeshCentral. I've set up a server for it to help manage family PC's and I think it works great. I'm big into open source especially and sometimes self hosted for privacy/security stuff and this fits both those.
If you are using a reverse proxy in front of MeshCentral, MeshCentral need to know what certificate will be visible to the MeshAgents when they connect. In the domain section of the config.json add:
"certurl" : "https://hostname.domain.com:433"
The URL must point to a HTTPS server that is using the certificate the agents will see when connecting. You can using a private IP address if you like:
"certurl" : "https://192.168.0.1:433"
As long as the request made gets the right external certificate, it should work. Also, if the reverse proxy will be terminating the TLS connection, you will need to add the following to the settings section of the config.json
"tlsoffload" : "192.168.0.1"
This will indicate to MeshCentral to listen to port 443 but not to perform TLS on this port since TLS is being done by the reverse proxy in front. Also, the IP address should be the address of the reverse proxy, this will be used to know when to trust the "x-forward-for" HTTP header.
For extra helps, take a look at the reverse proxy sections of the User Guide that you can get here. There is a section on NGINX which covers the same concepts.
Hope this helps,
Ylian
Hi. If you run meshcentral from the command line it will close when you close the SSH session, this is normal behavior. If you want to run MeshCentral as a background service, try these commands:
sudo node ./node_module/meshcentral --install sudo systemctl start meshcentral sudo systemctl restart meshcentral sudo systemctl stop meshcentral sudo node ./node_module/meshcentral --uninstall
Note that you need to run these as "root", so you can add the "sudo" on front of the command line, but that is not needed if you are already root. For more details, take a look at the install guide and user guide you can find here. Hope that helps.
Install it on server and agents on workstations. Then you can connect to the clients via browser.
I installed it last month cause the COVID stuff and it works like a charm.
You even can turn on computers from meshcentral if you have WOL enabled
There's a FOSS remote control system that's being developed by a handful of Intel guys that speaks to AMT called MeshCentral - you can setup Intel AMT CIRA to get the chipset to phone home to a server you specify.
You could look at Mesh Central 2 (it’s in progress and pretty functional for what I need which is RDP), I just spun up an instance in Digital Ocean as a test run and I’m pretty sure I’m gonna keep it for being able to reach my lab and all securely without having to port forward stuff.
/r/meshcentral for their sub , but also look at https://www.meshcommander.com/meshcentral2
Meshcentral works great for Windows and Mac. If they are not directly addressable, no problem as long as you have a host that is reachable via public ip.
Looking at my Linux servers, I did not use the "Capabilities=" line at all since I use:
sudo setcap cap_net_bind_service=+ep /usr/bin/node
If you use "setcap" then you can run MeshCentral manually or using Systemd and it should work. If you use the AmbientCapabilities= it only works for Systemd. In any case, I just did a silent update of the documentation at https://www.meshcommander.com/meshcentral2.
Thank you very much for reporting this. I bet many others have run into this and not reported it.
You can take a look at the MeshCentral User's Guide. Currently section 16 is the NGINX setup section. The guide is linked from the MeshCentral main web site.
I certainly understand the security concerns with Intel AMT. After all, it's a "RING -2" management agent baked into the hardware below the OS, this makes it powerful but also a big security target. You have to know that you are doing. Everyone should be enabling TLS when activating Intel AMT for example. However, for some people, it's super useful (digital signs, vending machines, etc). If the OS goes down, it's a huge cost saver.
As I indicated earlier, if you need these features, I would personally configure Intel AMT with CIRA because it lowers the attack surface a lot. Intel AMT contracts the server, you don't get to contact it. Worst that can probably happen is that an attacker can DOS the connection attempt to the server.
I will note that I work on both MeshCentral (management web site that works on everything) and MeshCommander (Intel AMT tool). So maybe the two get mixed up. MeshCommander is a smaller tool that only works on Intel AMT.
> half-decent RMM tools that are free or open source. There's a reason why MSPs pay big money for them.
>
>How many endpoints (computers/servers/network devices) do you have? Some tools will offer some sort of free trial based on having less than 10-50 endpoints, but even then, they'll have somewhat limited functionality.
you can give this a try if you want https://www.meshcommander.com/meshcentral2
This is absolutely wonderful. I am on Reddit often for SpaceX, Tesla and other news. For people who don't know, I am one of two developers on MeshCentral. Please don't hesitate to ask questions. Here are a few important MeshCentral related links to get started:
If you are using AMT Vpro to connect to clients, you will probably find a self-hosted instance of Meshcentral useful.
It is an open source project written by the Intel engineer who literally wrote the book on AMT. It creates a web interface that lets you interact with AMT (and coincidentally, creates a teamviewer-competitive RMM solution in the process).
I've added several AMT enabled devices and manage them purely through meshcentral.
I found Meshcentral to very be handy if you have multiple locations/remote workers. If you only have one location, Guacamole works quite well.
First option should be using IPMI. Second option is that if you are running an intel vPro machine, you basically already have an IPMI. You can run meshcentral on a pi and use it to connect to your machines with intel AMT. You can also do other neat things like turn them on/off remotely, see all of the hardware, and fun stuff like that.
One caveat is that you may need a display emulator (basically a plug for your display that pretends to be a monitor) to get a proper picture.
As long as you are happy with looking at open source solutions, Meshcentral is a surprisingly robust on premise RMM tool.
It doesn't give you as nice an experience as teamviewer, but it works, and is led in development by an engineer at intel.
It's also got native support for intel AMT, which is nice if you need out of band access to workstations or servers that don't have IPMI.