Stefan,

Thanks for continuing to ponder on this. 

The problem I'm trying to solve is that normal, non-technical people (my sister triggered this) are quite rightly concerned about security and privacy on the internet but not given much real help. Read the fine print on your on-line banking's web site to see what I mean. It will tell you that your PC must be secure, up to date, free of viruses and malware, etc. In real life your daughter grabs the PC and downloads some free movies and viruses, then you go on-line banking, then you run a bitcoin wallet, then your new flatmate gets the router password from the landlord and on it goes. My sister runs an old Mac. and is afraid to update anything because it "will probably break stuff." When she asked me to suggest bitcoin wallet software to run on her computer I became concerned and thought there must be a better way.

At work, we will do our best to isolate "at risk" servers (my sister's Mac) from those that must remain secure (eg. for financial transactions). My idea is to offer the same separation for normal people. If a person had a small, inexpensive computer to use only for on-line banking and a few other secure things that would seem to solve a lot of problems. A Raspberry Pi seems ideal but is no longer inexpensive if you have to buy a monitor and keyboard to set it up.

Back to the use case. I would provide my sister and many people like her with a hardened Raspbian image on a SD card along with a Raspberry Pi. My sister enters her wifi credentials to a file on a USB stick which she inserts in the Pi and plugs it in. A boot script on the Pi connects to WiFi and starts the X2Go server. My sister has installed X2Go client and ideally "just" connects. Many people do not have spare monitors sitting around these days.

I've tried writing the Pi's IP back onto the USB, but do to what some call a bug in Raspbian/Debian the address is not available when boot scripts run. I've tried VNC connect, but there are a few issues with it too. I could periodically ping the Pi's IP and some secret code to an internet web server, but the users of this are naturally distrustful of internet based stuff so I would rather not. My typical user can (probably) install software such as your client, but are not going to be logging into routers or anything very technical. Users would not want anyone else to be able to access their secure Pi.

I hope that explains the use case better.

Thanks,
John

On 27 March 2017 at 13:22, Stefan Baur <X2Go-ML-1@baur-itcs.de> wrote:
Am 16.03.2017 um 18:28 schrieb John Cobo:

> I am considering X2Go for a project which involves non-technical people
> using X2Go to connect to a Raspberry Pi which does not have a screen and
> so the user will not know the Pi's IP address. I could set an SSH port
> on the Pi to an obscure number such as 2432 or something.
>
> Would it be feasible for the X2Go clients have a new option to scan a
> range of IPs (eg. 192.168.0.1 - 192.168.0.255) for a given port (eg.
> 2432) on which to connect?
>
> Such a feature could solve the generic problem of how to connect for the
> first time to something new on your local network.

I've been giving this some more thought.  I still believe that we
shouldn't be adding such an option to X2GoClient, but there may be more
comfortable ways of providing your users with a DNS name to connect to,
rather than having to figure out an IP, even without
APIPA/mDNS/Zeroconf/Bonjour.

For that, you should tell us more about that usage scenario - will all
those Raspis have full internet access?  If not, are they being deployed
on different subnets of one larger network where you could place one
machine they all can reach?

I'm thinking along the lines of using either a DynDNS server on the
internet, with the Raspi reporting its internal IP instead of the
external one, though, or setting up an internal DynDNS server.

-Stefan

--
BAUR-ITCS UG (haftungsbeschränkt)
Geschäftsführer: Stefan Baur
Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364
Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243