 Welcome to the homelab show episode 69. We're going to talk about remote access Me doing Jay. I'm doing great. How are you? Good. Good. Good. We were You know, we started to show just a couple minutes late because we were still going over There's so many good remote access tools out there and some of the choices are confusing So we're gonna hopefully offer a few Solutions out there and talk about some of the security around them We want to make sure people think in our mindfully if they're gonna be using this outside of their homelab But this has been a fun topic there's so many of them and it's maybe even a topic We revisit to dive into any one specific one of these in the future because boy, there's The more I started digging into it, but there's just a lot of different ways to handle this That's why we're hoping to bring it down a little to give you some choices I'll give you some ideas and find some new tools to play with but before we do that You want to think of sponsors show and that is Linode and for some of these apps You will want to host them in the cloud to give you in broker access between different machines And Linode is a great place to host that they've been sponsoring a homelab show since the beginning They've had a great sponsor of the show and they're a great tool for homelabers to use to test out things try their marketplace Get things spun up fast do some project learning on someone else's servers where you may want to publicly expose things But not publicly expose your own servers and of course some of these remote access tools This is going to be pretty relevant because you're going to want to host this somewhere else Especially one of them I'm going to mention to help provide remote support Well having that external is going to be kind of a cool place to have it such as Linode So we have an offer code down in the description below to get you started with Linode We think them for a sponsor show and let's talk about remote access Yep, let's talk about remote access and to your point earlier I mean you weren't kidding when you said that there's a bunch of solutions I just want to give the disclaimer we cannot possibly cover or even You know, you know mention all of them because there's just too many of them So I know we're going to get a flood of comments about what about this? What about that? Trust me. We know we've been looking around and there's no shortage of source um The thing I want to preface all of this with because some of these tools require you to Open some ports if you want to manage things remotely obviously within your homelab No big deal. Just make sure the devices are on network set by which they have rules Or on the same subnet that they can talk to each other But once you start exposing these externally you increase your threat surface A lot of these tools we talked about here may or may not have gone through rigorous security review I remember and there's one of the tools that um, I seen someone mention I forgot the name of it already This is not in my list because the project maintainer Has got a job and they dropped it and because of that there's not been any updates for several years So nobody knows and people sometimes will conflate. Well, no one's pointed out any security flaws in this product for a while That just means Probably no one found one no one's looking or maybe they did find one and no one reported it because There's not a proper package maintainer to let anybody know this happens a lot of different products So just take that uh when you're thinking about any of these products if you're going to deploy these What is your threat risk that comes with it? Should you be writing this all behind a vpn? That's generally my recommendation, especially for homeland people And unless the company has a public facing They tell you we're actively developed and we are actively going through regular security review and testing Really just be cautious before you load some of these your own access tools on there As I said much less of a risk if you have it in your home lab But I just want to get that out of the way so I don't have to mention it with each product Absolutely do your due diligence when it comes to uh vetting these I mean we are Telling you what's out there. We did not do a code audit. Yeah And neither I don't think neither me or jay are qualified to do full application pen testing so I'm good at many things, but that's not one of them. So it's a it is a special skill to be able to do that It's a lot of work It is all right. What's the first protocol we should talk about our first software Well, I think the first thing we should talk about is just some best practice and I hate the word best practice I'm still looking for a An alternative because there's no such thing as the best practice because the best practice means like you're unhackable Which isn't going to happen, but um You know for for example Don't make things publicly available Just because you can and just because it's easy if you have Even if you use one of the things that we're about to mention via vpn or through a vpn tunnel, that's better I know that's another step and some people just love having things remotely available I would love that too if you could actually do that Without it being a potential risk and there's no way to do that without it being a potential risk. So make sure you're paying attention to capabilities for lateral movement if someone was to get into the machine You know make sure that it's only available via vpn or whatever your solution might be remote access It gives you remote access and you really need to you know take advantage of the solutions. I think the best way To handle this is always to have just you know multiple things in front of it and sure that's not Really convenient, but I think it was steve gibson on security now that said convenience is the enemy of security and that's very true It's very true. Yeah, keep that in mind So I think the best analogy here for anybody that's seen the show get smart Which is one of my favorite shows of all time I think it was like the 60s or early 70s awesome show in every episode in the intro Um max well smart is going through door after door after door and there's vaults and then all these secret entries That's exactly the analogy to use when you make something remotely available You have to have some things in front of it to to secure it because you want to make sure you're doing the right thing absolutely, so the two common ports are going to be 22 for ssh and 88 3 3 8 8 9 sorry for rdp. Please correct me in the comments if i'm wrong as I know people will I think about that doesn't I don't know. I don't know about that. Maybe I don't use it enough It's either right and I don't use it enough or it's not right. Yeah, I don't use rdp very often either Commercially I'll get that out of the way that if people are wondering I've been using a tool called connectwise control for my commercial business So that is just to clarify that people as well. Do you use any of these in production tom? No, we use a commercially supported products. It offers us a lot of other convenience All right, moving on to the fun products that you should use Do you have a you have a punch order list or should I just start? I I don't but I mean one thing that I could just throw out there is x to go because That's the first one of my tab that I had really really okay because that one It has some additional features that actually you were the one that Taught me about it actually um, but let's back up a little bit So x to go has been the best for me That I've used personally so far and I'll let you know what I why I say so far later on But x to go has a server component and also a client component So you can remote into whatever servers as long as it's running the x to go server and it's available from the client and if I remember correctly you still have to add a repository for the server component But I think the client is built in it's been a little while because here's my problem I'm always home and especially you know since the pandemic started I kind of You know was stuck in the office and then I got used to it I guess I need to get out of the house more and test these things out because over 10 gig I mean everything's going to work pretty fast over 10 gig here locally But x to go It just works so well. Yes, and then there's that additional option where you can expose an application So you don't have to show an entire desktop You could actually just bring up firefox and it'll look like it's a native app But it's actually running from the x to go server or you could expose the entire desktop and control it And what I was doing before I switched editing Softwares is I would have a server with a bunch of cores That would have sync thing installed on it and it would sync my video files and my cadence live back when I was using it It would sync its project files over there So I've edit the video on my desktop and this is before I had a really good desktop Then I would just um, you know expose cadence live, but it's running on that server And since sync thing has all the files and the project files I just open up the project file hit the render button And it's rendering the video and then since it's again sync thing the final video will sync back to my computer Then I upload it and I did that over x to go by simply exposing cadence live only I didn't care about the whole desktop So it's up to you if you if you want to see the entire desktop and have an application menu Or if you just want the application itself Yes, and I've done a few videos on x to go getting started with it The good news is it's built into most Linux distributions You have to use as far as I know I don't think there's well, maybe someone can hack it together, but for the most part it expects a windows I'm sorry a linux server or you know your linux desktop to be the server That can either a server of the application serve up the desktop So as jay said you can use it actually can find kind of a novel features You can even take a browser and publish that as an application And then on the client side you can use a linux client or you can be your Windows computer so either one of those work from the client side of x to go So the initiating the connection to those other devices you're able to use that Once again, it's a free download and there's no the client side is really simple It's just a little app that runs that you know you point it towards x to go Now one of the things nice is when you're using it linux server and client because it can use It's using ssh as a transport layer So you don't have to worry about any extra layers of encryption or how they implemented the encryption x to go It's transporting everything over ssh So if you have a system that you've already got your ssh keys all configured and set up on X to go the client can go. Oh, okay. I can attach to devices To grab those applications and bring them over or grab the desktop and bring it over and the sound And do that just via ssh key. So it does make it fairly simple So if you've already taken the time to build out your ssh keys added passwords to your ssh keys As we've talked about before you're relying on that level of authentication and then you're there at the desktop I also showed this works reasonably well on a raspberry pi 4. So it's not super intensive I've done an example of doing it with like cali linux So let's say you wanted to have a cali linux system and you're doing some Testing but you want to have it on another network and you want to be able to get to the desktop not just ssh into cali It's nice because you can use all the ui tools that way Where the device is local even on something as simple as a raspberry pi So x to go is definitely for getting linux desktops somewhere else hands down one of the best apps I've seen for doing it. It's easy to use easy to set up Um, there are certain limitations. I think and easy enough to do I comment to this in my videos tutorials. I have an x to go You want to make sure you choose the desktop that works better? for it The desktop. What's the desktop that linux mint uses? Um, well, I was going to say An alternate recommendation. Well, actually the primary desktop is cinnamon, but they also have a mate version Cinnamon and mate both worked the best with it Oh, I didn't know about cinnamon because I thought that cinnamon required graphical capabilities mate Mate works really well. I thought cinnamon worked with it too, but I know mate mate's hands down I thought cinnamon would work with it as well Um, it's been a little bit since I tested it with that pretty much I just go with the mate desktop because I it it transports well That's one of the features you get is you can choose different desktop environments And those desktop environments don't have to be the same as the one like when you're sitting directly at it So your laptop can be using the desktop environment of your choice But then you can also load in a background on different like mate or even, you know xfce The simpler the desktop environment is probably going to be better And the Reason for that is you just have less animations and graphics to bring over so you have a better user experience doing it I'm a little nervous recommending cinnamon, although they could have fixed it But since um, you know, there's a lot of it's not I'm not going to say it's a heavy desktop environment But it does heavily use the video card. Whereas, you know mate can But they literally can detect I mean mate itself is configured to detect if it's running in a remote desktop And it'll be able to change its interface to match that one example of this is let's say You give access to your remote desktop to a family member or a colleague or something I mean, you know, you don't want them to shut it down Um, you know on a desktop you have a shutdown button But it'll literally change the shutdown button to a log out button instead because it knows it's in a remote desktop And I think that's just so clever So that's usually the reason why it's the first I recommend for this particular purpose Yeah, um So next one I want to bring up and now I have not done extensive testing with it But I got him and it's pretty slick and pretty basic to get set up And that's going to be rust desk And rust desk is more I like it now it's become popular enough that if you type in like open source team viewer replacement Which of course that's what their title reads. It says the remote desktop software the open source team viewer alternative Uh works out of the box no configuration required full control of your data. No concerns about security You can use your public relay servers or self hosting in your own cloud So they got a pretty lightweight simple system. Um, I have not gone through to see what level of Uh security vetting audience done as far as like how they do the transport layers But it's pretty slick and if you're just using it even for some basic quick access to things I think it's a kind of a neat option out there um the Rust desk has been around uh for at least a little while and I it seems to have grown really popular very quickly I think it's kind of that ease of use simple deployment A decent documentation and a pretty clean website like all the right all the right factors It wasn't it it wasn't like it takes you 10 hours of poking at it to try to get it set up They even have um docker containers. They have a like a one line installer to get it started. So they get some pretty Easy ways to get going with it. Um, and there's a youtube chaddle called awesome open source As a matter of fact to my knowledge are the only ones who's done they've done two videos on rust desk um, but those tutorials are Longer in in depth of every little detail setting it up in security And how to set up different keys with it because there's a couple ways you there's a couple ways You can implement the way the security works on there But it seems a pretty complete application and it supports both linux and windows Either way for client or server so you can get remote access to windows computers you can get access to linux ones I thought it was a pretty slick looking tool. I was Impressed with it. I watched it. Oh awesome open source video I didn't watch all of it in detail for those of you wondering in case there's some detail I overlooked but uh, definitely we're checking out that video is pretty complete. It seems it's all broken down step by step how to get it running Now I wonder how much of the popularity is due to the fact that it has rust in the name considering how popular that is nowadays Yeah, maybe so Copy into Um, yeah, that one was a pretty neat one right there now One of the other ones is going to be and I believe our friend christian, um I what is his I forgot his youtube channel name is I'll I'll pull it up in a second I'll make sure it's in the link in the show notes But he uses teleport and he uses it commercially for business. So and teleport's one of those pretty neat Options for Not just doing and you heard that ding because I pulled up their website because it's go to teleport dot com Is there new domain? I believe they had a different domain before when uh, I first started looking at them as a product But there's go teleport dot com. Oh go teleport. You're right go teleport dot com. There we go Now don't be scared that it has pricing up there They do offer this as an enterprise option with full sla agreements But this system itself is free and open source. I actually like the fact that when you click on pricing, uh, there's a download now option Self-hosted fully open source github sso integration and community support I mean community support kind of makes sense, you know, what you're gonna put on there Now teleport is a bit more complicated set up, but gives you a lot of flexibility on there um digital life by the way digital life. Yes that that digital life, right? I think this is uh The digital life the digital life. Yes, if you the digital life teleport He's got a couple tutorials on it But one of the cool things about teleport the good and bad it has an agent that bothers me a little bit But if you want that extended functionality that teleport offers, I get How the uh agent really plays into this it's not just for brokering connections for ssh It is also for full audit logging of those connections. It is good for Web applications and having those essentially it's like a reverse proxy So you can set this up to all your different apps and now you have and you can set this up So you can access it remotely when you're not in your home lab, too They've done a good job of making it really easy to go through Set up things like your grafana your dashboards your web logins for many different things Then teleport can go talk to each of those provide essentially a reverse proxy for any of these That reverse proxy then allows you to easily connect and more importantly, especially from the business standpoint and why He mentioned like commercial use of this is it has full audit logging everything that was done This actually has a couple of facts one. It's really good if you're running a business You have full audit logging of people and what they did. What do you think about that jwin? How much how important is logging when you're we're managing other linux technicians? Would you love to know every command they type they got there? I mean logging is like everything. It's absolutely everything In this uh one of the things this will do is have audit trails for all the commands they type Now especially for home lab people like well, I'm the one typing a command. Is that a big deal? Yes, because how many of you actually have a list of all the commands you type to get somewhere being able to Replace some of that I think it's just a really neat feature and it's a good learning feature because when you go through and set something up You can watch yourself in all the iterations and all the things you type down there It also creates a nice central place to have all of your login So if you have a dozen machines that you're managing some in a mixed environment Having that in there and log in and go all right. I logged into this server here at this time I logged into this server this time. Here's the commands I typed That's just kind of a nice feature that they have for all that I think I think teleports are pretty slick system and being fully open source Is awesome and being supported by a business use case means I don't think someone's going to get another job and just drop the project That's I like open source projects that hey, here's all the code by the way We have a sla agreements and full service and support you can get on this side of the house Which is actually really cool. Yeah, I like that model as well It is you know, you could use it or you could you know at your company also use it and get a support agreement So everybody wins. Yeah, everybody wins and it's just kind of a neat tool to be able to have I haven't dug into setting up the reverse proxy But he has a video talking about that so christians video on if you type in likes a teleport and the digital life He's got some he's got two good breakdown videos of it that go in depth on everything on there. So I see a video to check out and uh, he's uh, he's actually a friend of ours. So yeah shout out to him if he's actually listening Yeah, now have you used because I'll bring it up. Have you used Apache guacamole? Um, Jay I have but it's been a very very long time If I remember correctly it presents a remote or actually it presents a desktop in your browser Yeah, and it's so you can get Apache guacamole is a clientless remote desktop gateway It supports standard protocols like vnc rdp and ssh We call it clientless because no plugins or software required. Uh, thanks to html5 guacamole Is installed on a server you need to access to desktop via web browser. So what it does is it brokers connections It's kind of a go-between. So you're doing it within the browser So now your guacamole instance That you're accessing via your web browser wherever you have this set up You know hosted internally and then on the back end of guacamole You're telling it to connect to all the other devices now. It's kind of slick how that works. I've not actually used it You know the biggest thing with my use case comes down to a lot of times. I just have to teach into things Now i'm looking at honestly even internally for us as we manage more linux servers Um for clients. Well the requests are coming in to do so I might use something like teleport because it's going to give me all the logging and key management and things like that but the You know guacamole seems like a pretty cool system the fact that it supports rdp is uh, pretty slick and Pending on a little bit of the rdp Um, when the latest gnome now comes with rdp built in as well, doesn't it it does and it's right there in settings Which was interesting to me because you know, I wasn't sure why Um, the gnome desktop would have went that direction don't get me wrong I'm not saying they shouldn't support it because I know it's a real thing It's super popular and you know pretty much every company uses it And there's one you know, it's one thing to support it and be able to connect to it and also it kind of makes sense as we were talking earlier because um You know in a mixed environment if you're using a windows computer it is pretty cool It could use rdp to get a gnome desktop But what's interesting is gnome does not work well at all in any way shape or form in a remote desktop It's sluggish and barely even usable in my opinion. I'm just going to be honest So it was really interesting to me that they went that direction Maybe the remote desktop version isn't um as bad as maybe other solutions like like gnome really isn't For that in my opinion, but it is what it is There's just one thing between supporting it or allowing to be connected by it And I would think a open source solution would have been the um or fully open source and that reverse engineer solution Would have been the forefront for them But I found that that to be interesting, but then you know, I also have to um understand that You know businesses are using it. It's super popular. So not supporting it. That wouldn't be a good idea either Yeah, it is kind of neat because then with guacamole with hopefully as it improves It's been a while last time I tested any of the rdp the same thing I my experience with attaching it on linux was not wonderful But nonetheless, I mean as that improves you'd be able to use guacamole as a single point Internally to do it now I've not dug into and if anyone wants to leave a comment um as to why it's called guacamole. So This guacamole is yummy. Why else would it be? I mean, I like guacamole. So I don't I don't have a problem with the name I don't forget it. Do you? Yeah, you remember it. Yeah, I remember when you go to a mexican restaurant It's like I need to try out guacamole when I get home Yes, that's how you help judge mexican restaurants. You guys it's the guac and the sauce man Yeah, absolutely. Absolutely that So yeah, patchy guacamole. I I it's supported by the patchy foundation. So we know it's going to be around for a while It seems to be quite well supported Like anything I really don't feel as though you should publicly expose this but hey, it seems to be popular Oh, definitely among the comments on here. Maybe one day I'll give it a try I believe jeff from crafting computing has a video where he talks about using a patchy guacamole as well It might be a good solution too for um internal use when you when you're you know at home and you're not accessing it remotely because One thought that I had is you know often when it comes to homelab the uh spouse factor could be a well a factor, right? So um flex server stops working And you're at work or something. So you can't really fix it I mean, how easy would it be to have somebody who's not technical at all just tell them go to this You know bookmark that I put in your browser and a desktop appears double click on the icon that says restart Collect server or whatever. I'm just making up the scenario And maybe that might be a use case because then it would just be easy for them to get in and Click that icon and restart the media server or whatever you happen to use Because sometimes, you know, unfortunately our homelab stuff. It just stops working Like I just discovered I had a issue with one of my 10 gig cards two days ago And what how long has it been since you switched me to 10 gig like a year and all of a sudden it stops working So sometimes these things happen and maybe it makes sense just to have a desktop in the browser that someone at home can get to to Restart a service if they have to Yep um next one on the list here now this is pretty slick and uh our port dot i o r p or r t dot i o all these Slays that'll be linked in there But that one is pretty slick because it is more than just remote access It is a self Self-hosted open source remote management solution for windows and linux intuitive easy to use management for remote access script execution VPN replacement and much more Now it's really impressive what you can do with this. We got support for ssh remote desktop vnc Sorry, but telnet's in there web-based unit interfaces and You can even do uh tcp-based protocols Like smb network printing and http apis and web servers now to go a step further One of the other things you can do with this once again, you're loading agents to make all this work But the agents will monitor windows and monitor um linux systems. This is really slick because now you can get like a constant heartbeat execute commands Build tunnels between them for connectivity. It's a pretty Neat tool to consolidate all your servers again very Similar to the way teleport handles it into a spot to do it. Um, I think this is really slick because you can also Um execute commands see up time for them. I'll see the monitoring back and forth It reminds me in similar ways to what we refer to in the it msp services space The rmm tool remote management monitoring tool that you commercially this has got a lot of features Now it's not as full features as some of the paid commercial tools But being that it's open source and self-postable if you wanted to manage a lot of different servers on your lab This seems like a nice integration to be able to once again have one spot where you can centrally Log in everything one web interface and both of these in back to teleport and this have strong authentication methods Well, they all have 2fa so even if you're using internally because anytime you create a choke point where you're bringing everything down to One system to access it that choke point is obviously something you should protect Dearly because oh, yeah, it is it is the key to all the kingdoms And I've seen people who will use the argument against these tools when well, you're centralizing all the control to one place Well, you kind of need to do it. So you only have one place to replace versus Decentralized in the control where well, I've all dispersed and it's hard to tell who logged into what when Because i'm pulling logs and consolidating them all together and then trying to figure it out So it's not a bad thing to necessarily put all these in there into one place But it's important that anything that you do that with does have all of these different two factors on there So, uh, this does support though. Um I thought this was all data sorting cryptidisk connect up to 500 devices and unlimited current concession I wasn't sure exactly because I didn't see any, uh commercial option. I don't know if the 500 was a limit or Um, exactly how that worked down there. I thought it was strange I mean, I mean you may have more than 500 things in your home lab on there, but I thought it was strange why they chose Yeah, let me start the marketing. This is up to 500. Well, what happens? What happens if I have 501? Yeah, exactly. Um Now there's just so many solutions out there and I can't believe that I forgot to mention ramina earlier Um, and I don't even know if I'm pronouncing it right. That's just how I've been saying it It's r-e-m-m-i-n-a and it's an app It's not in itself going to allow you to be, you know, your systems to be accessed remotely But what I think it is great about it is that you could put your ssh connections in there your remote desktop connections In one app and then just have, you know, one place to get to all those things And I think it's a really awesome thing to have in general when you're actually, you know Accessing things remotely even if remotely is that, you know, it's in the other room And you don't really want to go across the hall and into another room and, you know, attach a monitor but um, you could actually have all those connections in one and it's available and I don't think there's a single distribution of linux that I haven't seen it for I don't know if it works outside of linux But if you're working with linux on your laptop or desktop, then it's um, you know quick mention Just wanted to mention that it's not going to allow people to access your systems But it allows you to access the things you already have access to Yeah, there's another one someone mentioned in here And I didn't know about it earlier today when I was just doing a couple extra notes Um, where was it early in the beginning of the show someone mentioned it? While you're looking for that, I'll just mention one more. Um I'm actually in the process of evaluating thin link right now thin linc And I don't have like a final opinion yet because uh, basically, you know full disclosure The company reached out to me to sponsor my channel And you know, I get a ton of sponsorship requests. I probably accept maybe like one out of 30 or something um, so I looked at this like I do anything else just assuming it's bs until I um Yeah, actually get proven otherwise and as I'm going through it It's impressing me more and more because at first I'm like, well does it support linux? I get so many sponsorship requests Where the product is not installable on linux and then I'll respond back like you did look at the name of my channel before You sent this over to me, right? Which is always funny to me like it like it's number one requirement If it doesn't work on linux like my audience doesn't want it Right. So anyway, um, so I look at it and then they have it available on platform Okay Like okay. Well, I think that might mean that they get linux and then I keep looking through it and It just really impressed me so far and I was just going You know googling around trying to see what the general consensus was people seem to enjoy it Then I had a chance to test it out while I was on vacation I set up a computer here just to be accessed, you know, basically a crap installation I didn't care about just to test it out. It worked fine. I had no problems at all So the only thing that I would say I didn't that I don't like so far Is that it doesn't support raspberry pi as the device you're connecting to My understanding and I'm still looking into this is that the client can be installed on a raspberry pi But serving a raspberry pi desktop Itself is not supported yet, but I but I then I saw a bug report on their github page for it. So Apparently they're aware of that and the reason why that bit me is because I set up a raspberry pi remote desktop to try this out on and Yeah, it didn't work for that but it did work in all other cases so I just wanted to throw out a mention And I have a little bit more to go and if they pass all of my rigorous testing then there'll be a sponsor But so I guess if you see a sponsorship I think there's like usually like a month delay in my content So if you see like a month and a half from now, then that means that uh got approved. If not, then it didn't so Yep, I'm gonna throw it out there. Now when jay brought up the rem na rem na rem any uh remote desktop. That's for When I'm Yeah, I'm not sure I know how to spell it and I have to go to more conferences to figure out the common Lingle way to say things that's actually true for all the next things links conferences Teach us how to say things because when we just read them online, it's not the same um But it's it supports rdp vnc ssh So which is great, but the other one if you're running windows and This is not any more than just a connection manager So it's not necessarily a remote access tool, but it's a way to manage all your connections in one app And that's m remote ng. So the website is m remote ng.org and it is just basically a multi remote Manager that supports rdp vnc ssh telnet and Our login raw socket connections and power shell remoting. So this is kind of a cool. Yeah Our login and telnet are it's just like the who's who of expired connection types Yeah, that's so hilarious. I mean it's it's good that I guess for the people that are using it But then why are people using it? But you know what? I'm sure they mean well, and that's a lot of different Connective there's a lot of people and if your task is an internal sys admin and you have Been provided a windows desktop by which you are going to be working from that is this the case in some places This is a tool that will help you manage all those other devices So you're loading it on windows to be able to manage everything else So I know you know as much as me and jr Linux on the desktop for many years I know not all of you are there or maybe the work conditions you are subjected to Which I don't know is this cruel and unusual punishment forcing people to use windows at work. I don't know I think it is because here's the analogy. Well, here's the analogy I used right? So Let's just say for example. I randomly buy an auto mechanic facility You know, there's a bunch of mechanics working there that fix cars And as the new owner I go on there You know the location Then I say okay starting tomorrow you guys are all using this particular brand of tools I'd be laugh right off the shop floor. They wouldn't tolerate that for a minute So that's why I feel like we shouldn't either because if something requires a particular Operating system then why use it everything else is cross-platform I can get on a rant about that, but I'll probably stop but Unfortunately, if you do have to deal with that I'm sorry if you are forced to use something you'd rather not use but Then again lights at the end of the tunnel because I'm sure that's you know Not going to happen for too much longer the way things are going Yes Um, so that was the other one. It's kind of the counterpart to that someone has said in the comments here And it's not something I validated But if you store keys they're potentially available if you're on a share computer store temporarily in memory So yeah, that's something to consider with any of these on there. So yeah, that's um Saving passwords any of these use at your own risk to make sure that they're vetted well things like that By the last one I have mentioned for here And I knew people would ask about it and I haven't used it, but I've oddly seen People building this in uh and saying they use it commercially which I'm not personally comfortable with But uh, it's mesh central. I it's become popular. It's been around for a little while I believe it was started by some internal it people But nonetheless, it's another remote access tool that gives you nice central management to be able to remote into systems It was built more alike to the tool I mentioned that we use which is the connectorized control slash green connect tool commercial tool It seems to be following along those design patterns, but it is not a commercial product. It is Is it open? It's under a I believe Uh bsd license. It says on here under the downloads so Yeah, interesting it run it's built on top of node j s if i'm not mistaken on there, but uh It looks pretty slick. I know a lot of people speak fondly of it So it you know, it's another one that throw in your tool chest here for remote access though But it's not one I uh particularly Used I've just had I've seen a lot of people it comes up a lot of discussions in the Business world We're like I said a shocking number of people have told me that they're using it commercially and I'm like well cool Um, I don't know well They're using someone's commented here that they're using uh, it's free by intel They're using some of intel's technology But I'm not clear how they wrap the security all around it and clicking around on our site didn't really tell me much in terms of Uh Any security details, but as I said at the beginning that's not something we're here to really vet. That's something kind of Um, you need to really think about before deploying any of these tools Absolutely, you have to you know, we use the technology. We don't develop it So if we developed it, we would know everything about the ins and outs of how every single instruction goes through the cpu But um, yeah, we Yeah, just look at it and make a decision for yourself if it fits your use case one and two Don't deploy it until you know that they're taking security very seriously Yeah, now I will admit one. It's very actively developed in two and a common friend of me and j mess Mesh central does have a crowd sec bouncer integration So if you have it public basing, uh, there is the ability to integrate a crowd sec bouncer for it so Yep, that's uh any of these actually if you're doing public basing things having um crowd sec bouncer on public firewalls is great Uh, I believe we've done an episode Of homelab. We talked about crowd sec individually me and jay have our own videos on this on the crowd sec topic we still Highly support that project really like it. It's uh and where it's going Yeah, I wouldn't doubt just uh recall my get smart analogy because each one of those doors that maxwell smart walks through Um could is basically an equivalent to some kind of protection that you have in front of your um value thing And that's just the way to do it. Yep So I did see that in an announcement list. I'm like anything you can do is you help uh bolster your firewall and you know known bad actors not have them Coming through that's that's a good thing Absolutely. All right, and that's the end of my list for some remote tools. There's uh Like I said, there's obviously a ton more out there. Those are just the ones I've taken the time to look at Some of them are experimented set up a little bit. Obviously actually going to have videos on And you can find some good videos on both our porch awesome open source has a good art port and rust test video Our friend christian with that the digital life has a good video on teleport Actually more than one of them to break down some of the more intricate use cases for it Oh, I you know what honorable mention putty for ssh. I I don't even think we need to mention that one Putty's been around Since the 90s. I believe uh probably the first time I encountered it. So putty's been around forever So we'll throw it out there. It putties more of just a tool to use Um for the connections, but with windows subsystem for linux and you being able to put ssh keys in there That's even with my internal text. I've been pushing them towards that just use ssh load windows subsystem for linux and Uh put it in there. You're just using normal ssh at that time without having to do it I mean, it's not that hard to use Keys and putty, but there's some trickiness to it versus The videos that me and jay have done on ssh key management work pretty much identical when you're doing windows subsystem for linux because it's just linux inside of windows I completely agree. I mean putty has at least existed for my entire career. I know that for sure It's one of the one of if not the first I've ever used But you know my personal opinion I really don't like putty at all and and the reason is because they Decide to have their own system for Managing ssh keys and there's never a reason to do that There's no good reason for that and I was hoping they would give up on that But I think they they're shooting themselves in the foot at the end of the day because you know, like you said we have You know wsl you can get an actual linux shell with actual ssh Not that putty isn't actual ssh because it's using the same protocol But it's they just wrap so many unnecessary things around it now It used to be the case that It was the best solution for windows Oh, yeah, and it has been for so long and I also remember sigwin being used Around the same time to get some uh gnu apps running on your windows desktop But now that we have wsl I feel like if you're a windows user and that's your platform for your computer Then wsl is probably just the way to go Nope, january of 8th of 1999 23 years ago was initial release. I I thought I used it when I I remember using an assistant man job But oddly back then I was using it to telnet into different things for administration Because that's well telnet was really common back in when I started my tech career in 1995. So Oh, yes, that means it's like two or three years older than my career in linux I think because I think it was around 2002 ish where I started Yeah, so it's just it's been around a while. So I think every hopefully everybody knows about it So I think they do and it's um, I feel like it's great that windows has a terminal built in Because every operating system has had that for countless years and windows was the one that didn't I mean, I had a I had power shell command prompt sure But an actual terminal now they have a their windows terminal is just light years ahead of whatever they've had before And you know, even though i'm not a windows person myself. I'll I'll still give them credit where it's due I think they did a good job developing that it's certainly a lot better than a lot of the other solutions But then again I feel like we linux users get the short end of the stick on most things But windows got the short end of the stick for longer when it comes to You know terminal tools because they're pushing power shell Which you know is still a thing don't get me wrong with now that's built into the windows terminal as well So um, you can literally switch your shell right there in the app So yeah, if you are using windows then wsl probably is the best ssh client that you can possibly get Yeah Uh, oh actually someone's going to bring this up because now we're going to be slightly off topic But I think it's worth bringing it up. Um Um Was it called hyper terminal? I Yes hill grave technologies hyper terminal Um, that was one of the original terminal stuff that used back in early days of windows now Fun fact hill grave is still over because I found their website Uh, and they still list the same address. They're over in minn row michigan and oh, yeah, they're actually great bias And they sold they that was one of their what brought them into success was selling hyper terminal to Microsoft and it was I always saw this cool forever ago because I'm like hey, these people are local except what we've lived in a Greater detroit area. So they're all of about half an hour from my house You know now that you mentioned I might have used that actually when I was in college And uh, learning unix for the first time. I'm not sure why that's something about that stands in memory I think that might it was pretty much like if you had a windows computer use hyper terminal That's how you would connect uh frequently it's popular for connecting to bbs This as well because it had the dialer stuff built in Hmm. Yeah, I think I might have used it. I would probably just need to It was the rate of passage in our in our tech history If you if you're in the 90s and you use windows computers, I think it started in windows 3.1 I think we had it first. I know it was in windows 95, but I think it was uh Also there someone can correct me on that one I'm trying to remember when it started this little fuzzy member and all that back. So It really is like I like the only thing that stands to memory for me is I haven't changed a bit because when I was Studying unix for the first time before I even learned linux and then I figured out how to change the terminal colors and customize it I was just showing everybody in the room. Look what I did to my terminal. It's it's green on blue instead of you know Fun times. Yeah, and probably on the same time period. I might have been using hyper terminal I don't yeah those XP actually I wouldn't it be 3.11 because wasn't windows 3.11 the one that added networking to 3.1 Just curious. I think that I don't know. Yeah, the 3.11 was the one that got networking on there I don't know how far in that went like if there's some trace of networking that hyper terminal could connect to Or if you literally had to be 3.11 windows 95 is where it started. So, okay, so it isn't even a factor then Yep. Oh, yeah So someone said 3.1 had it um windows 95 definitely had it. So all right now. We're off topic and we we thought we talked about some old history Links will be in the description for all the different tools we talked about I don't know which ones to rate one for you But hey, you got some more learning to do and we're help happy to help you along on that journey Thanks for joining us and looking forward to next episode. See you later. All right. Thanks