Pros/cons of LogMeIn, TeamViewer, GoToMyPC

My work involves data collection from remote, inaccessible sites located around the world. I need to have highly-reliable methods of remote control. So I make sure every PC is Intel vPRO enabled, allowing me to power down, reboot, and even reinstall the operating system remotely from a HTTP vPro internal webserver on port 16992.

Checklist:
1) Intel vPro motherboard
2) Clonezilla DVD in DVD drive
3) Clonezilla HDD image on Blu-ray in drive or USB HDD / flash drive
4) Hardware Firewall (e.g. pfSense, m0n0wall) (don’t want to expose vPro ports to outside world).

What about the actual remote control? One can use SSH port forwarding and RDP/XRDP, but what about those who want to use LogMeIn or the like? I had this discussion recently and here were my points:

Pros of LogMeIn, TeamViewer, GoToMyPC commercial services:
———————————————————-

  • I would say that commercial remote desktop services such as LogMeIn are typically more secure on a Windows PC than just leaving port 3389 open to the internet. (One can use Cygwin OpenSSH server to SSH port forward to 3389, and/or user pfSense/m0n0wall hardware firewalls)
  • LogMeIn has convenient apps for smartphones and from a web browser (for open source choices, see AfreeRDP and Guacamole)

Cons of LogMeIn, TeamViewer, GoToMyPC commercial services:
———————————————————-
The downsides of LogMeIn-type commercial services have philosophical and practical aspects.

  • Commercial services typically use proprietary (non-open-source) technologies for the central server and/or securing the connection. (Open source choices are using perhaps the same technology but open to world-wide security reviewers).
  • The convenience of commercial services (centralized server making the connections) is seen by some as a weakness (could have unknown hackers as employees, could shut down their server, raise prices, etc.).

With open-source software, I can also access my PCs with a “single click” from a phone or laptop, without having a 3rd party server involved, and with all free open-source software that I trust. I can do so from a web page without plugins (see Guacamole). The key point being that I don’t have a 3rd commercial party whom I have to trust and pay.

Some customers do not allow 3rd party remote control software to be used, and so I have become proficient at using open-source solutions for remote control of many systems.

Xrdp on Ubuntu 12.04 through 14.04

Note: ubuntu-2d was REMOVED from Ubuntu 12.10 onward. So for Xrdp on Ubuntu 12.10 and newer, observe the specific steps below.

For cases where you have to allow RDP users from Mac/Windows to connect to a linux machine, and for whatever reason you can’t install TightVNC on the Mac/Windows user PCs, you can try Xrdp, which creates an RDP server on port 3389 on the Linux PC.


sudo apt-get install xrdp

Now on ubuntu 12.04 we need to edit a configuration file

nano ~/.xsession

——————–
copy and paste [for Ubuntu 12.04 only]:

gnome-session --session=ubuntu-2d

[for Ubuntu 12.10 through 14.04]: copy and paste into ~/.xsession

exec openbox

then exit nano

and in Ubuntu 12.10 through 14.04, type:
sudo apt-get install openbox
————————————————-
then type

sudo service xrdp restart

Note: For Ubuntu 12.10 and Ubuntu 13.04 ONLY, you can also use gnome-session-fallback. But gnome-session-fallback is BROKEN in Ubuntu 13.10. You can also use XFCE in any of these Ubuntu versions.

Note, if you use Openbox, you’ll just see a grey screen upon typing password at Xrdp login. Right-click mouse to open menu.

Note: If you just get a gray screen, trying editing
/etc/xrdp/startwm.sh
to just have

----------
#!/bin/sh

if [ -r /etc/default/locale ]; then
. /etc/default/locale
export LANG LANGUAGE
fi

exec openbox
———–