RPort - an open source, self hosted Remote Machine Management System running on Linux!

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] it's your open source advocate and i'm back with another video and today i wanted to talk about our port now in the past i've talked about guacamole i've talked about mesh central i've shown you remotely these are all really great open source applications that can give you open access or remote access to your various machines and they can do it in various ways so mesh central is terrific as a remote machine management system that's what it's designed for and it's really awesome because you can do everything right there through the browser you can get ssh access terminal access command line access you can get desktop access if there's a desktop to be accessed on those machines as well so it's really a terrific tool if you haven't seen it check it out i'll put a link in the description and in the show notes so you can go check that one out but on the topic of remote management i thought there's some other options out there that are really cool and i've been looking at them and teleport's a really great one it's another one that i'm going to cover in the future but i came across our port a while back and a few people have asked me about it and i wanted to show it to you guys so it's it's really just a tremendous tremendous system getting it set up is a little bit tricky initially but once i did it it wasn't too terrible so i'm going to walk you through that process today i'm going to show you two different ways to do it and and really i'm going to focus on the way that says you're running this inside your home network and you have access to your router to do some port forwarding and you can do some things you know based on what you have from your isp so assuming they're not blocking port 80 or 443 those kind of things and if they are you have to do a little bit of port reconfiguration to make this work but there there is also the opportunity to run this out on digitalocean as the server and then still access your machines that way so it's really kind of up to you how you do this but there are two different ways to install the application and it makes some assumptions on the way that you're installing it as to what you have access to so i did want to talk about that but our port is really really cool and it's a little funny because today i was just watching a video by ibracorp that they just put out called m remote ng if you're a windows person and you're a windows user our port's going to be great for you but in remote ng looks really terrific too so i'm going to link to that video as well in my description i highly recommend you go check it out it's only a 10 minute video it won't take you long to see what it can do and what what kind of great stuff you could get out of it it's not really a server it's really something that runs on your local machine and then you use that to access other machines that you've already got the connection set up for but it's really a way of managing and keeping those things organized which is really cool our port is a little bit different it's really a server and then you set up the machines you want to access by installing a client and they connect back to the server so very much like mesh central or other remote management systems it has a really nice com you know a really nice updated user interface and it just really is not too too bad to get set up once you kind of know how to do it now this is really for local access but we're going to modify a little bit so we can also access it from outside with our own fully qualified domain name so we'll kind of go through all of this together and we're going to get into it right after this i'll say thank you so much to all of my patrons over at patreon for your support it means so much to me that i can't really tell you how much it means to me but i truly appreciate that you want to support myself the content that i make and my ongoing efforts to bring you great content every week about open source projects it really means a lot thank you so much now let's get started all right so i've got my server set up already so i'm going to go over here now i've got my root user and it's just a straight up ubuntu 2004 install i haven't done anything to it yet now i'm going to make this just a little bit larger so you guys can kind of see what i'm doing so first i'm going to update this server so apt update and then ampersand ampersand app upgrade and then hyphen y we want to do this and just let it run and then once it's done we'll come back and we'll finish the other part that we need to do all right once that's finished i always like to reboot the system so i'm just going to type in reboot now luckily with lxc containers or lexi containers it just takes a few seconds for them to reboot it's very fast so that's really nice there it is it's done so we're going to log right back in here and it automatically sets up your root account but and this is kind of the same with digitalocean it's always better to create a an actual user account that has pseudo privileges instead of using root so we're going to do that so i like to do add user and then space and then my username so in my case brian so you'd want to put in whatever you're going to use and then it wants your password so just give yourself a nice strong password twice you can fill all this out if you want to but you don't have to and we're done there now we're going to add our user to the sudo group so i'm going to do user mod hyphen a small a capital g and then sudo for the name of the group and then the user i want to add if you wanted to add more users you can just add more users with a space after them and it'll add all of those users just make sure they're actual users with user names in my case i just need mine and now i should be part of the sudo user group the last thing i want to grab here real quick before i switch out to the other terminal is i'm going to do ipa show so i know what my ip address is here locally and it looks like i've got 254 i'm running out of ip addresses i don't know something's going on but there we go 254 is my ip address for this machine so i'm going to clear that out i'm going to say log out and i'm going to open up my terminal and we'll log in as our new user we just created log in with our new user and there's really not much to be done so the first thing i'm going to do is copy those commands that i want out of the web page and i'm going to put them into a just text file here so i'm going to say nano r port run dot txt and then i'm going to go over the web page and i'm going to grab that command that i want which is right here and it's actually all of this i'm just going to grab all of this i'm going to do copy now if you want to you can just click on the copy field over here might make it easier and then do paste just to paste that in now there's a couple of things that like i said i want to change i don't want to use this as localnet um if you're going to use it locally just make sure you use the correct local domain that your system is set up for but i'm going to call this r port and i'm going to call it new dot routemehome.org and the reason i'm doing this is because i own the domain routemehome.org and i'll go and set up an a c name record actually to point to my home address or you can set up an a record if you don't already have that set up as far as these ports so we've got port 50 and port 8000 and this is the client port in the api port so we're just going to leave those unless you have if this is a new machine you shouldn't have anything using them if you do have something using those two ports or either of those ports go ahead and change that port number here to an open port basically if you need to change it to 5100 or change it to 80 82 or something like that it's fine the last thing i'm going to change here is this part that says email i don't want to use email for my second factor authentication but that's what this is for i want to use totp which is a one-time pin so i just want to change that line to say t-o-t-p just like this so i'm just going to save this with ctrl o and then enter and then we're going to exit out and we're just going to do cat rportrun.txt and i'm going to grab this first line so this first line just downloads what we need i'm going to copy and paste it here and i'm going to run it so we don't have curl if you don't have curl that's not a problem you just do sudo apt install curl and i'll go ahead and install w get and get just in case as well so we're going to install curl wget and git and then i just put hyphen y because then it doesn't prompt me after i put in my password it just goes ahead and installs those applications this doesn't take very long usually there we go it's done so now we can try that curl command again there we go now it's going to pull down that file that we needed and it's done so we can cat our our text file again here gonna grab everything with a dollar sign all the way down to these last numbers we're just gonna paste that in kind of double check it make sure everything looks correct make sure you've got everything spelled correctly make sure your numbers look like you want them to and then we're just going to hit enter it's going to go out and it's going to pull down a few things it's going to double check a couple of things it's going to start the installation and this really doesn't take very long uh now i'm running on an ssd if you're running on a spinning drive it might move a little bit slower and depending on the machine you're trying to install this on it could run a little bit slower but i'm running on a system where i gave it two cores and i gave it four gigs of ram basically that's it nothing super high-end nothing super special it may run on something even lower than that i just that's just kind of what i gave it so it says here all right you're set you can now go to ourportnew.realmehome.org port 5000 and it's https so make sure to pay attention to this part so what i've got to do is actually go set up this route to this address or it's not going to go anywhere because it's going to be like i don't know where that is so i'm going to go set this up so there's a couple of places i need to set it up so first i'm going to go to cloudflare because that's where i've got the domain registered if you don't have cloudflare you just need to go to wherever you have your domain registered so when you get to your dns you can just go to whatever your dns host setup is but you want to add an a record if you don't have one already pointing to your home address in my case i have this one here that already points to my home ip address so i can just create a cname record that points to this and that way if i ever update this home address everything that's pointing at it will also get updated at once but if you need an a record usually just click on add and then you'll select the a record type type in what it is you're creating so in my case i'm creating our port hyphen new and then type in the ip address for your home address if you're not sure what your home ip address is you can go to something like ipchicken.com and it's going to come up and show you right around here where what your home ip address is so i'm just going to close that back out now again like i said i need to create a cname record so i'm going to go down in the list here and create a cname and then i'm just going to point it to at so if you're creating a c name and you just have your main domain that's the at right there so i'm just going to put it at that i'm going to leave this proxied and i'm going to hit add now it's going to take a few minutes for this to kick into the dns system so that it actually starts pointing to my home address like i want but we've got that set now so we can go back to where we were working and we need to set up a couple of things here at the home while we're waiting so we'll go over and we're going to open up nginx proxy manager and i'm going to create a proxy now if you don't use something to create a proxy at your home you could just use your router to forward ports eighty four four three eight thousand five thousand and then the range of twenty thousand through twenty thousand fifty to the ip address on your internal network of whatever machine you're running our port on now if you run an nginx proxy manager like i do so you can have multiple servers running and they can have addresses that point to your home and they can be accessed that way then you want to to have something like this set up where you've got nginx proxy manager running so i'm going to go into my proxies i'm going to add a new proxy and i'm going to zoom this up for you guys a little bit and we're first going to give it the name that we need which is our port dash new dot route me home dot org and then i'm gonna hit tab so i get a little chip now what this says is on my router i have ports 80 and 443 forwarded to the machine that runs nginx proxy manager so when when my outside network receives any request on port 80 or 443 it sends that through to this machine running engine x proxy manager nginx proxy manager sees that request and says well what is this oh this is ourportnew.routmehome.org and from here it says what do i need to do with that so i need to tell it what it's going to do with this now that i've got that chip in there i'm just going to select https because remember it says s back there on the terminal we're going to put in the ip address of our local machine so whatever your local machine i p address is and then here we're going to put 5000 now if you changed that port whenever you ran that command to something else make sure you put that in here i'm going to tell it to block common exploits and i want websocket support and i'm going to make it publicly accessible i'm just going to save that first so i'm going to go back into that setting and you can just click on the three dots click on edit and we're going to go here now in my case i have a cloudflare set of credentials that i'm just going to use for ssl i'm going to tell it to force ssl if you don't have this you can just do request a new certificate force ssl make sure your email address is in there and then check the i agree box and hit save and it's going to go make a request for an ssl certificate from let's encrypt for this site but like i said in my case i've got one so i'm just going to use that i'm just going to select it here i'm going to hit save and now when we try this we get to our port site and right here now it gave us some credentials so we have to look at those credentials on our on our command line it says right here here's your login credentials it's admin and then here's your password now this is a password you'll want to change for your admin user and i'm going to destroy this after we're done so don't worry about seeing it but we'll go back and we're going to type in admin and i'm going to just paste in that password and you can tell this to remember you for a certain amount of time so i'm going to tell it to remember me for 24 hours i'm going to say login i'm going to tell it i don't want to save this right now but it's letting me know like hey we're about to get ready to do your totp setup so you need to make sure you've got an application that you can use for that now you can use one of these that they suggest but i like one on the ios side that's called free otp if you want to use that on your on your device but because i use bit warden i would rather use bit warden to get my otp most of the time so if you're using bit ward and i highly recommend saving your credentials in bit warden and then adding the otp to that same site setup so that you don't have to go looking for them later i'm going to get my otp app open here i'm going to be ready to add a new otp and then i'm going to click on next and it's going to generate a qr code and i'm just going to scan it with my phone and then we're going to click on this next button here and i'm just going to look at my code i'm going to type it in and hit next just to confirm that i have the correct access so when you first come in it's going to show you like hey it's a little bit bleak in here i can't really see much what's going on and it's going to show you how to start adding clients and doing things so it's really not too hard but we're going to go to the settings here and kind of check things out so this is kind of the view that you get initially where there's you don't have anything obviously because there's nothing set up yet now you can log out down here but here we're going to go to settings and here we get a lot of settings so i'm going to zoom this up again just so you guys can kind of see it so inside of settings you can say use dark mode so we'll save that here's dark mode that's a little better probably easier on your eyes for you so if you're using chrome you can set up the secure shell app for chrome so you'd want to install the secure shell app for chrome and then you can check this box and it'll basically launch ssh connections right from your from your browser you don't have to have anything special and for those windows users this might be really useful for you to actually have set up so that you don't have to worry about how you're going to do ssh or what application you're going to use now if you want to use putty you can if you want to use powershell i believe you can also do ssh from that but if you want to do it from the browser it's really easy and really quick to set this up command history how many commands you want to keep in your history again you can change this and it can go up to 200 but 50 looks fine to me for now open non-browser-based rdp connections with microsoft remote desktop via rdp for for download win and mac file download when in mac or you can say open rdp schema link and you can basically kind of look for different things linux and free rdp custom scripts so kind of up to you how you want to set those but here's your general settings what do you want the window size to be when you do an rdb connection so you can change this as well if you want to have higher resolution go for it and then the default rdp username if you have one you can set that here you probably shouldn't have one but you can so when we move down to the profile this is your profile as an administrative user you can change your password here and then save those changes here you can add users so this is where i suggest one changing that password by the way for your admin user but then i also suggest adding a user who's not the admin and make sure that you're using that user most of the time now this is the part that they talked about earlier where you can set up clients this is the part that you want to really pay attention to and we'll go through this in a minute i'm going to switch over to my actual system and kind of get that set and we'll use that to add another client here in a minute you can click create client groups and then you can add clients to those groups basically using filters which makes it really nice because then you can take actions on the groups which is really cool so i'll kind of show you that as well you've got a vault for some different information here so you can kind of set up your vault and you got some keys and things like that api tokens that you can generate if you need api tokens you can do that here's information about the system and what it's running in the version that we're running on this links you out to their help pages so they're knowledge base so there's a good bit of information out here and as you click in you'll see there's more things underneath some of these things so you can kind of see all of the topics underneath a lot of this stuff so there's a good bit of information out there on documentation highly worth reading and going through for sure so there is licensing if you want to get um if you want to check out the licensing you should check that out make sure you understand what it's about but the graphical web-based user interface is kind of where a license lies so just kind of check that out so there are some features that are still in development and you'll see some of that occasionally throughout the software but really not bad at all so i'm going to switch over to my actual version of the system that i want to use and we'll kind of check that out now i've got this zoomed up but when you first come into our port this is kind of what it looks like it's it's pretty nice you've got this sidebar of different machines that you've added and it just kind of adds these icons based on the operating system that it determines that it is so here i've got my my actual server for proxmox and when you click on it you get this nice kind of overview of information about your device so you can see what the processes are what they're running and this updates you know every few seconds so if we switch you can see here's the actual uh desktop that i'm using right now and then finally here is another desktop that i have here at my home now i created a few groups so these aren't here by default but i created a group for just the desktop system so you can see down here it kind of filters that out so i can hide those and just show these and you can set up these different groups you want and then add systems to those groups based on what they are so you can create vms desktop servers i mean just kind of anything you want as far as how this works and it's a really great way to organize all of your systems so as we go through these tabs whenever we have something highlighted in this case we have my imac up which has linux on it there's this option to create tunnels which is really cool and we'll come back to that in just a minute so you have this metadata area that's locked and we kind of saw that back on the settings where you have those keys so you can set up metadata about these things but it does stay locked and encrypted you have documents again locked and encrypted you have commands so we could run a command on this machine basically from here which is kind of cool so if i say so i'm going to zoom this well we'll just say we'll just call this update and it's going to try to run for 60 seconds and then we're going to give it the sudo apt update command and we're just going to say so we can save this command so we can use it later but we can also just say just run it so it's going to try to connect to that machine it's going to run it and it's going to show us the output of that command and right now it says all packages are up to date so that's great so on a machine that i'm not actually using right now without having to do an ssh session i was able to run this command from inside of my system now this is protected through authentication and two-factor authentication which is really great but it really just kind of makes it very easy to do that now the cool thing is you can also do this on groups so i could select multiple machines from a group and run the same exact command and have all of those machines try to go and run their updates very quickly so you can also do the same thing with scripts if you have a script you want to create and run you can actually run that script from here you don't have to actually log into the physical machine to do it you have monitoring so i haven't really been running this very long but you can see some of the information that i'm getting out of the monitoring here cpu usage memory usage over time network usage some really cool stuff and then here's a bunch of information about that imac machine that you can just kind of check out so some really great things that are being collected here by our port as well for you to view and then finally you have an audit of what's going on and what's been done on the machine and by who so if you have multiple users in these systems you can limit those users as to how many machines or which machines they can access by group by machine kind of however you want to do that but also you can audit what actions those folks are being are taking on those machines and you can kind of set you know times and time frames or when you want to see that audit for so really kind of pretty awesome so we go back to our inventory and if we go to tunnels i want to create a tunnel so i'm going to add a tunnel i'm just going to leave it as an ssh tunnel to start with because rdp and vnc is not set up on these machines yet but ssh tunnel and i'm just going to leave it as a randomized port so this is one of those ports where it's that 20 000 through 2050 so right now it's going to say it's only it's an acl that's going to be generated it's only my current ip address so only from my current home address so if anybody else tries to access this tunnel they can't if they're not coming from my address so even if they're logged into my system and they're not on my ip address it's not going to work so we can close the tunnel after a certain amount of inactivity so if we you know you can set this 5 minutes 10 minutes 20 minutes whatever you want and then you can also say destroy this tunnel after a certain amount of time so if i say after one hour destroy this tunnel nobody should be accessing it and i just say 10 minutes of inactivity now we can add this tunnel and now i've got a tunnel that's created i've got a secure tunnel created to that machine all right so i reopened this in chrome just to get a little bit cleaner interface i'm not sure why firefox would give me trouble but it was so just be aware of that you might have to open this up in chrome or chromium in this case is what i'm using but i'm just going to go ahead and click on this we've got our tunnel that we created i'm just going to click on this and it's going to ask me for the username i'm just going to click continue it's going to let me know that it's going to open this up in in another application basically so i'm going to click on that and it opens up in ramena which is great remnant is a really cool application as well i need to cover it in the future and now it just wants my my password for that system i can say show password if i want to i'm just going to say okay and there we go i'm logged in and i'm going through a secure tunnel that's basically being routed by my system so pretty awesome and it's not just the normal port 22 kind of thing it's actually running through the system and it's running through the kind of out to the internet and back through a secure tunnel so now i can do all the things i normally do i can kind of do sudo apt update again put in the sudo password and really rumina is just acting as my terminal view basically which is pretty great so i can clear that and when i'm done of course i can type exit and i'm out and now my tunnel is here and if i don't do anything with this tunnel for 10 minutes it's going to close the tunnel if i if i don't do anything at all it's going to in an hour it's going to be gone it's going to get rid of it and that tunnel's that tunnel's gone i have to worry about somebody else accessing it after that so really this is a a really cool way to kind of do these things and see how this functions the next thing that you'll probably be interested in is how vnc works so basically accessing these things to the remote desktop now if you have a windows machine you have remote desktop turned on then you can of course use remote desktop connection to to do the same thing and you can use a tunnel to access that so you're basically setting up these machines these machines once you install that client call out to your server and say hey here i am which is nice you're not setting up some kind of weird thing to to get to each machine and then whenever you create a tunnel this generates that tunnel to go to that machine for you so that you're not having to go do that through all of your or all of your network now what you do have to do is if you're running this inside of your network just like i showed earlier you do have to do some port forwarding through your router so you need to have access to your router and your firewall to be able to set up those port forwards and get that stuff working correctly but once you've done that really it's there and it just functions you just have to have the server running i know the next thing you're interested in is actual remote desktop connections so in this case we're going to use vnc because i'm connecting to a ubuntu machine but again we just go to the tunnels section for the machine you want and click on add and in this case we're going to click on vnc and here you've got an option for enable no vnc which will do your browser-based vnc it's kind of up to you if you want to use an application like romina you can but this is pretty easy and then right here it's just going to ask you about remote ports you can change those things if you want to again we can set this for a timeout i like 10 minutes and again we can set this to 1 hour and 30 minutes is fine and then that's going to create this tunnel so we're just going to hit add here's our tunnel you can see that just again picks a random port and here i'm just going to click on the uh icon again that looks like a terminal icon it's going to come up and give you a few extra options here in the no vnc kind of up to you what you select but in my case i'm just going to leave the default selected and you'll see it pops up and prompts you for the password so put in your password for your no vnc connection and then hit connect and there we go we've got no vnc and i'm now accessing my imac and we can open up tabby and kind of see what's going on there and i can open up other connections after i get to that i can open up to the old media server it's not going to connect because i don't have that server anymore but there you can see kind of what i'm talking about we've now got remote desktop connection as well now this remote desktop connection is very much dependent on how good your vnc server is i found that the built-in server is kind of spotty actually on the ubuntu systems so if you're not really liking that i would highly recommend going out and getting something else as a vnc server they have lots of different vnc servers out there that are open source and free to use so you might do that just to make it easier to get connected but the built-in servers can work they're just a little bit iffy as to whether or not you'll get connected and remain connected once you do don't hold that against the actual r port application that's definitely on the vnc server side but there we go we've created a remote connection and we created our own connection to the server so what if we want to add a new client we're going to go to settings we know here clients and we're just going to click on the plus right here and we're going to give our client an id and that's fine so we're going to call this media server now it automatically generates a password it's kind of up to you whether or not you want to keep this password active or not um if you do definitely use something like a password manager to store this password but you might want to create something even stronger than this normally and then i'm just going to say uh add client access right here now what i need to do once i've created that client in the system here is i actually need to go add the client information to that server so here i've got media server and you see this little button we're going to click on it it's going to generate some code and we're going to grab this code and we're going to click on copy and we'll go log into that server from some other method right now so normally you could do this on the servers it makes a little bit easier and i'm going to paste in that command that's going to download this file that i need i'm going to go back to my browser here i'm just going to grab this i'm going to copy it and i'm going to paste that in to basically run this command and what you'll notice is it says hey i want to see if i can actually access this and i used port 8000 so it's going through to port 8000 and then we get this message like this and it says hey you can now access this thing by using the our port system that you logged into so we'll go back into our browser and we'll just close this window and we're gonna go back up to our system i'm going to go back up to our dashboard and you can see here now that i've got my server so here's my new server you see the information that i've got you can see how it's running so we can see the cpu usage we can see the memory usage we kind of check out all the stats for the server pretty great and again we can create a tunnel to ssh over to the server so i just add an ssh tunnel i can leave everything the same again i can check these things to kind of keep them from being quite so long and i can change that to zero and i can add and now we can access this thing i'm gonna put in my username for this system again you have to have a user on the system it's not magic or anything it's going to open this up in remini put in my password and i'm now logged into the system through our port using the rimina system so pretty great i really like our port i think it's awesome it's kind of cool for keeping all of your systems up to date for checking in on them and the nice thing is if you set this up in the way that i did you can actually add systems that are remote away from your home which is kind of the point of one of these systems in my opinion and once you've got those systems set up you can monitor those systems from away and you can check out the monitoring to see what's going on with those systems as you're kind of checking them out and looking at them you can see what's happening here now this one hasn't been on very long so looking at the monitoring is not going to show us much because it hasn't been there long enough to really grab any any kind of details but you can kind of see what kind of charts you'll be getting we can go look at the server here at the big server and kind of check out what kind of statistics we can get from it so you can see i'm barely using any resources on that server which is great nothing really seems to be going wrong with it so that's really cool for monitoring kind of checking things out and then we've got this option for documents and for metadata and then tunnels which just makes everything worthwhile here on our port so really a cool application i think it's very awesome that you can run this now there's so much more that this can do i've just kind of scratched the surface with you to get your get your appetite wet for you to go out there and try it kind of see what's going on with active tunnels so you can see what tunnels you have that are still active you can get kind of an inventory overview of your different systems that you have set up on here again your metadata and documents view executing commands we talked about this earlier and i kind of showed you how it works but you can also do it for multiple machines you can do it for client groups and so on so pretty cool you do the same thing with your scripts so if you want to run scripts you can run them on multiple machines on groups and so on and then we can come back up to the dash here to kind of see what our machines are looking like and get an overview of what's going on with our with our different machines so i really like this from the perspective of i can manage and access multiple machines from a single place it's a really great as a remote machine management system it's open source they've got this thing out there for you to use and install so i think it's really great i hope you enjoyed this if you did like subscribe tell your friends about it so then come along on the journey with us and i'll talk to you next time [Music] you

Info

Channel: Awesome Open Source

Views: 72,857

Rating: undefined out of 5

Keywords: open, source, opensource, open-source, self, hosted, selfhosted, self-hosted, free, libre, software, server, web, browser, linux, windows, microsoft, pi, raspberry, desktop, digital, ocean, digitalocean, vps, tutorial, how to, installation, instructions, command line, terminal, open source software, rmm, remote machine management, meshcentral, remotely, rdp, vnc, ssh, http, https, remote desktop, tactical, atera, superops, ninja, ninjaone, ninja one, n-able, enable, baracuda, manage-engine, manage, engine, connectwise, pulseway, kaseya

Id: Xc_5qE7ZyYA

Channel Id: undefined

Length: 33min 27sec (2007 seconds)

Published: Tue Apr 05 2022