Remote
|
Size: 13863
Comment: Fully updated the page
|
← Revision 22 as of 2008-08-06 16:18:23 ⇥
Size: 11279
Comment: converted to 1.6 markup
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 3: | Line 3: |
| There should be a simple, secure, robust way for a non-technical user to allow a more technical user to connect to their computer and get root access, using only instructions that can be described simply, in layman's terms, over a poor quality phone line. The facility to allow the technical user access should be available, and easily visible, in the default install. | There should be a simple, secure, robust way for a non-technical user to allow a more technical user to connect to their computer and get root access, using only instructions that can be described simply, in layman's terms, over a poor quality phone line. The facility to allow the technical user access should be available, and easily visible, in the default install. Current solutions are secure, robust or simple, but never more than two out of three. |
| Line 6: | Line 6: |
[[https://launchpad.net/remote-help-assistant|Remote help assistant]] is a program being developed based on this specification. |
|
| Line 12: | Line 14: |
| * Describing what command lines to type can be socially awkward. For example, do you tell them where to put spaces and when to press enter? Making the wrong decisions will either insult your friend or make them feel even more helpless than they do already * It's very difficult for a friend to accurately describe what they're seeing on their screen. For example, most people don't know how to pronounce "~" or what a backtick is |
* Describing what command lines to type can be socially awkward. For example, do you tell them where to put spaces and when to press enter? Making the wrong decisions will either insult your friend or make them feel even more helpless than they feel already * It's very difficult for a friend to accurately describe what they're seeing on their screen. For example, most people don't know how to pronounce "~" or that sub-areas within a window are referred to as tabs. |
| Line 19: | Line 21: |
| * [https://launchpad.net/locoremotesupport/ LoCo Remote] * [https://launchpad.net/telepathy Telepathy] |
* [[https://launchpad.net/locoremotesupport/|LoCo Remote]] * [[https://launchpad.net/telepathy|Telepathy]] |
| Line 24: | Line 26: |
| GNOME's [[http://www.gnomejournal.org/article/29/remote-desktop-administration-using-vino|vino]] and KDE's [[http://docs.kde.org/kde3/en/kdenetwork/krfb/index.html|krfb]] provide VNC access to a computer. These provide an excellent basis for allowing the helper to connect to a computer with a functioning X server, although this tool needs to add a command-line mode, the ability to route around NAT and firewalls, and an effective mechanism for communicating security information over the telephone. To reinforce the last point, both vino and krfb expect users to send invitations by e-mail, but non-technical users can't be expected to have PGP-encrypted e-mail already set up, and it would be impractical to set it up for them over the phone. [[http://www.gnu.org/software/screen/|GNU Screen]] provides shell access to multiple users, but isn't designed for use across multiple computers. To adapt it for this purpose, we would have to find some way of exporting a pseudo-terminal over a network. |
|
| Line 26: | Line 32: |
| Both helper and friend might be behind a NAT router or a firewall beyond their control. It's more likely that the helper would be able to configure their network so as to allow incoming connections on specified ports, but this can't be assumed in the general case. | Both helper and friend might be behind a NAT router or a firewall beyond their control. It's more likely that the helper would be able to configure their network to allow incoming connections on specified ports, but this can't be assumed in the general case. |
| Line 28: | Line 34: |
| If the friend has an X session running, the helper should be given access to it over a VNC connection. Otherwise, the friend should be given a login shell on the user's machine. [https://launchpad.net/screen screen] is the preferred tool for this, because it can provide a multi-user session encapsulated within a Unix socket that can be forwarded over an SSH connection. | The friend's computer can't be assumed to have a particularly large set of packages installed and functioning, as they might have removed important packages (or broken them in a more imaginative way). In this blueprint, it will be assumed that the friend has installed packages that are installed in at least 99% of cases reported to [[http://popcon.ubuntu.com/|the Ubuntu popularity contest]], not necessarily with functioning configuration files. Systems more broken than this would be better served by (semi-)automated recovery scripts that can solve specific problems, or by booting to a live CD with a remote recovery script on it. |
| Line 30: | Line 36: |
| The friend's computer can't be assumed to have a particularly large set of packages installed and functioning, as they might need help because they've broken important packages, or might have decided that they didn't like the look of some packages and decided to uninstall them. At best, we can assume that specified packages in main have been installed, and may or may not have functioning configuration files. Any system more broken than this would be better served by (semi-)automated recovery scripts that can solve specific problems. | The helper's computer can be assumed to have a much more complete system, because people with sufficient expertise and patience to help out can reasonably be asked to install packages outside of main, and can be assumed to maintain those packages properly. |
| Line 32: | Line 38: |
| The helper's computer can be assumed to have a much more complete system, because people with sufficient expertise and patience to help out can reasonably be asked to install packages outside of main, and not to find imaginative ways of breaking those packages. | If the friend has an X session running, the helper should be given access to it over a VNC connection. Otherwise, the friend should be given a login shell on the user's machine. |
| Line 34: | Line 40: |
| Man-in-the-middle attacks are a serious security issue here. If the helper and friend are talking to one another on the phone while setting up the connection, they have a largely tamper-proof connection - albeit one where bandwidth is severely limited. If they're communicating over some other system (such as instant messaging), there's no tamper-proof connection between them. If helper and friend haven't already exchanged security information (such as SSH keys), there is no full-proof defence against MITM attacks without a tamper-proof connection available. Therefore, the following security precautions should be taken: | Man-in-the-middle attacks are a serious security issue here. If helper and friend haven't already exchanged security information (such as SSH keys), a tamper-proof connection is needed in order to confirm the connection they're using. A telephone conversation is sufficiently tamper-proof for purposes of this project - albeit a channel with severely limited bandwidth. Other systems (such as instant messaging or e-mail) are not sufficiently tamper-proof, and should not be recommended. Since users will use insecure channels no matter what recommendations we make, the following rules should apply, as a second line of defence: |
| Line 40: | Line 46: |
| The first of these conditions have two important side-effects, one positive, one negative. The positive side-effect is that the friend has the opportunity to learn a little by watching the helper. The negative side-effect is that there's no easy way to transfer files between the computers. It's possible to transfer files by pasting base64-encoded text, which accomplishes the same goal and leaves the friend with the ability to check the process. | |
| Line 41: | Line 48: |
| The first of these conditions have two important side-effects, one positive, one negative. The positive side-effect is that the friend has the opportunity to learn a little by watching the helper. The negative side-effect is that there's no easy way to transfer files between the computers. It's possible to transer files by pasting base64-encoded text, which accomplishes the same goal and leaves the friend with the ability to check the process. | The second condition can be met by ensuring that, as well as reading anything the helper can read, the friend can write anywhere that the helper can write. Therefore, if the helper needs a password, the friend can type it in without telling the helper. |
| Line 43: | Line 50: |
| The second condition can be met by ensuring that, as well as reading anything the helper does, the friend can write anywhere that the helper can write. Therefore, if the helper needs a password, the friend can type it in without telling the helper. Over a VNC connection, these conditions are trivially met - both users share a session, and the friend can terminate the session by pressing ctrl-alt-backspace. Over a [https://launchpad.net/screen screen], these conditions can be met using a multi-user screen, and by ensuring that the screen session is terminated when the friend disconnects from it. |
Over a VNC connection, these conditions are trivially met - both users share a session, and the friend can terminate the session by pressing ctrl-alt-backspace. Over a login shell, these conditions can be met by ensuring that both users have read and write access to the shell, and that the session is terminated when the friend types ctrl-alt-c, or some other special sequence. |
| Line 49: | Line 54: |
| On the friend's computer, a Perl script will be used that depends on openssh-client, x11vnc, and screen. The x11vnc package is currently in universe, the others are in main. The script will ask the friend for certain details (such as the helper's IP address), and will describe what will happen as it tries to set up a screen or VNC session. A Perl script is suggested because (according to [http://popcon.ubuntu.com/ the popularity contest]) Perl is one of the most widely installed packages in Ubuntu, and the friend can download and run it in an emergency without needing to compile it for their particular architecture. | This program will be written as a single file in a scripting language, so that it can simply be downloaded and run in an emergency, no matter the architecture the user uses. Python is a good choice for the scripting language because in a default Ubuntu installation, Python supports creating pseudo-ttys (necessary for creating a fully functional shell session) and IPv6 (necessary to talk to Vino), which are only available in Perl if you install extra packages. Although [[http://popcon.ubuntu.com/|the Ubuntu popularity contest]] ranks Python lower than Perl, both packages are installed and regularly used in well over 99% of popcon results. |
| Line 51: | Line 56: |
| On the helper's computer, a program will attempt to let the friend connect to a special-purpose SSH daemon. While doing so, it will tell the helper what the friend is seeing on their screen, and what information the helper should give to the friend. | In order to make it easier to access, the script on the friend's computer should be available through the recovery menu in single user mode, and through System Tools->Share my Desktop from the GUI. |
| Line 53: | Line 58: |
| In order to make it easier to access, the Perl script on the friend's computer should be available through the recovery menu in single user mode, and through System Tools->Share my Desktop from the GUI. | Connecting the helper and friend will be a seven step process: |
| Line 55: | Line 60: |
| The computers will attempt to connect three ways: | 1. '''Information:''' Welcome, explanation of what the program does, warnings about security 1. '''Question:''' Run in helper of friend mode? 1. '''Question:''' a. If in helper mode, information about what the friend needs to know in order to contact the helper a. If in friend mode, IP address of the helper, and an option to automatically run a VNC server (if one isn't running already) Both users also get the option to automatically manage their firewall, and to use a reverse connection (explained below) 1. '''Wait:''' both users are asked to wait while the computers connect to one another and exchange information 1. '''Question:''' both users are asked to verify the SSH keys that will be used to secure the connection 1. '''Wait:''' the friend's computer tries to start a VNC server, the helper's computer waits to hear what type of session to run 1. '''Information:''' Your connection has been set up, how to close the connection, etc. |
| Line 57: | Line 71: |
| 1. the friend's computer will try to connect directly to the helper's computer 1. both computers will ask if there is a shared server they can exchange messages through 1. the friend's computer will ask permission to install an SSH daemon that the helper can connect to |
In friend mode, the answers to questions should default to the values used by the last successful connection. This is because friends normally only have one helper, but helpers normally have several friends. |
| Line 61: | Line 73: |
| Note that in the final case, the connection from the helper to the friend's computer would only be used to forward a port that lets the friend SSH in to the helper's computer. Although a secure way could be found to only use a single connection, the extra complexity isn't worth the minor speed advantage it would gain. | To work properly, the program needs connections made over the local loopback interface never to be firewalled in IPv4 or IPv6, and to be able to communicate freely to and from IPv4 TCP port 2222. Inexperienced users might have put firewall rules in place that break this program, while experienced users would be upset if the program modified their firewall behind their backs. Therefore the user is offered the option to have the program poke the relevant holes in the firewall, but the option is disabled by default. |
| Line 63: | Line 75: |
| Once the connection is made, the friend's computer will (optionally) send their public key for future use, request either a screen or VNC session, then start that session. | Because helpers are more likely to be able to work around NAT, the program connects from friend to helper by default. Using a reverse connection forces the helper's computer to connect to the friend's instead. |
| Line 65: | Line 77: |
| == Implementation == | Once an (insecure) connection has been established, the computers swap SSH keys, usernames, and whether they have an SSH server installed. One user will need to have an SSH server installed (but not necessarily running) in later stages, although it doesn't matter who. |
| Line 67: | Line 79: |
| This system will take the form of two interacting programs on two computers. | When verifying one another's SSH keys, users will be shown the key both as plain text and in the [[WikiPedia:NATO_phonetic_alphabet|NATO phonetic alphabet]], so that they can unambiguously speak it over a phone line. The computers have already exchanged keys over an insecure connection, so the purpose of this stage is just to verify the keys (in case of a man-in-the-middle attack). |
| Line 69: | Line 81: |
| === Helper's computer === | Ideally, Python's SSL sockets would be used to secure the connection, but their poor documentation and lack of obvious way to extract SSH key information from a session make them an unwise choice. Beyond the programming obstacles, these issues suggest that Python's SSL implementation has too few eyeballs on it to be trustworthy in a security context. Instead, an SSH client and server will be used as a poor man's cryptography library. Because a connection has already been established, communication with the SSH client and server will be done over the local loopback interface, and the encrypted data transferred over the already-established connection. This saves users the need to open up a second public port for the SSH server to listen on, or to wait while the connection on port 2222 is torn down. |
| Line 71: | Line 83: |
| 1. When the program on the helper's computer is run, it will ask whether the friend has connected to the system before, and offer a selection of known users. 1. It will then start a special-purpose SSH daemon that allows a heavily locked-down user to connect a. if the friend has connected before, it will allow access with the friend's (pre-shared) public key a. otherwise, it will require a random one-time password consisting of numbers and lower-case letters, which is [#Communicate communicated] to the friend 1. It will ask what IP address the client should connect to. This is normally one of the computer's IP addresses, but might be the IP address of a router if the computer is behind a NAT 1. Then it will tell the helper to [#Communicate communicate] that IP address to the friend 1. It will then wait indefinitely for the friend to connect 1. When the friend has connected, the user account will run a special program, rather than a login shell. Because this account isn't fully trusted, the following security precautions will apply: * The SSH server will not allow forwarding of local or remote ports or X connections * The program that's run will only be allowed to listen on TCP port 5901 on localhost, * The program will only be allowed to read and write to the `/var/run/screen/S-$helpers_username/$PID.remote-help.$helpers_computer_name` Unix socket * The above restrictions will be enforced by AppArmor * The program will '''not''' be put in a chroot jail, as it was felt not to provide sufficient extra protection, given the above measures and the complexities of maintaining the jail. 1. When a connection is made, the program immediately stops the server, so as to reject any further connections. 1. If the friend logged in with a password, the friend's computer must immediately send a public key for future use. 1. The helper's computer then sends a space-separated line of session types that it supports. Currently, "vnc" and "screen" are defined, although helpers without X, without a VNC client, or who have uninstalled screen, might not send one or other session type 1. The friend's computer replies with a line containing one of those choices. 1. The input from, and output to, the SSH connection are piped through to either a server listening on port 5901, or a Unix socket at `/var/run/screen/S-$helpers_username/$PID.remote-help.$helpers_computer_name` 1. The helper will be asked either to point their favourite VNC client at localhost:5901, or to attach to the specified screen === Friend's computer === 1. When the script is run, it will print the following warning: {{{ This program gives complete control of your computer to someone else on the Internet, so that they can help solve any problems you are having. In order to keep your computer safe, remember: *** Never run this program because somebody online asked you to. + Only run it as a request made over the telephone, from somebody you trust not to break your computer. *** Never tell the other person your password. + If you need to, you can type it in yourself. There's no security risk if you quit now. }}} 1. The friend is asked if they want to continue. 1. The program [#Communicate asks] for the IP address of the friend's computer 1. The program [#Communicate asks] for an optional password 1. The program attempts to SSH to the specified IP address using its public key, and the specified password if one was given. 1. The program sends its public key if a password was given 1. The program receives the space-separated list of session types, and returns its preferred type 1. The program starts either x11vncserver or screen, and connects the standard input and output from the shell to a forwarder that communicates with either TCP port 5901, or a Unix socket at `/var/run/screen/S-$friends_username/$PID.remote-help.$friends_computer_name` === Communicating technical data === [[Anchor(Communicate)]] At several points during the connection process, users will be asked to send out-of-band information to one another - for example, the friend will need to be told the IP address of the helper. Because this might involve correct spelling over a phone line, users will need to be given the text normally and in the [wiki:WikiPedia/NATO_phonetic_alphabet NATO phonetic alphabet]. As an additional safety measure, messages are also given a checksum, consisting of the number of characters sent, a dash, then the sum of Unicode code points, in hexadecimal. This checksum is cryptographically worthless, but strong enough to guard against typos. When a message is sent, the sending user should be shown a message like the following: {{{ Please pass the following message to your friend. If speaking to them, tell them to type: Alpha Bravo Charlie One Two Three ENTER Six Dash One Bravo Charlie ENTER Otherwise, tell them to type: abc123 <enter> 6-1bc <enter> It doesn't matter whether you type this in upper or lower case. }}} When a message is received to be verified, the receiving user should be shown a message like the following: {{{ Please verify the message your friend reads out to you. If they're speaking to you, they should say: Alpha Bravo Charlie One Two Three ENTER Six Dash One Bravo Charlie ENTER Otherwise, they should type: abc123 <enter> 6-1bc <enter> }}} When a message is received to be typed, the receiving user should be shown a message like the following: {{{ Your friend will now tell you to type two lines of text. If speaking to you, your friend will spell the message out phonetically. Here's the alphabet that will be used: A = Alpha N = November 0 = Zero B = Bravo O = Oscar 1 = One C = Charlie P = Papa 2 = Two D = Delta Q = Quebec 3 = Three E = Echo R = Romeo 4 = Four F = Foxtrot S = Sierra 5 = Five G = Golf T = Tango 6 = Six H = Hotel U = Uniform 7 = Seven I = India V = Victor 8 = Eight J = Juliet W = Whiskey 9 = Nine K = Kilo X = X-ray L = Lima Y = Yankee M = Mike Z = Zulu It doesn't matter whether you type this in upper or lower case. Message: }}} |
Once the SSH connection has been established, the friend's computer will try to connect to a local VNC server, and will advertise a VNC session if it finds one. Otherwise, it will advertise a shell session. |
| Line 180: | Line 87: |
| * [https://lists.ubuntu.com/archives/ubuntu-devel-discuss/2008-May/004078.html Discussion on the ubuntu-devel-discuss mailing list] | * [[https://lists.ubuntu.com/archives/ubuntu-devel-discuss/2008-May/004078.html|Discussion on the ubuntu-devel-discuss mailing list]] * [[https://launchpad.net/remote-help-assistant|Remote help assistant]] |
Summary
There should be a simple, secure, robust way for a non-technical user to allow a more technical user to connect to their computer and get root access, using only instructions that can be described simply, in layman's terms, over a poor quality phone line. The facility to allow the technical user access should be available, and easily visible, in the default install. Current solutions are secure, robust or simple, but never more than two out of three.
In this document, the technical user is referred to as the "helper", and the non-technical user as the "friend".
Remote help assistant is a program being developed based on this specification.
Rationale
For experienced Linux users, over-the-phone tech support for a non-technical friend is a common use case. It's normally an unpleasant experience, for the following reasons:
- Telephones often have poor audio quality. For example, it's hard for the friend to tell whether you're saying "less" or "ls"
- Describing what command lines to type can be socially awkward. For example, do you tell them where to put spaces and when to press enter? Making the wrong decisions will either insult your friend or make them feel even more helpless than they feel already
- It's very difficult for a friend to accurately describe what they're seeing on their screen. For example, most people don't know how to pronounce "~" or that sub-areas within a window are referred to as tabs.
Other Projects
Several projects aim to provide complete application suites that handle tasks such as remote support. Included among them are:
This project would not provide a complete suite, just a tool to enable remote connections to be made. Complete solutions aren't appropriate to a support request made over the phone.
GNOME's vino and KDE's krfb provide VNC access to a computer. These provide an excellent basis for allowing the helper to connect to a computer with a functioning X server, although this tool needs to add a command-line mode, the ability to route around NAT and firewalls, and an effective mechanism for communicating security information over the telephone. To reinforce the last point, both vino and krfb expect users to send invitations by e-mail, but non-technical users can't be expected to have PGP-encrypted e-mail already set up, and it would be impractical to set it up for them over the phone.
GNU Screen provides shell access to multiple users, but isn't designed for use across multiple computers. To adapt it for this purpose, we would have to find some way of exporting a pseudo-terminal over a network.
Overview of the problem
Both helper and friend might be behind a NAT router or a firewall beyond their control. It's more likely that the helper would be able to configure their network to allow incoming connections on specified ports, but this can't be assumed in the general case.
The friend's computer can't be assumed to have a particularly large set of packages installed and functioning, as they might have removed important packages (or broken them in a more imaginative way). In this blueprint, it will be assumed that the friend has installed packages that are installed in at least 99% of cases reported to the Ubuntu popularity contest, not necessarily with functioning configuration files. Systems more broken than this would be better served by (semi-)automated recovery scripts that can solve specific problems, or by booting to a live CD with a remote recovery script on it.
The helper's computer can be assumed to have a much more complete system, because people with sufficient expertise and patience to help out can reasonably be asked to install packages outside of main, and can be assumed to maintain those packages properly.
If the friend has an X session running, the helper should be given access to it over a VNC connection. Otherwise, the friend should be given a login shell on the user's machine.
Man-in-the-middle attacks are a serious security issue here. If helper and friend haven't already exchanged security information (such as SSH keys), a tamper-proof connection is needed in order to confirm the connection they're using. A telephone conversation is sufficiently tamper-proof for purposes of this project - albeit a channel with severely limited bandwidth. Other systems (such as instant messaging or e-mail) are not sufficiently tamper-proof, and should not be recommended. Since users will use insecure channels no matter what recommendations we make, the following rules should apply, as a second line of defence:
- The helper should never be able to do anything behind the friend's back. Anything the helper does should be visible to the friend
- passwords and other important security information should never be transferred over the connection
- The friend should have an easy way of terminating the session, and should be aware of that method
The first of these conditions have two important side-effects, one positive, one negative. The positive side-effect is that the friend has the opportunity to learn a little by watching the helper. The negative side-effect is that there's no easy way to transfer files between the computers. It's possible to transfer files by pasting base64-encoded text, which accomplishes the same goal and leaves the friend with the ability to check the process.
The second condition can be met by ensuring that, as well as reading anything the helper can read, the friend can write anywhere that the helper can write. Therefore, if the helper needs a password, the friend can type it in without telling the helper.
Over a VNC connection, these conditions are trivially met - both users share a session, and the friend can terminate the session by pressing ctrl-alt-backspace. Over a login shell, these conditions can be met by ensuring that both users have read and write access to the shell, and that the session is terminated when the friend types ctrl-alt-c, or some other special sequence.
Design
This program will be written as a single file in a scripting language, so that it can simply be downloaded and run in an emergency, no matter the architecture the user uses. Python is a good choice for the scripting language because in a default Ubuntu installation, Python supports creating pseudo-ttys (necessary for creating a fully functional shell session) and IPv6 (necessary to talk to Vino), which are only available in Perl if you install extra packages. Although the Ubuntu popularity contest ranks Python lower than Perl, both packages are installed and regularly used in well over 99% of popcon results.
In order to make it easier to access, the script on the friend's computer should be available through the recovery menu in single user mode, and through System Tools->Share my Desktop from the GUI.
Connecting the helper and friend will be a seven step process:
Information: Welcome, explanation of what the program does, warnings about security
Question: Run in helper of friend mode?
Question:
- If in helper mode, information about what the friend needs to know in order to contact the helper
- If in friend mode, IP address of the helper, and an option to automatically run a VNC server (if one isn't running already)
Wait: both users are asked to wait while the computers connect to one another and exchange information
Question: both users are asked to verify the SSH keys that will be used to secure the connection
Wait: the friend's computer tries to start a VNC server, the helper's computer waits to hear what type of session to run
Information: Your connection has been set up, how to close the connection, etc.
In friend mode, the answers to questions should default to the values used by the last successful connection. This is because friends normally only have one helper, but helpers normally have several friends.
To work properly, the program needs connections made over the local loopback interface never to be firewalled in IPv4 or IPv6, and to be able to communicate freely to and from IPv4 TCP port 2222. Inexperienced users might have put firewall rules in place that break this program, while experienced users would be upset if the program modified their firewall behind their backs. Therefore the user is offered the option to have the program poke the relevant holes in the firewall, but the option is disabled by default.
Because helpers are more likely to be able to work around NAT, the program connects from friend to helper by default. Using a reverse connection forces the helper's computer to connect to the friend's instead.
Once an (insecure) connection has been established, the computers swap SSH keys, usernames, and whether they have an SSH server installed. One user will need to have an SSH server installed (but not necessarily running) in later stages, although it doesn't matter who.
When verifying one another's SSH keys, users will be shown the key both as plain text and in the NATO phonetic alphabet, so that they can unambiguously speak it over a phone line. The computers have already exchanged keys over an insecure connection, so the purpose of this stage is just to verify the keys (in case of a man-in-the-middle attack).
Ideally, Python's SSL sockets would be used to secure the connection, but their poor documentation and lack of obvious way to extract SSH key information from a session make them an unwise choice. Beyond the programming obstacles, these issues suggest that Python's SSL implementation has too few eyeballs on it to be trustworthy in a security context. Instead, an SSH client and server will be used as a poor man's cryptography library. Because a connection has already been established, communication with the SSH client and server will be done over the local loopback interface, and the encrypted data transferred over the already-established connection. This saves users the need to open up a second public port for the SSH server to listen on, or to wait while the connection on port 2222 is torn down.
Once the SSH connection has been established, the friend's computer will try to connect to a local VNC server, and will advertise a VNC session if it finds one. Otherwise, it will advertise a shell session.
See also
Recovery/Remote (last edited 2008-08-06 16:18:23 by localhost)