At this point, I'm trying to walk the line between unrealistic "wouldn't it be great if..." type ideas and overly-strict reliance on solving the specific problem I have in my head, so I'd like to go back to first principles for a moment. Please tell me if any of these are false:
1) It's common for new Linux users to have a technical friend that deals with their problems. This is a healthy relationship that we should look for ways to support 2) People generally don't formalise that sort of thing until it's too late 3) All Linux users can be behind arbitrarily complex sets of firewalls/NAT, including multiple layers of NAT or firewalls, not all of which are under either user's control 4) We can expect experts to do some considerable work (e.g. installing packages and configuring routers), but non-technical users need simple instructions from the default installation 5) There's some interest in making small changes to the default install to cater to the above issues 6) Since the people in most need of help are more likely to stick to LTS releases, we can afford to add this sort of feature gradually, and see what public reaction is like The basic solution we're looking at here is to make it possible for the technical friend to set up an SSH connection to the non-technical friend's computer, using an account that has some way to execute superuser commands (with sudo or by actually being the root user). This breaks down into three sub-problems: 1) Creating or modifying an account that has the necessary permissions 2) Creating an SSH connection 3) Destroying or reverting an account to its original state In (1) and (3), I had been concentrating on setting up a mechanism to trust someone temporarily, but I now realise that's not a particularly common use case, because if I trust you today, I will probably trust you tomorrow too. Getting people to jump through the same set of hoops every time there's a problem makes life harder than necessary for non-expert users, which I've been complaining about all thread. Reliably doing (2) is a hard problem. The solution I had come up with strikes me as a good solution for a common use case, but there's no way to deal with the general case without introducing more complexity. Solving the three sub-problems individually allows for more flexibility, because then intermediate users can mix-and-match the parts that they're interested in. Creating, modifying, and deleting accounts is a standard problem, and I've already suggested ways to add the necessary bits into Ubuntu (specifying an authorised key when creating an account, etc.). Since I used the alternate install CD, I don't know whether the default Ubuntu installation gives you the option to set up extra user accounts after installing. If it does, I'd recommend adding a "technical friend" user account creation option. But since most people will click straight through the above option, it would be good if this was offered explicitly somewhere in the System menu, and if a program like friendly-recovery could offer the same functionality from the command line. If there's an interest in it, I would be happy to maintain some sort of "ssh-strategies" script/page that walks people through an increasingly complex decision tree, trying to set up an SSH connection. In order to work easily, there would probably have to be some sort of ssh-strategies-minimal package in the default install. I'd be even more happy if Canonical were willing to host a couple of very simple scripts at ubuntu.com to confirm the user's world-visible IP address and to reflect half a dozen SSH packets back to the address they came from. The former can't be done over HTTP because of the mess of transparent proxies on the net nowadays, and the latter should be safe so long as just enough packets to appear in the SSH log are sent, but not enough to try a password are sent. - Andrew -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss