Meshcentral: Too many questions.. love the tool though !

Created on 8 Dec 2019 · 4Comments · Source: Ylianst/MeshCentral

Hi Ylian, I just installed MeshCentral (AWS instance) and it's looking quite amazing so far :-) I followed your instructions from your web page to the point, came upon a few issues with the doc (for example, the pkill command as noted in the stop script is incorrect, the systemd script was somewhat malformed (line-breaks), at least when you copy paste from the PDF and the "node" command is not present in the /usr/bin directory. I created a symlink to the actual bin and it worked great from then on), but was able to get through them quickly.
Installing the agent on a linux box (actually the MeshCentral AWS instance itself) went w/o issues as well as the Windows agent install.. BUT:

I can't find any icon in my system tray that shows that the agent is running, or that lets me stop the agent etc.
I don't see any of the cool new features you outline above.
Here's my MeshCentral Server Version (according to the web GUI): 0.4.5-k
I can't actually even find the version for the agent, as it seems "invisible". The version in Win Apps&Features shows just : 1.0.0
There was no pop up on my RDP client that would have prompted the "user" to "allow" the remote connection. I'd think this would be important.
The MeshMiniRouter.application throws an error when trying to install:
ERROR SUMMARY
Below is a summary of the errors, details of these errors are listed later in the log.
Activation of C:\Users\max_w\Downloads\MeshMiniRouter.application resulted in exception. Following failure messages were detected:
Deployment and application do not have matching security zones.

Question:

Do I actually have the latest MeshCentral Server installed? if no, where could I get the latest Server as well as Agent versions?
Is there a way where I could, after I added all the devices that have an agent installed, directly RDP/SSH from my laptop to those devices without utilizing the Web GUI for RDP/SSH ? Even if I had to initially connect to the web GUI, and connect to the devices, it'd be great if I could use my own SSH/RDP client ;-)

Whew.. sorry for bombarding you with all these questions/notes. I really like your work and would love to make this my standard access tool.

Fixed - Confirm & Close question

Source

maxwinkler13

All 4 comments

Hi. Thanks for the questions. I will do my best to answer everything, but I am sure I will miss things. In any case, here goes...

For any documentation issues, there is a document folder in GitHub that is in Microsoft Word format. If you can make the right edits and send the document back, that would be wonderful. Do put change tracking on.

The MeshAgent can be run in "interactive mode" when you just run it temporary and when you close the window it disconnects or it can be installed in the background, in that case it currently does not have any icons. If you opt to enable use consent features on the server, you can prompt to ask for permission to take control, notify when connecting and show a privacy bar at the top of the screen.

Let me know what features your looking for that you don't see. Server v0.4.5-k is the latest one right now, the agents are auto-updated when you update the server, so they are sync'ed to the server's version. You have the latest installed, you can go to "My Server" and click "Check for updates" to see your version and update your server if needed.

For MeshCentral Mini Router, you need "ClickOnce" support in your browser. Try IE or Edge that have it or you will need an add-in for Chrome and FireFox.

As for your own SSH/RDP client, if they are well know ones, let me know what they are and I will add them to the MeshCentral Router. As longs as I can call them with command line parameters to connect to a local port, that should work.

Let me know if this helps and thanks against for the questions.
Ylian

Ylianst on 8 Dec 2019

Thank You so much for your reply ! I'll take a crack at the documentation and send it back for your review.

Agent icon : I do strongly feel any running application, in general, should have an icon in the task bar. For this specific agent, I'd think, even if confirmation is not required, the icon should indicate a connected session when active, and have a quit/stop service option. (I'd be happy to create an application icon for this if none exist yet.
SSH/RDP client : This would simply be Windows RDP/ Putty for example. I suppose the feature I was looking for already exists via MeshCentral Router. I'll just have to figure out how to utilize it properly. My initial attempt to use the router to create a SSH connection to a connected session failed yesterday. I looked at the meshaction.txt file that was auto-created for the connection I'd like to create the SSH connection to, and the route (tunnel) was created, however I'm not sure how I should set up my SSH client (putty) to actually utilize that route:

  {
 "action": "route",
 "localPort": 1234,
 "remoteName": "ip-<SSH Server instance IP/hostname>.internal",
 "remoteNodeId": "node//<nodeID>",
 "remoteTarget": "",
 "remotePort": 22,
 "username": "admin",
 "password": "",
 "serverId": "<generated Server ID>",
 "serverHttpsHash": "<generated HTTPS hash>>",
 "debugLevel": 0,
 "serverUrl": "wss://<MeshCentral Instance hostname>:443/meshrelay.ashx"
}

If I try to connect to this route as I would usually use an SSH tunnel (localhost:1234), it doesn't work.

Which hostname should I point the SSH client to?
Are the credentials I define here the credentials I'd use to connect to MeshCentral, or the credentials I'd use to connect to the endpoint (here SSH Server)?
How would all this work if the connection requires a key (.ppk) instead of a password?
Anywho... I'll tinker around more with the router, thanks for confirming that this is basically what I'd use the router for :-)
Cheers
MAx

maxwinkler13 on 8 Dec 2019

Agent icon : I do strongly feel any running application, in general, should have an icon in the task bar. For this specific agent, I'd think, even if confirmation is not required, the icon should indicate a connected session when active, and have a quit/stop service option. (I'd be happy to create an application icon for this if none exist yet.

The Mesh agent runs as a service like many other applications/services within a system, i highly doubt you have an icon sitting in the tray many of the other services running in the background doing all kinds of activities. In my usecase, the agent allows for interactive and non-interactive access into systems based on security rights and groups. This is much more preferred then having yet another icon sitting in the tray to confuse end users. You may also want to read up on MeshCommander which is created for the sole purpose of AMT driven system management of devices in organizations. You will notice that AMT does not provide notifications on when it is being accessed. Again, a preferred functionality in large organizations.

Again, the functionality of notifying a user is already present within the Consent features, it works well to notify end users when they are required to accept a session and is well logged within "Events" for auditing purposes.

penguinthingie on 9 Dec 2019

👍1

I agree with penguinthingie in regards to the system tray icon. While it might be a nice option for some I would definitely not want the default behavior for it to utilize a system tray icon. BTW, if it were something that could be made optional it would also be important (at least from perspective) for the icon to be customizable so that we could brand it with our own company logo.