Re: Ideas on how to best remotely support elderly parents runningopenSUSE

On 08/26/2013 01:46 AM, suse tpx60s wrote:
>
> I converted my elderly parents (75 years old) from running Windows to
> running oS about 4 years ago and things have been fine as I was only 15
> minutes away and could go sort any problems out for them and perform the
> necessary upgrades. I’m now going to be moving to another country half
> way round the globe and am left with the problem with how I’m going to
> be able to support them remotely. They only use the computer for
> internet, e-mails, Skype, google earth, watching videos and listening to
> music, my dad runs Calibre to manage his e-book collection so nothing
> too taxing. They also use Virtualbox to run WinXP for a specific puzzle
> game that they play.

A reasonable setup. Nice work.

> One of my biggest concerns I think will be the times when a upgrade
> from one release to the next release will be required. I was wondering
> if putting them on tumbleweed would be a good solution. That way their

I would not. Tumbleweed isn’t made for this I do not think, and its
bleeding edge is sometimes tainted by its users who really want the
latest/greatest.

> I will try set their system up for remote administration but I’ve only
> had limited reliability with that and found in the past that it
> sometimes got broken with updates. What would the best and most reliable
> way of remote administering their PC be?

I suppose there are several ways that should be reliable. The way I do it
with systems that I always access is either by setting up the owner’s
router to let me in (via SSH or a VPN that I setup for them, assuming
their router doesn’t have that ability on its own as some do) or else I’ll
have their computer connect to mine since I do have remote SSH access to
my home. I then create an init script for them so that on startup their
computer connects to my server which is always waiting for them. When
that connection happens it sets up a tunnel back into their environment so
I can always get in from anywhere. It’s a little complex at first, but it
works really reliably and securely. If you do not have a static IP you
could always get the cheapest VPS in the world that will run an SSH server
and use that VPS/VM for this purpose for a very low monthly rate. Most of
the administration with which I help others isn’t GUI stuff but more, like
you said, managing patches and maybe fixing odd quirks that are all doable
via the command line (thus via SSH).

Good luck.

On 2013-08-26 13:29, ab wrote:
> On 08/26/2013 01:46 AM, suse tpx60s wrote:

>> One of my biggest concerns I think will be the times when a upgrade
>> from one release to the next release will be required. I was wondering
>> if putting them on tumbleweed would be a good solution. That way their
>
> I would not. Tumbleweed isn’t made for this I do not think, and its
> bleeding edge is sometimes tainted by its users who really want the
> latest/greatest.

Evergreen might be an interesting possibility, though. Current version
is 11.4, next will be 13.1. 3 years maintenance cycle.


Cheers / Saludos,

Carlos E. R.
(from 11.4, with Evergreen, x86_64 “Celadon” (Minas Tirith))

On 2013-08-26 16:16, suse tpx60s wrote:
> nd will
> look at Evergreen and see what that is.

openSUSE:Evergreen


Cheers / Saludos,

Carlos E. R.
(from 11.4, with Evergreen, x86_64 “Celadon” (Minas Tirith))

Well since you both asked so nicely, here’s my current system:

First assumption: Static IP or dynamic DNS that works. I have a static
IP, and recommend that, since too many dynamic DNS services requiring
running something on a workstation to update the DNS provider. Bleh…
static IPs (with real DNS names if you can) are nice, and really pretty
cheap most of the time.

Other assumption: You can get to YOUR system via SSH somehow. I recommend
changing ports to avoid stupid bots, and while it’s a bit obvious you may
want to consider going (as I do) with port 443. Why? Because most places
allow, if nothing else, ports 80 and 443. Since it’s used for encrypted
stuff most of the time SSH doesn’t look that strange, and
packet-inspectors necessarily pass over it since there’s nothing they can
glean from it. With that in mind, use fail2ban or watch logs closely, and
use ONLY certificates to get anytime possible. Accounts with certificates
should not be logging in with passwords because chances are people will be
trying to guess them on common ports like 22 and 443. They’re usually
script kiddies and not a threat, but still, use certs.

For the purpose of this I’ll use a few variables:

MYBOX = My system at home. IP, DNS, whatever… that’s what this is, as
seen from the Internet.
MYBOXSSHPORT = the SSH port used to access your home SSh server from the
Internet. 22 is the SSH default, but I’d recommend 443 or something high.
CLIENTUSERNAME = a user specifically for this client to connect to my home
box; NOT root.
ME = My username on MYBOX
REMOTESSHBOX = Refers to the customer/client/family system running an SSH
server. Since we’re talking about family with openSUSE, they all CAN do
this, just enable SSH. This is the IP address as seen from the client
system making the connection to MYBOX, so it may be localhost/127.x.x.x or
it may be another system.
RANDOMHIGHPORT is a high port through which the tunnel will exist. Pick
something higher than 1023 and preferably a little memorable, or create a
script or Tomboy note with the details. You can find it out if forgotten,
but that’s a tiny bit more work.

Basic problem with remote access is that most home routers prevent
incoming connections both because they implement NAT (and the IPs hidden
within the private network are not accessible directly) and for security
reasons (protect the home network from bad people). Outbound connections,
however, are allowed with almost no restriction in most environments,
home, corporate, or otherwise. Those allowances are present particularly
for SSLized HTTPS traffic, typically on 443. Due to the nature of TCP you
can tunnel anything you would like over it, including other TCP
connections, if the application allows it. SSH, of course, being
super-duper-awesome, allows that and much more.

Here’s the technical bit:

On REMOTESSHBOX (or any box in the remote environment that has TCP access
directly to REMOTESSHBOX):

Code:

ssh -p MYBOXSSHPORT CLIENTUSERNAME@MYBOX -R RANDOMHIGHPORT:REMOTESSHBOX:22

This makes a connection from the client/family system to your home system
as a username that you created on your home system. The connection also
requests a reverse tunnel which allows any access on MYBOX via
RANDOMHIGHPORT to go directly to REMOTESSHBOX (probably the system on
which the SSH command was typed) port 22, which is where SSH is normally
(change if needed… probably not necessary in 99.9% of cases). This
means that if you are on MYBOX and you use the SSH command to connect to
port RANDOMHIGHPORT (whatever that represents) then you are actually
SSHing to your client’s server.

If MYBOX is your workstation from where you will be typing in stuff
directly then you can omit this next step, but if MYBOX is a server that
you do not use 24x7 there is more to be done. SSH is smart, and
security-oriented, so the listening socket is ONLY listening on 127.0.0.1
by default (man sshd for more on Gateway Ports for other options, or on
how to specify a specific address to listen besides 127.0.0.1) so I now
connect to my server from my laptop. This may seem like a bit of work,
but there are side benefits to doing it this way including:

  1. Security: Only people who can get to my server, which means ‘me’
    usually (not people who connect to my network with or without permission)
    can use these tunnels.

  2. Accessibility. Sure this next bit seems complex, but it means that I
    can also SSH home (from anywhere in the world) and use these tunnels to
    fix things without being at home.

Okay, SSH to the server myself and setup a forward/local tunnel to it:

Code:

ssh MYBOX -L RANDOMHIGHPORT:127.0.0.1:RANDOMHIGHPORT

Now there is a connection from my laptop to my server, and from my server
to the client. If I then, on my laptop, run the following command, I
magically get connected to the client’s system:

Code:

ssh -p RANDOMHIGHPORT locahost

There are ways to improve this by eliminating password prompts (use keys)
and stop needing to remember ports, primarily via scripting or maybe via
SSH command helpers in ~/.ssh_config which I do not currently use.

What happens if the connection times out, or dies, or I reboot MYBOX or
something? Simple enough, put the remote command in a loop (which means
you MUST have SSH keys working to avoid password prompts that stall the
loop) and run that loop in a ‘screen’ (a detatchable shell… see man screen for more, or my article here:
http://www.novell.com/communities/node/8560/ljdt-taking-advantage-screen ):

Code:

while 1 ] ; do
ssh -p MYBOXSSHPORT CLIENTUSERNAME@MYBOX -R RANDOMHIGHPORT:REMOTESSHBOX:22
sleep 10;
done

In fact, take it one step further by having your SSH connection from the
client’s system to your server, and maybe also from your machine to your
server, run a loop that keeps the connection from being timed out die to
inactivity (you know, while you are sleeping). Sure, it’ll reconnect, but
avoid needing to if possible:

Code:

while 1 ] ; do
ssh -p MYBOXSSHPORT CLIENTUSERNAME@MYBOX -R RANDOMHIGHPORT:REMOTESSHBOX:22
‘while 1 ] ; do date; sleep 10; done’
sleep 10;
done

Now the SSH connection is made and runs ‘date’ once in a while just to
keep things alive, and as a side benefit tells you (on the client side)
when things last worked to your system. The outer loop is there just in
case the connection ever breaks since, ten seconds later, it’ll be
recreated. Hooray!

At this point you already have everything working and can SSH to the
client’s computer, which is a good start. I have not yet shown how to do
other things over that connection “directly” to their system, though, such
as web browsing. What if you want to access a web server on their network
somewhere? Well, when you make that last connection directly to their
system instead of doing this:

Code:

ssh -p RANDOMHIGHPORT locahost

do this, to access 192.168.3.5 (on their network) on port 80:

Code:

ssh -p RANDOMHIGHPORT locahost -L 8080:192.168.3.5:80

After establishing this connection you can, from your laptop/workstation,
connect to http://localhost:8080 and see whatever is out there on
192.168.3.5:80 as if you are on that network directly. Notice that the
tunneling and target ports need not be the same, since I forwarded 8080 on
my box to 80 on the remote box. This is necessary sometimes since, as I
wisely do not run as ‘root’, I cannot forward ports < 1024.

How about accessing RDP (for that pesky windows VM that isn’t playing
games anymore)? Do that too:

Code:

ssh -p RANDOMHIGHPORT localhost -L 8080:192.168.3.5:80 -L 3389:10.1.1.1:3389

Now on your client just use ‘rdesktop’ to connect to ‘localhost’ and
you’ll see their VM on their network/system as if you were on that network.

Okay, ask questions.

Good luck.

First draft… and I have a tendency to be fairly verbose, so here’s a
summary:

Somebody needs to get into the target system. That somebody is the target
system itself, by connecting out to an accessible system (MYBOX) and then
providing a tunnel through which anything can be sent.

To access that tunnel one must be on the middle box (your server, aka
MYBOX). To connect to that localhost-only tunnel, first SSH to the server
yourself and create a tunnel of your own there. Have your tunnel point at
the client’s tunnel.

Finally, connect to your tunnel, which points at the client’s tunnel,
which points to the clent’s SSH server.

The rest is just providing details and possible examples for what to do
with this magic.

Sometimes I think we all wonder, when learning something new, how worth it
the new skill is. Trust me, tunneling (and SSH in general) is totally
worth learning really well. You’ll end up using it all of the time when
others say, “It can’t be done.” and then a solution will be working in
about five minutes.

Good luck.

On 2013-08-26 18:06, suse tpx60s wrote:

> Thanks robin_listas. I had a look at the Evergreen version and like you
> say it’s quite old with 12.3 only coming in May '15. I think i’ll go
> with Oldcpu’s method.

Oh, absolutely, you have to use his method.

Only that I think that an LTS version should be the best to choose,
because you don’t have to upgrade every year. Unfortunately, they don’t
overlap much.

Consider that if you install now 12.3, it will be maintained till Sep
15th 2014 (en.opensuse.org/Lifetime), whereas 11.4 Evergreen will be
maintained till July 2014.

So the scheme would be 12.3 now, and 13.1 when possible, which is
expected to be good for 3 years since release.


Cheers / Saludos,

Carlos E. R.
(from 11.4, with Evergreen, x86_64 “Celadon” (Minas Tirith))

suse tpx60s wrote:

> Oldcpu, I’m glad to see it’s possible to remotely support someone
> reliably although I see that there are numerous areas where problems
> could arise. One of my main fears is that the router gets reset or
> replaced by the ISP. It’s used for providing no only internet but also
> IPTV so if something goes wrong resetting is one of the first things
> they do.
>

There are simple fixes for those IP changes. Things like dyndns are
supported by most routers and will keep the dns updated as the cjanges
occur. Being a cheapskate, I have all the machines I need to support run a
cron job that uses a simple curl request to return the global IP of the
modem. These run every 10 minutes or so and the script sends an email to an
account in the event the IP address changes. That way, I can grab the
current IP address of any of the machines - including the home box - using
any web browser on any machine I can get my hands on. The email account I
use can be set to forward the incoming messages to whatever account I want
so I even get notified when something changes for whatever reason.


Will Honea
whonea@yahoo.com

suse tpx60s wrote:

> My plan was to clone the HDD and then leave it unplugged in the PC so
> if the HDD goes my dad can just unplug the old HDD and plug in the new
> one. I already have his system creating regular backups of his home
> directory to an external HDD so once the HDDs are swapped I can then go
> about recovering his data.
>

There is one major gotcha with an exact clone: the fstab table defaults to
device ID. You have to either change that to something that correctly
identifies the “new” drive so thta the mounts are correct. Simple problem
but it could be a show stopper.


Will Honea
whonea@yahoo.com

suse tpx60s wrote:
> Will Honea;2581904 Wrote:
>> There is one major gotcha with an exact clone: the fstab table defaults
>> to
>> device ID. You have to either change that to something that correctly
>> identifies the “new” drive so thta the mounts are correct. Simple
>> problem
>> but it could be a show stopper.
> Good spot. I didn’t think of that. I assume just changing the HDD
> device ID in fstab to that of the new HDD would suffice. The HDD device
> ID is not used anywhere else is it?

Perhaps easier just to change the type of mount to by label or even by
UUID. If you clone the disk (with dd) then they’ll have the same label
and/or UUID.

On 2013-08-27 13:46, oldcpu wrote:

> Dependent on the PC case hardware build and on how the hard drive is
> mounted inside, this task could be very difficult, or it could be very
> easy.

How about a hard disk caddy?

You put a HD inside, with complete system and home. Things break? You
tell her to pull out the disk and push the replacement.

That’s what I do for my backup: the backup disk goes into the caddy, and
it has a small system and a large data partition. In my case, I select
which to boot in the BIOS.

There are some caddys with keys. The one I have holds one normal hard
disk, one laptop disk. Has a cover that pulls the disk out, and a
switch, plus two usb sockets I can not use. They go into a free 5¼ bay.

But I don’t remember if you said she used a laptop? :-?


Cheers / Saludos,

Carlos E. R.
(from 11.4, with Evergreen, x86_64 “Celadon” (Minas Tirith))

On 2013-08-27 11:36, suse tpx60s wrote:

> I think I may implement the script and cron job setup too as well as
> the router updating dyndns as a backup to the router being reset and
> losing the dyndns config. Would you mind posting the contents of your
> curl script for me to use?

Better if the email is only sent when IP changes, or once a day.

I have a script to extract the IP and write it to a log, only, not for
sending the email.


Cheers / Saludos,

Carlos E. R.
(from 11.4, with Evergreen, x86_64 “Celadon” (Minas Tirith))

I think that’s what I’ll do. It’ll simply things and make the swap over just a matter of switching the HDDs.

Could you post your script. I’d be interested to see how it works.

[QUOTE=robin_listas On 2013-08-27 13:46, oldcpu wrote:

> Dependent on the PC case hardware build and on how the hard drive is
> mounted inside, this task could be very difficult, or it could be very
> easy.

How about a hard disk caddy?

You put a HD inside, with complete system and home. Things break? You
tell her to pull out the disk and push the replacement.

That’s what I do for my backup: the backup disk goes into the caddy, and
it has a small system and a large data partition. In my case, I select
which to boot in the BIOS.

There are some caddys with keys. The one I have holds one normal hard
disk, one laptop disk. Has a cover that pulls the disk out, and a
switch, plus two usb sockets I can not use. They go into a free 5¼ bay.

But I don’t remember if you said she used a laptop? :-?


Cheers / Saludos,[/QUOTE]
A caddy would be useful and I’ll have a look at some as I’ve not seen the type you speak of. I’ll need to check that there is a free 5.25" bay in the PC enclosure. My dad’s OK with changing cables in HDDs as he’s added HDDs himself before. In his PC case the HDD sit sideways with the cable end facing the side panel so once you remove the side panel (two thumb screws) the cables are right there easily accessible. All he would have to do is unplug from the one drive and plug into the other drive.

I’m reposting this as the original has got lost in the restore. I’d appreciate if you could share your script as I’d like to have a backup to the router using dyndns in case the router is reset and the dyndns settings get wiped.

Original Post was here (copied back after being lost on webside in database recovery). … I’ll gradually try to copy back in on the webside, some of the lost posts. My apologies to NNTP users, as you will be seeing repeated posts :

==================

**From: suse_tpx60s

Subject: Ideas on how to best remotely support elderly parents running openSUSE**

I converted my elderly parents (75 years old) from running Windows to running oS about 4 years ago and things have been fine as I was only 15 minutes away and could go sort any problems out for them and perform the necessary upgrades. I’m now going to be moving to another country half way round the globe and am left with the problem with how I’m going to be able to support them remotely. They only use the computer for internet, e-mails, Skype, google earth, watching videos and listening to music, my dad runs Calibre to manage his e-book collection so nothing too taxing. They also use Virtualbox to run WinXP for a specific puzzle game that they play.

One of my biggest concerns I think will be the times when a upgrade from one release to the next release will be required. I was wondering if putting them on tumbleweed would be a good solution. That way their system would just continually update. I would lock the kernel updates so it’s not updated and gets too far ahead of the versions required by virtualbox for example and then do a manual periodic kernel update.

I will try set their system up for remote administration but I’ve only had limited reliability with that and found in the past that it sometimes got broken with updates. What would the best and most reliable way of remote administering their PC be?

I’m hoping others here in a similar situation will be able to offer some advice and ideas.

This is one of the posts of the older thread (copied back after being lost on web side of this thread during a database backup recovery). … I’ll gradually try to copy back on the webside of this thread, some of the lost posts. My apologies to NNTP users, as you will be seeing repeated posts :

==================

**From: oldcpu

Subject: Re: Ideas on how to best remotely support elderly parents running openSUSE**

I support my mother from over seas, where she runs openSUSE. I have been doing so for many years ( since ~2005 ) .

I live in Europe. My mother lives in Canada. She turns 88-years old in Spring 2014. She lives alone.

She has openSUSE-12.3 with the KDE desktop running on her PC (which I updated to a new PC a couple of years ago). Her desktop PC is equipped with a USB webcam, USB printer, flat screen display (VGA) and uses wired ethernet that connects to the router provided by her ISP. Her PC also has a wireless that I set up as a backup.

I perform all the updates on her openSUSE remotely from Europe. She gets notification of updates pending, and when the number gets large, she tells me and with her verbal permission I connect to her PC from here in Europe, take over her desktop with vnc, and run YaST to conduct the updates. I use ‘vnc’ instead of ‘nx’ because with ‘vnc’ I have set it up so she can see what I do with her PC. Sometimes, to my surprise, she likes to watch, and when she does she typically learns a bit from my remote maintenance (which IMHO is impressive for an 87-year old grandmother who only started using computers when she was a young 74 years old).

I do not use Tumbleweed on her PC in Canada. In my view it is not stable enough (and I have Tumbleweed running on two PCs here in my apartment in Europe). But I do try to visit once/year, and when I do visit I update her openSUSE to a new version. openSUSE changing to 18-months between releases ‘hurt’ me/her a bit, as there were a couple
of occasions where my visits were 2 years apart and her PC had in one case to go for 6-months without updates. In the ‘other case’ it was not a problem, as she had an ‘Evergreen’ version, where the community supported the openSUSE Evergreen version well past the SuSE-GmbH supported 18-months. If possible, consider installing an ‘Evergreen’
version of openSUSE on your parents PC.

When I visit my mother’s place, I check/confirm with my own laptop that her PC is setup for remote access. I do this on her home LAN, and then I go to an external location (my sisters place in the same city, or a Starbucks or place with wifi access) and test that I can take over her PC. I do this while I am visiting my mother in the same city as my
mother’s computer. That testing is important.

Note you can not make any major mistakes on your parents PC, for if you do, they will be helpless. Hence extreme caution is needed. Be cautious with any x11 updates, any kernel updates, any grub updates, any x11vnc updates …

My mother’s PC has radeon graphics, but I do NOT use the proprietary fglrx driver. Instead I stick with the open source radeon driver, so that reboots after a kernel update are easy. I am VERY cautious when there is kernel update, and I wait for a couple of weeks before I do any such update on my mother’s PC, in order to check if the community has complained about that kernel release. In fact this is true for all updates. Do NOT try to be on the cutting edge of the latest updates. Use a philosophy of extreme stability and excessive testing being needed.

After updating the kernel on my mother’s PC, I remotely reboot her PC, and then rebuild Virtual Box so that her WinXP can run inside Virtual Box.

My mother and I talk 3 to 4 times/week on Skype for 10 to 15 minutes, and often I give computer support over Skype. Sometimes she will ask me to show her something on her computer, in which case I 1st ask her permission to go to her computer (that is VERY important - as she MUST always feel in charge of her PC), and then when granted I take over her desktop remotely. She can see what I do, and at the same time we talk on Skype.

I have her webcam mic/video setup such that she does not need to use a headset, although she has one as a backup. She puts a cloth over her webcam when it is not in use (although no one is going to hack into her PC).

She struggles using the scan function on her HP USB printer, and often she will ask me to run the software to scan documents for her (while she does the physical paper moving). Sometimes she will jam the print queue on her openSUSE, and I need to go into her PC (with her permission) and clear the printer queue.

She struggles getting pictures off of her camera, and often over the phone I walk her though

  • plugging the USB cable into her camera,
  • plugging the USB cable into her PC,
  • setting the right dial selection on her camera to upload pictures to the PC
  • switch on the camera
  • running the software to download pictures to her PC

Often she has wanted to print something, and the document format was bad. So I would either her edit the document remotely, or I would copy the document back to Europe, edit it on my PC, and then copy the document back to her PC for printing.

I set up her home router to direct my ssh/vnc connections from the router to her PC. I also have her router password, and I can access/take over her router here from Europe, and reconfigure it if necessary. I had to do that once when her Ethernet LAN connection failed. Fortunately she could still access the Internet via the wireless I had setup. I then had to go to the router, and reconfigure the router to route my ssh/vnc via the wireless to her PC (and not via the wired).

On another occasion, her TV stopped working (where the TV uses the same router) and the ISP as part of their troubleshooting reset her router, which broke my remote access. Fortunately I had the router’s remote password, and with my mother’s permission I went back in to her router, and again configured her router so that it redirected my connections to her PC. After that I could then access her PC.

wrt the Wired PC problem, she actually solved the wired Ethernet problem herself. The PC had built up a static charge in its Ethernet circuit, and she completely removed all power from the PC (unplugging it from the wall) and left it like that for an hour. Plugged the PC back in, and the Ethernet circuit worked again. But it was a few weeks
before she tried that.

I typically take notes when I update her PC, so that if there is a problem, I can check what I did.

Ensuring that you always have ssh/vnc access is very important. So is the need to visit at least once every 2 years (once every year is better). But do not forget the utility of Evergreen.

For added security, I pipe the vnc connection via encrypted ssh, using a command line technique, and I can post that method here if you think it will help. Also,with every new openSUSE release, I check in the milestone releases all functionality that I use with my mother’s PC, and if there is something that does not work properly, and I think it ‘might’ impact my mother in a year into the future, I will write an immediate bug report so to get the fix done now.

In essence I have been doing what you are considering in setting up for over 7 years now - and I live a continent away.

If you have an specific questions - please feel free to ask.

This is another one of the posts of the older thread (copied back after being lost on web side of this thread during a database backup recovery). … I’ll gradually try to copy back on the webside of this thread, some of the lost posts. My apologies to NNTP users, as you will be seeing repeated posts :

==================

**From: Knurpht

Subject: Re: Ideas on how to best remotely support elderly parents running openSUSE**

My dad manages quite well, i.e. does his own updates, and he’s only 60 km away from us. I normally use ssh to connect when needed, but got into trouble when his provider changed IP addresses a couple of time, had his modem replaced by a modem-router etc. etc. I can phone him and tell him what he needs to do (or mail instructions to his gmail account on his android tablet), which has been f.e. to make his modem-router accessible for me). Since he’s making mistakes in IP addresses all the time, I’ve written a script that dumps his external ip in a text file in his dropbox folder shortly after boot. And taught him to get rid of habits like disconnecting the modem-router because the vacuum-cleaner needs power. :slight_smile:

Whenever his problems are of a “how-do-i” kind, I use teamviewer to be able to watch along with what he’s doing, or show him how to do it.

This is another one of the posts of the older thread (copied back after being lost on web side of this thread during a database backup recovery). … I’ll gradually try to copy back on the webside of this thread, some of the lost posts. My apologies to NNTP users, as you will be seeing repeated posts :

==================

**From: suse_tpx60s

Subject: Re: Ideas on how to best remotely support elderly parents running openSUSE**

Thanks for the comprehensive answers ab and oldcpu. ab, I too would be interested in seeing a tutorial for how you set up the remote ssh and tunnel back. That sounds interesting.

Oldcpu, I’m glad to see it’s possible to remotely support someone reliably although I see that there are numerous areas where problems could arise. One of my main fears is that the router gets reset or replaced by the ISP. It’s used for providing no only internet but also IPTV so if something goes wrong resetting is one of the first things they do.

I’d definitely be interested in seeing how you set up the vnc to pipe through ssh.

I get your point about tumbleweed so won’t go down that route and will look at Evergreen and see what that is. I expect to get back to see my parents at least once every 18 months but it may be 24 months on some occasions if circumstance doesn’t allow.

I have a few questions:

  • Is your mother’s PC continually ‘listening’ for you to connect?
  • Does your mother have a static or dynamic IP?
  • If dynamic which service (dyndns?) do you use for resolving the IP?
  • When I use vnc between my desktop and server, both on the same LAN and both running 12.3, I can’t do anything that requires root on the server through vnc as it opens blank grey windows. This is a bug that has been discussed elsewhere on the forum already. Do you not experience that? This would make the whole thing non starter.
  • Why do you rebuild the Virtualbox and not use the one from the repo which gets updated for the new kernal anyway?
  • Have you protected against the consequence of a HDD failure on your mum’s PC?

Thing I take away from your post is that you really need an element of redundancy especially for the connection back to the PC. Without having a connection one’s ability to provide support becomes drastically reduced.

This is another one of the posts of the older thread (copied back after being lost on web side of this thread during a database backup recovery). … I’ll gradually try to copy back on the webside of this thread, some of the lost posts. My apologies to NNTP users, as you will be seeing repeated posts :

==================

**From: Carlos E.R.

Subject: Re: Ideas on how to best remotely support elderly parents running openSUSE**

[openSUSE:Evergreen](https://en.opensuse.org/EvergreenCarlos E. R.
(from 11.4, with Evergreen, x86_64 “Celadon” (Minas Tirith))

This is another one of the posts of the older thread (copied back after being lost on web side of this thread during a database backup recovery). … I’ll gradually try to copy back on the webside of this thread, some of the lost posts. My apologies to NNTP users, as you will be seeing repeated posts :

==================

**From: Carlos E.R.

Subject: Re: Ideas on how to best remotely support elderly parents running openSUSE**

Oh, absolutely, you have to use his method.

Only that I think that an LTS version should be the best to choose, because you don’t have to upgrade every year. Unfortunately, they don’t overlap much.

Consider that if you install now 12.3, it will be maintained till Sep 15th 2014 (Lifetime - openSUSE Wiki), whereas 11.4 Evergreen will be maintained till July 2014.

So the scheme would be 12.3 now, and 13.1 when possible, which is expected to be good for 3 years since release.

Cheers / Saludos,

Carlos E. R.
(from 11.4, with Evergreen, x86_64 “Celadon” (Minas Tirith))

This is another one of the posts of the older thread (copied back after being lost on web side of this thread during a database backup recovery). … I’ll gradually try to copy back on the webside of this thread, some of the lost posts. My apologies to NNTP users, as you will be seeing repeated posts :

==================

**From: oldcpu

Subject: Re: Ideas on how to best remotely support elderly parents running openSUSE**

I use a basic konsole based method that Yaloki taught me 8 or 9 years ago. (Yaloki for the longest time was one of the top 3rd party packagers for openSUSE and was on the openSUSE board for a number of years). See post#7 in this thread: https://forums.opensuse.org/english/get-technical-help-here/network-internet/484870-vnc-black-screen-12-3-a.html

In essence, from a konsole on my PC, I ssh into my mothers PC, with an ssh command, that launches X11vnc. I then open a second konsole on my pc, and start vnc viewer. Post#7 in the noted thread gives the commands. Yaloki actually gave me a script that did all that, but I never used it and I have long since lost that script.

Yes I have the ssh dameon running on her PC for an ssh connection. I do not constantly have vnc running on her PC. I ONLY open vnc via the ssh tunnel on an “as required” basis. That way no one else can hack in via the vnc session that I start.

Both my mother’s router and her PC have dynamic IPs. The PC being dynamic worried me at first, but it turns out her router always assigns her PC the same IP address, so that is in effect equivalent to being dynamic. And as noted, I have her router password and if necessary I can remotely access her router, get a list of IP addresses of PCs accessing the router, and deduce which PC is my mother’s (she only has one PC on her LAN so its not a difficult deduction).

I use dyndns. Her router has a feature that it automatically updates the cost free dyndns I have setup for her. But as a backup, I have an icon on her desktop, that launches firefox, with the URL of an IP resolution site, hardcoded in the firefox icon. The icon is labeled “IP Address”. If I can not get her IP address to work for some reason , I ask her to give me her IP address by clicking on that ICON on her desktop. That launches firefox and it automatically goes to a web site that has in BIG print "your IP address is … " and my mother sends that to me by an email, or simply gives it to me over the phone, or she gives it to me via a skype chat.

I have had to use this ‘icon’ backup many times, and my mother now knows all about IP addresses !!

No. I have no such hiccup. I log on always as a regular user to her PC. Then if I need root on her PC, I then type ‘su’ (if using ssh) or if using vnc I open a konsole on her desktop and get root on that konsole.

I confess I have been using the cost free (but not free software free) oracle Virtual Box, and that version needs to be rebuilt each time. Fortunately it is easy to do, but I have forgotten a few times.
Typically she sends me an email and complains her XP won’t start. And that typically happens a day or two after I have done a kernel update, so it is easy to add 1 + 1 and know that I messed things up.

Only in that every time I physically visit her apartment in Canada (and access her PC), I back up all her data to a very small portable (cigarette package size) external hard drive. If her hard drive ‘dies’
she is looking at needing a new PC.

I do have one advantage, in that my sister lives in the same city, and if necessary could help her buy an MS-Windows based PC (in a pinch). My sister actually knows MS-Windows quite well, but not well enough to recover Windows from being hit by a virus without major problems. Hence my sister is mostly ok with my moving my mother to openSUSE. BEFORE this move (ie > 8 years ago) my mother had MAJOR problems with virus making her MS-Windows OS computer non-functional for months at a time. She would go to an Internet cafe or friends place to use their computer !!
Then after ~3 months or so, I would manage to get vacation to fly across an ocean, to come to her place and fix her computer.

I did set my mother up with HOTMAIL for email, and hence she can access her email from any computer. And I taught her how to do that.

If she has something special she really wants backed up, she can ask my sister to do the copy to a USB stick, or I can copy it remotely back to Europe.

The more the redundancy the better.

I probably have a philosophical advantage, in that I am a spacecraft operations engineer, and I am experienced in operating spacecraft remotely, where if one makes a major mistake, there is no taking a manned spaceship to go fix the spacecraft. If it breaks, it often stays broken. So I am used to taking as many precautions as are feasible (without spending too much effort) to ensure redundancy and reliability.

Thats ‘just the way’ of the spacecraft operations business.

Setting up my mother’s PC was in essence along the same lines, but less complex.