[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Remote Debian installation assistance for newbies using WireGuard VPN

ST <smntov@gmail.com> writes:

> Hello Debian Install System Team,
> there used to be Linux install parties - a very cool event in itself and
> a way to bring new users into community. However it is not so easy to
> organize and it is somewhat limiting in time and space.
> Several weeks ago I learned about the kernel-space VPN - WireGuard [1]
> and was so positively shocked by the ease of it's configuration/use [2]
> so that I don't stop to think how it can be effectively utilized.
> Today I was thinking whether it would be possible to use this technology
> to enable an experienced Linux user to help a fellow newbie to install
> Debian on his Windows box?...
> The idea is to add an "Remote assistance mode" into win32-loader. Once
> toggled - it will preseed and run Debian Installer (after reboot)
> without any interaction until it:
> 1. creates a WG interface,
> 2. obtains an IP from a (not yet extent) Debian WireGuard VPN server [3]
> (the assisting Linux profi also should be part of this VPN so he can SSH
> to the newbie through NAT).
> 3. runs SSH server listening on that IP.
> 4. generates a short random password for the root user and displays it
> together with its IP from step #2 on the monitor of the newbie. This
> information (IP and root's password) are communicated by newbie to his
> Linux profi friend by phone/sms/etc..
>>From this point on the Linux profi can SSH to the box and continue the
> installation process in text mode.
> Is something like this possible?

I've not yet used WireGuard, but from what I can see one needs a unique
key per client to be known to the server (perhaps there's a way of
telling it not to care).  Also, the examples around the place also seem
to suggest that one needs a UDP port per connection.

Also, the wireguard.com front page does currently say:

  WireGuard is not yet complete. _You should not rely on this code._

Anyway, I don't see that one actually needs WireGuard to implement it.

A similar result could be achieved by configuring the new system to ssh
to a server somewhere, and either have that connection used for the
remote control, or have ssh also do port-forwarding back to the new

Of course we then have to work out under what circumstances the user
should trust that person to be connected to their network, the
implications of which one cannot really expect a newbie to fully grasp.

Cheers, Phil.
|)|  Philip Hands  [+44 (0)20 8530 9560]  HANDS.COM Ltd.
|-|  http://www.hands.com/    http://ftp.uk.debian.org/
|(|  Hugo-Klemm-Strasse 34,   21075 Hamburg,    GERMANY

Attachment: signature.asc
Description: PGP signature

Reply to: