On Wed, 2018-04-25 at 14:50 +0200, Philip Hands wrote: > ST <smn...@gmail.com> writes: > > > Hello Debian Install System Team, > > > > there used to be Linux install parties - a very cool event in itself and > > a way to bring new users into community. However it is not so easy to > > organize and it is somewhat limiting in time and space. > > > > Several weeks ago I learned about the kernel-space VPN - WireGuard [1] > > and was so positively shocked by the ease of it's configuration/use [2] > > so that I don't stop to think how it can be effectively utilized. > > > > Today I was thinking whether it would be possible to use this technology > > to enable an experienced Linux user to help a fellow newbie to install > > Debian on his Windows box?... > > > > The idea is to add an "Remote assistance mode" into win32-loader. Once > > toggled - it will preseed and run Debian Installer (after reboot) > > without any interaction until it: > > 1. creates a WG interface, > > 2. obtains an IP from a (not yet extent) Debian WireGuard VPN server [3] > > (the assisting Linux profi also should be part of this VPN so he can SSH > > to the newbie through NAT). > > 3. runs SSH server listening on that IP. > > 4. generates a short random password for the root user and displays it > > together with its IP from step #2 on the monitor of the newbie. This > > information (IP and root's password) are communicated by newbie to his > > Linux profi friend by phone/sms/etc.. > > > >>From this point on the Linux profi can SSH to the box and continue the > > installation process in text mode. > > > > Is something like this possible? > > I've not yet used WireGuard, but from what I can see one needs a unique > key per client to be known to the server (perhaps there's a way of > telling it not to care). Also, the examples around the place also seem > to suggest that one needs a UDP port per connection. > > Also, the wireguard.com front page does currently say: > > WireGuard is not yet complete. _You should not rely on this code._ > > Anyway, I don't see that one actually needs WireGuard to implement it. > > A similar result could be achieved by configuring the new system to ssh > to a server somewhere, and either have that connection used for the > remote control, or have ssh also do port-forwarding back to the new > installation.
Indeed?!... I'm positively shocked once again... Never knew it could be possible. Let's say we have a newbie (with a private IP - N which is behind NAT) and the same for a profie with IP P. And a publicly visible server with the IP S. Let's say both can SSH to S:22 and know each others' passwords/keys. Could you, please, describe in details how one can implement both approaches, namely: 1. "to ssh to a server somewhere, and either have that connection used", i.e. `ssh newbie@S:22`... so what now? How profi can get through to N? 2. "or have ssh also do port-forwarding back to the new installation" could you, please show the sequence of commands to achieve this? > > Of course we then have to work out under what circumstances the user > should trust that person to be connected to their network, I think a usual case is when they are just friends and trust each other and have another shared communication channel, like phone/etc.. It's kind of what TeamViewer is doing. The innovative part here though is to enable terminal sharing for _bootstrapping_ an _not yet existent_ OS! Thank you!