From kragen@dnaco.net Fri Jul 3 14:35:39 1998 Date: Fri, 3 Jul 1998 14:35:38 -0400 (EDT) From: Kragen To: clug-user@clug.org Subject: ease-of-use in general Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Keywords: X-UID: 233 Status: O X-Status: People complain that Linux isn't as easy to use, for newbies, as Win95 or Win3.1. Most of the people I know who use Linux or Win95 don't have much trouble with either one most of the time. But from time to time, they have to install something -- a new modem, a new printer, a new application, a new OS. The difficulty they experience at these times can be quite extreme, and is often due simply to their own ignorance. If they were printer experts, or modem experts, or what have you, they would have no trouble at all. Well, of course, that's just a fantasy with Win98 or WinNT. But with Linux, secure remote administration by experts can be a reality. If you want a new printer set up, it's likely that letting me log in remotely would enable me to set it up for you -- although I'd need your reports on what the printer is doing. Here's the scheme: Set up a remote-administration "rendezvous" machine, and a remote-administration contact point email address that goes to a list of people. When someone has a problem, they email the remote-admin contact point address. Someone gets back to them with suggested solutions and time frames. When a mutually-agreeable time is found, - the novice user who needed help (the 'client') connects to the remote-admin rendezvous machine with ssh, tells ssh to proxy their sshd port to the rendezvous machine, and enables their sshd. (sshd can be hidden behind a tcpd that allows only connections from localhost.) - the experienced administrator connects to the rendezvous machine's proxy port for the client's sshd port, and logs in as root. - the experienced administrator talks with the client (either via telephone, IRC, or email) about what they're doing until they finish. - the client enjoys their new functionality, closes the ssh connection to the remote-admin rendezvous machine, and turns off sshd. This has the disadvantage that the novice user has to trust the administrator. Of course, novice users who are switching from Win95 are probably used to trusting just about everybody on the Net, but we should try to instill better security practices! The rendezvous machine makes it possible to log into machines that are behind firewalls. Here are the efforts I see involved in setting this up: - we'd have to establish ssh keys; preferably a private login key for each client, and some number of root-login keys to let administrators log in remotely. One would be sufficient, but its compromise would be catastrophic. One per client would work if we had a secure way of distributing them to the admins. - we'd have to put together a "novice user" package, which would include scripts to do the above-mentioned ssh connection and some text files that describe how to get in touch with us. - we'd have to put up the rendezvous machine, which essentially involves installing sshd and setting up accounts for the clients. - we'd have to put up the mailing list for people to contact when they need help. - we'd have to help people when they need it. The result would be that Linux would be a hundred times easier to use than Win95 for new users. Comments? Kragen