Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Need remote command line administration

  1. #1
    Join Date
    Oct 2008
    Beans
    5

    Need remote command line administration

    Hi,

    I'd like to set up some sort of remote administration for our Ubuntu 10.04 boxes going out. We're pushing ~500 out. I'd like to be able to enable a service that would 'register' each box with a central server and allow for either command line administration or GUI administration.

    Since we won't be able to do port-forwarding on each site and because the public IP may constantly change, vanilla SSH is unacceptable. I need something like Teamviewer (which I would use, except they don't allow for Unattended Access in Linux).

    We have a server we can use for this, if anyone knows of any solutions.

  2. #2
    Join Date
    Sep 2006
    Beans
    8,623
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: Need remote command line administration

    More information is needed to come up with decent suggestions. How many sites are you talking about and where is the one server in relation to them? Can you tell a little more about the topology of your network(s)?

  3. #3
    Join Date
    Oct 2008
    Beans
    5

    Re: Need remote command line administration

    Quote Originally Posted by Lars Noodén View Post
    More information is needed to come up with decent suggestions. How many sites are you talking about and where is the one server in relation to them? Can you tell a little more about the topology of your network(s)?
    This info is hard to quantify. We're rolling out kiosks in any number of different service industries. The machines could be placed in hotel lobbies, restaurants, stadiums, malls, etc... We'll have no control over the networks that they're placed on.
    The server isn't completely defined yet (we don't have it set up or bought, but it will be available if we need it), but I'm going to push for a cloud solution (i.e., we won't have any of our own hardware on-site; the hardware will be maintained through a third party). I believe we're going to have to use a Windows server in order to facilitate another software we use.

  4. #4
    Join Date
    Sep 2006
    Beans
    8,623
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: Need remote command line administration

    well if you're going for a hosted solution (aka Cloud) then you will almost certainly have one external IP address. That will allow the machines to phone home. In that case you could do anything from a reverse tunnel in SSH to running synchronization software like Radmind.

  5. #5
    Join Date
    Oct 2008
    Beans
    5

    Re: Need remote command line administration

    Thanks for the quick reply. However, what I'm seeing about reverse-SSH is that it's well suited for accessing one machine behind a firewall, but I don't think it will scale well. I don't think it will be a good idea to have 500 open SSH connections to our server. Also, there seems to be a lot of room for error when the tech on-site sets up the SSH tunnel (i.e., he could easily pick a port taken by another service or accidentally duplicate ports used by different computers). It seems to be better suited to accessing one computer behind a firewall, not 500.

    As far as radmind goes, unless I'm missing something, that doesn't allow for remote CLI administration, just for image deployment. While it may be nice to upgrade kiosks this way, it won't make for good everyday troubleshooting. Also, commands would have to be run physically from the client, which is what I'm trying to work around. Was I wrong? Did I miss a feature or hack?

  6. #6
    Join Date
    Sep 2006
    Beans
    8,623
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: Need remote command line administration

    That about sums up the shortcomings of both. The ports problem is what keeps the reverse tunnel idea from scaling that well. However, I'm not so sure that idle connections would be such a burden on the machine.

    Not having permanent IP addresses to work with is not an insignificant constraint.

    Another option might be to configure the kiosks to use a dynamic DNS service to be accessible via a host name, but that is not 100% reliable. There, you'd have to make sure that the on-site tech sets up each machine with a unique address.

  7. #7
    Join Date
    Oct 2009
    Beans
    Hidden!
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Need remote command line administration

    My suggestion would be to try dynamic DNS, but that might not work if you are unable to allow ssh thru the firewall on the network it is on.

    reverse ssh would be the best solution unless you can get team viewer working.
    Come to #ubuntuforums! We have cookies! | Basic Ubuntu Security Guide

    Tomorrow's an illusion and yesterday's a dream, today is a solution...

  8. #8
    Join Date
    Oct 2008
    Beans
    5

    Re: Need remote command line administration

    Quote Originally Posted by CharlesA View Post
    My suggestion would be to try dynamic DNS, but that might not work if you are unable to allow ssh thru the firewall on the network it is on.

    reverse ssh would be the best solution unless you can get team viewer working.
    I don't think Dynamic DNS would do much for punching holes in firewalls or NAT.

    Another problem I see with reverse SSH is that with 500 (or more) connections to one server, how would you find which one you're looking for? How would you organize it to know which connection goes to which computer? I'd still have to have someone on-site to figure out which port it's connected through, which is what I'm trying to avoid (having someone on-site). I could have them fire up TeamViewer instead, or hell, as long as someone were there to type and/or tell me stuff, have them create the reverse SSH on demand.

  9. #9
    Join Date
    Oct 2009
    Beans
    Hidden!
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Need remote command line administration

    Quote Originally Posted by volvo64 View Post
    I don't think Dynamic DNS would do much for punching holes in firewalls or NAT.

    Another problem I see with reverse SSH is that with 500 (or more) connections to one server, how would you find which one you're looking for? How would you organize it to know which connection goes to which computer? I'd still have to have someone on-site to figure out which port it's connected through, which is what I'm trying to avoid (having someone on-site). I could have them fire up TeamViewer instead, or hell, as long as someone were there to type and/or tell me stuff, have them create the reverse SSH on demand.
    You'd need a list.

    I'd go for having someone there that can launch teamviewer and them read you off the info and then connect that way.
    Last edited by CharlesA; January 27th, 2012 at 12:41 AM. Reason: wording
    Come to #ubuntuforums! We have cookies! | Basic Ubuntu Security Guide

    Tomorrow's an illusion and yesterday's a dream, today is a solution...

  10. #10
    Join Date
    Oct 2008
    Beans
    5

    Re: Need remote command line administration

    I've been working on other projects, but haven't forgotten about this one.

    Other fora have suggested using Puppet. Any opinions on that? I'm just now getting to know what it is.

Page 1 of 2 12 LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •