Stefan,

Thanks for continuing to ponder on this.

The problem I'm trying to solve is that normal, non-technical people (my sister triggered this) are quite rightly concerned about security and privacy on the internet but not given much real help. Read the fine print on your on-line banking's web site to see what I mean. It will tell you that your PC must be secure, up to date, free of viruses and malware, etc. In real life your daughter grabs the PC and downloads some free movies and viruses, then you go on-line banking, then you run a bitcoin wallet, then your new flatmate gets the router password from the landlord and on it goes. My sister runs an old Mac. and is afraid to update anything because it "will probably break stuff." When she asked me to suggest bitcoin wallet software to run on her computer I became concerned and thought there must be a better way.

At work, we will do our best to isolate "at risk" servers (my sister's Mac) from those that must remain secure (eg. for financial transactions). My idea is to offer the same separation for normal people. If a person had a small, inexpensive computer to use only for on-line banking and a few other secure things that would seem to solve a lot of problems. A Raspberry Pi seems ideal but is no longer inexpensive if you have to buy a monitor and keyboard to set it up.

Back to the use case. I would provide my sister and many people like her with a hardened Raspbian image on a SD card along with a Raspberry Pi. My sister enters her wifi credentials to a file on a USB stick which she inserts in the Pi and plugs it in. A boot script on the Pi connects to WiFi and starts the X2Go server. My sister has installed X2Go client and ideally "just" connects. Many people do not have spare monitors sitting around these days.

I've tried writing the Pi's IP back onto the USB, but do to what some call a bug in Raspbian/Debian the address is not available when boot scripts run. I've tried VNC connect, but there are a few issues with it too. I could periodically ping the Pi's IP and some secret code to an internet web server, but the users of this are naturally distrustful of internet based stuff so I would rather not. My typical user can (probably) install software such as your client, but are not going to be logging into routers or anything very technical. Users would not want anyone else to be able to access their secure Pi.

I hope that explains the use case better.

Thanks, John

On 27 March 2017 at 13:22, Stefan Baur <X2Go-ML-1@baur-itcs.de> wrote:

Am 16.03.2017 um 18:28 schrieb John Cobo:

...

I am considering X2Go for a project which involves non-technical people using X2Go to connect to a Raspberry Pi which does not have a screen and so the user will not know the Pi's IP address. I could set an SSH port on the Pi to an obscure number such as 2432 or something.

Would it be feasible for the X2Go clients have a new option to scan a range of IPs (eg. 192.168.0.1 - 192.168.0.255) for a given port (eg. 2432) on which to connect?

Such a feature could solve the generic problem of how to connect for the first time to something new on your local network.

I've been giving this some more thought. I still believe that we shouldn't be adding such an option to X2GoClient, but there may be more comfortable ways of providing your users with a DNS name to connect to, rather than having to figure out an IP, even without APIPA/mDNS/Zeroconf/Bonjour.

For that, you should tell us more about that usage scenario - will all those Raspis have full internet access? If not, are they being deployed on different subnets of one larger network where you could place one machine they all can reach?

I'm thinking along the lines of using either a DynDNS server on the internet, with the Raspi reporting its internal IP instead of the external one, though, or setting up an internal DynDNS server.

-Stefan

-- BAUR-ITCS UG (haftungsbeschränkt) Geschäftsführer: Stefan Baur Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364 Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243

Stefan,

Don't worry about my bubble, there isn't one. The keystroke watching problem is one I was starting to consider. For about £8 one can buy a little keyboard, more of a remote control with letters. If this were plugged into the Pi for use when typing secure passwords could that help? I'm guessing this would require the Pi to run both X2Go server and a client with the person's laptop connected as a client to the same X2Go session. Is this possible?

I worry that people would not want to bypass their familair OS and laptop for day to day browsing as per your suggestion of inverting the idea. I can see that is a great solution for an office environment though, excellent even.

Thanks, John

On Monday, 27 March 2017, Stefan Baur <X2Go-ML-1@baur-itcs.de> wrote:

Am 27.03.2017 um 16:50 schrieb John Cobo:

...

If a person had a small, inexpensive computer to use only for on-line banking and a few other secure things that would seem to solve a lot of problems.

Aaand that's where you're mistaken. Sorry to burst your bubble. There are two ways to do this that aren't just security theater, but provide real security, and your approach isn't among them.

One is a live system that you only boot for banking, and that has its kernel patched so it is unable to detect and access hard disk media - it will only access optical and USB media. This is the safest way to do it, but of course, less convenient. A German computer magazine called c't issued ISOs with such a modified kernel for a few years (it was called c't bankix), but recently abandoned it. There seems to be a volunteer that has picked up development from where they left, though - he keeps posting updates in their bankix online forum.

The more convenient way is to invert the idea you had: Use an X2GoServer for all "world wild [sic] web" surfing, and your local browser for banking and other secure applications only. This requires a firewall that is set to deny traffic from LAN to WAN by default, and a DMZ in which the X2GoServer resides. We actually offer such systems as appliances for medical professionals, with commercial support and all, see e.g. here: <http://wiki.x2go.org/doku.php/doc:success-stories:electronic-glovebox>

Your approach, using the X2GoServer for the banking stuff only, is insecure for the simple reason that if you use your local machine for day to day surfing, malware can (and will!) hide in the background and capture your keystrokes. It doesn't matter if they're directed at the local browser or at the X2GoClient - as soon as you start typing https://www.ubs.com or https://www.morganstanley.com, the bad guys will know that the next sequence of characters will be your banking login details.

So the only safe and sane approach is to absolutely make sure your client computer is clean and has no connection to the internet (save for the few trustworthy sites you whitelisted), and consider the X2GoServer your "throwaway" machine, because there is no way it could "snoop backwards" to your client, especially when you close X2GoClient before logging in to your banking site.

...

I've tried writing the Pi's IP back onto the USB, but do to what some call a bug in Raspbian/Debian the address is not available when boot scripts run.

That's why you don't do such things at boot time, but instead whenever the interface goes up. Have a look at our X2Go-TCE-Live solution - it displays MAC and IP before the login prompt, but waits until the interface is up and has an IP before creating that file.

Kind Regards, Stefan Baur

-- BAUR-ITCS UG (haftungsbeschränkt) Geschäftsführer: Stefan Baur Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364 Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243

On Mar 27, 2017 8:23 AM, "Stefan Baur" <X2Go-ML-1@baur-itcs.de> wrote:

Am 16.03.2017 um 18:28 schrieb John Cobo:

I am considering X2Go for a project which involves non-technical people using X2Go to connect to a Raspberry Pi which does not have a screen and so the user will not know the Pi's IP address. I could set an SSH port on the Pi to an obscure number such as 2432 or something.

Would it be feasible for the X2Go clients have a new option to scan a range of IPs (eg. 192.168.0.1 - 192.168.0.255) for a given port (eg. 2432) on which to connect?

Such a feature could solve the generic problem of how to connect for the first time to something new on your local network.

I've been giving this some more thought. I still believe that we shouldn't be adding such an option to X2GoClient, but there may be more comfortable ways of providing your users with a DNS name to connect to, rather than having to figure out an IP, even without APIPA/mDNS/Zeroconf/Bonjour.

For that, you should tell us more about that usage scenario - will all those Raspis have full internet access? If not, are they being deployed on different subnets of one larger network where you could place one machine they all can reach?

I'm thinking along the lines of using either a DynDNS server on the internet, with the Raspi reporting its internal IP instead of the external one, though, or setting up an internal DynDNS server.

-Stefan

How about using samba nmbd on the raspberry pi? If you only have Windows clients, they'll be able to connect to the machine by netbios name, same as a DNS name, by default. This depends on no firewall blocking netbios traffic.