Pros/cons of LogMeIn, TeamViewer, GoToMyPC

My work involves data collection from remote, inaccessible sites located around the world. I need to have highly-reliable methods of remote control. So I make sure every PC is Intel vPRO enabled, allowing me to power down, reboot, and even reinstall the operating system remotely from a HTTP vPro internal webserver on port 16992.

Checklist:
1) Intel vPro motherboard
2) Clonezilla DVD in DVD drive
3) Clonezilla HDD image on Blu-ray in drive or USB HDD / flash drive
4) Hardware Firewall (e.g. pfSense, m0n0wall) (don’t want to expose vPro ports to outside world).

What about the actual remote control? One can use SSH port forwarding and RDP/XRDP, but what about those who want to use LogMeIn or the like? I had this discussion recently and here were my points:

Pros of LogMeIn, TeamViewer, GoToMyPC commercial services:
———————————————————-

  • I would say that commercial remote desktop services such as LogMeIn are typically more secure on a Windows PC than just leaving port 3389 open to the internet. (One can use Cygwin OpenSSH server to SSH port forward to 3389, and/or user pfSense/m0n0wall hardware firewalls)
  • LogMeIn has convenient apps for smartphones and from a web browser (for open source choices, see AfreeRDP and Guacamole)

Cons of LogMeIn, TeamViewer, GoToMyPC commercial services:
———————————————————-
The downsides of LogMeIn-type commercial services have philosophical and practical aspects.

  • Commercial services typically use proprietary (non-open-source) technologies for the central server and/or securing the connection. (Open source choices are using perhaps the same technology but open to world-wide security reviewers).
  • The convenience of commercial services (centralized server making the connections) is seen by some as a weakness (could have unknown hackers as employees, could shut down their server, raise prices, etc.).

With open-source software, I can also access my PCs with a “single click” from a phone or laptop, without having a 3rd party server involved, and with all free open-source software that I trust. I can do so from a web page without plugins (see Guacamole). The key point being that I don’t have a 3rd commercial party whom I have to trust and pay.

Some customers do not allow 3rd party remote control software to be used, and so I have become proficient at using open-source solutions for remote control of many systems.

vncserver setup on Ubuntu 12.04 and 14.04

This example uses the Free TightVNC server.

sudo apt-get install tightvncserver
nano ~/.vnc/xstartup

and for Ubuntu 14.04,

sudo apt-get install xfce4
sudo apt-get remove xscreensaver xscreensaver-data

Here is an example of a working ~/.vnc/xstartup on Ubuntu 12.04 with TightVNC 1.3.9


#!/bin/sh
gnome-session --session=ubuntu-2d

[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey
vncconfig -iconic
x-terminal-emulator -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop"
x-window-manager

For Ubuntu 14.04, here is the ~/.vnc/xstartup that worked for me:

#!/bin/sh
unset SESSION_MANAGER
startxfce4 &

#[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
#[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
# neither /etc/vnc/xstartup or ~/.Xresources were on my system, so these two lines above do nothing.
xsetroot -solid grey

then I type

chmod +x ~/.vnc/xstartup

You can leave your VNC desktop running — it is not the same as your local desktop. It is a little tricky to use your local desktop reliably–I have done so with X11VNC, but it can be more trouble than it is worth! It’s MUCH easier to startup a new separate desktop session with vncserver or x11vnc

To start/restart VNC server (don’t have to do this often)

vncserver :1 -geometry 1200x800 -depth 24 -localhost

to kill a frozen/undesired desktop: logout, and do:

vncserver -kill :1

To connect, on my laptop I have the Bash script:

#!/bin/bash
ssh -f -L 5901:localhost:5901 user@IPaddress sleep 1;
ssvncviewer -user user localhost::5901

You must be sure that ports 5900-5999 are NOT exposed to outside world–VNC is NOT secure by itself! You must tunnel with SSH. You can see which ports are exposed to outside world by typing:
sudo ufw status
You should see only port 22 and any other ports only if you know what they are for.

You can connect by port forwarding via SSH and using RealVNC, SSVNCviewer, Remmina, etc. etc.

The default XFCE4 desktop may be missing menu icons (you see black squares or red X’s). Try Settings>Appearance
Style: Xfce-4.6
Icons: ubuntu-mono-light
Fonts: turn hinting on if you want