[Tech] updates, etc. ... remotely? Why not? :-)

Wed Sep 28 08:11:58 PDT 2016

Yes, thanks ... TeamViewer was the name I wasn't quite recalling (ah, so much
easier to search out the answer when one knows the answer).
http://linuxmafia.com/pipermail/sf-lug/2015q4/011521.html
And thanks for the mention of Gitso - wasn't aware of that one, sounds
cool, and perhaps a good possibility.

"Reverse" ssh - with some "server(s)" (or IP rendezvous points) out there,
could potentially run that pretty much continuously on the hosts.
And yes, in all cases, would want the ssh very well secured - particularly
since much of this stuff often is set up with account names and
passwords that probably wouldn't be much challenge to the
password guessing bots that tend to pound the Internet lookin' for
the easier targets to break into.  While my home stuff
tends to have nice secure passwords rather like:
lwE.*<S;`y'-i;9q}}C]
... well, that ain't the kind'a stuff local support staff is typically
gonna want to be typing for a password.  And yes, enforcing
authentication by key(s) would be recommended (if not practically
essential) for remote.

> From: "Tai Kedzierski" <dch.tai at gmail.com>
> Subject: Re: [Tech] updates, etc. ... remotely? Why not? :-)
> Date: Wed, 28 Sep 2016 15:11:54 +0100

> Fair do.s
>
> Though i have been in several outfits who deploy "appliance" type machines
> in large numbers and calling back to home seems to be the sanest method.
>
> I did work once with an operation that had one set of servers calling home
> and the other connected to manually. No prizes guessing which were easier
> to keep up to date without also documenting ridiculous vpn hoops and hops.
>
> I would also be wary of leaving ports open bare that are not public key
> authenticated-only...
>
> For doing support there is the option of auch things as teamviewer. I was
> supposed to take on Gitso, the open source alternative, but have not yet
> gotten round to it.... reverse ssh on demand might still be the best way to
> go in that instance
>
> // Sent from a mobile device. Brevity and typos may transpire
>
> On 28 Sep 2016 15:00, "Michael Paoli" <Michael.Paoli at cal.berkeley.edu>
> wrote:
>
>> Well, there are various ways to do updates, support, etc.
>> remotely.  Maybe we ought work bit more on that, so we can
>> save on resources making trips to/from sites that would
>> be better skipped if/when feasible.
>>
>> Ideally we'd have some means to access the host(s) directly
>> from remote ... but even that's not (fully) necessary.
>> If the hosts have so much as some semi-reasonable
>> Internet access (e.g. hosts can connect out - even
>> egad, "worst case" if it's limited to http and/or https,
>> and even through a proxy if proxy supports the http
>> Connect capability) ... so, ... it *can* be done.
>>
>> There are various possible ways ... "reverse" ssh is one
>> that jumps to mind, but there are others ... let me peek
>> again and see about another I'm thinking of, but can't
>> recall the name of (and came well recommended from an
>> excellent source).
>>
>>
>> references/excerpts (and pardons if I don't have all the
>> quoting/attributions properly lined up):
>>
>> From: "Tai Kedzierski" <dch.tai at gmail.com>
>>> Subject: Re: [Tech] Partimus & Raspberry Pi 3 Model Bs
>>> Date: Wed, 28 Sep 2016 14:26:37 +0100
>>>
>>
>> Just in the updating: i would have thought some automation would have
>>> already been done.
>>>
>>> There is a ubuntu package for auto updates
>>>
>>
>> On 26 Sep 2016 03:29, "Christian Einfeldt" <einfeldt at gmail.com> wrote:
>>>
>>> On Sun, Sep 25, 2016 at 5:34 PM, <jesse at boldandbusted.com> wrote:
>>>
>>> * How do we keep them up-to-date?
>>>>
>>>
>>> I manually go to each location and update them.  This is actually a bit of
>>> an issue, give that we are at 6 locations with 12 machines.