Comparing MeshCentral 2 to ScreenConnect
-
@Dashrender said in Comparing MeshCentral 2 to ScreenConnect:
I hope you'll give it a shot. (and same goes for ML).
Have they made a module for NodeBB yet? If not, they need to so that we can consider it.
-
@Dashrender said in Comparing MeshCentral 2 to ScreenConnect:
Speaking of Yubi-key - have you heard of SQRL? https://www.grc.com/sqrl/sqrl.htm
They have an API now that's supposed to make it a lot easier to implement into webservers.I still struggle to trust any website that looks like SW's Curtis made it.
-
@scottalanmiller said in Comparing MeshCentral 2 to ScreenConnect:
@Dashrender said in Comparing MeshCentral 2 to ScreenConnect:
Speaking of Yubi-key - have you heard of SQRL? https://www.grc.com/sqrl/sqrl.htm
They have an API now that's supposed to make it a lot easier to implement into webservers.I still struggle to trust any website that looks like SW's Curtis made it.
:face_with_tears_of_joy:
-
@FATeknollogee (Auto-update broken) There was a few versions a month back where auto-update was broken. Otherwise, MeshCentral has to be running in a way that allows it to write it's own files. This said, it auto-update should generally work - If it does not consistently and it should, file a issue on GitHub.
-
Just published MeshCentral v0.2.7-p with improved support for hardware keys. Now supports U2F (need browser support) and OTP (USB key acts as a keyboard). Much better than yesterday's version. New blog here.
-
I upgraded my install, now I cant login. I can create new accounts OK, but not sure, was I supposed to disabled 2 factor auth (google) before upgrading to new version?
-
@smartkid808 Oh dear... On a safe network, you can run "node meshcentral --user [username]", quickly clean things up and start the server again.
To clarify, when you say "You can't login" - You try to login and are stuck at the "Login token" screen? You only have Google Authenticator setup before? Any more details appreciated.
-
Someone just posted the login problem on GitHub and I posted a fix for it. MeshCentral v0.2.7-r is now live. This fix should solve exactly the problem you got.
-
@Ylian said in Comparing MeshCentral 2 to ScreenConnect:
Someone just posted the login problem on GitHub and I posted a fix for it. MeshCentral v0.2.7-r is now live. This fix should solve exactly the problem you got.
We are on 0.2.7-s
-
@Ylian said in Comparing MeshCentral 2 to ScreenConnect:
@smartkid808 Oh dear... On a safe network, you can run "node meshcentral --user [username]", quickly clean things up and start the server again.
To clarify, when you say "You can't login" - You try to login and are stuck at the "Login token" screen? You only have Google Authenticator setup before? Any more details appreciated.Hi Yilan, I am non-production.. I am just playing with it, so I have no issues starting from scratch.
I can do the first login, then i can get to the 2nd factor login screen.
I will try to install the new version you posted, and report back.
Thanks for the quick response
-
@Ylian said in Comparing MeshCentral 2 to ScreenConnect:
Someone just posted the login problem on GitHub and I posted a fix for it. MeshCentral v0.2.7-r is now live. This fix should solve exactly the problem you got.
Worked like a charm thanks
-
It has been a busy day, just updated to 0.2.8-b
That is SIX releases since yesterday!
-
@scottalanmiller said in Comparing MeshCentral 2 to ScreenConnect:
It has been a busy day, just updated to 0.2.8-b
That is SIX releases since yesterday!
Some of those were quick fix releases.
-
Anyone tried embedding MC yet?
Ive got it working but im not sure about how to automatically generate login tokens.
As per the manual (http://info.meshcentral.com/downloads/MeshCentral2/MeshCentral2UserGuide-0.2.1.pdf) i generated a "LoginTokenKey" but i cant understand how i can generate login tokens out of that key. Anybody has experience with this?As far as i understand the business server can be used to generate those, but how? My business server is running on phyton if that matters.
@Ylian: Is the user guide missing some information on how to generate a login token from a login token key or am i missing something here?
-
@vpr00 said in Comparing MeshCentral 2 to ScreenConnect:
Anyone tried embedding MC yet?
No, but we are super interested in that.
-
@scottalanmiller Ive got everthing working besides the issue i described. works pretty good otherwise.
-
I am running way behind on documentation. On embedding, let me know what server type will be the master (NodeJS, ASP.NET...). Once you get MeshCentral running, get the --loginTokenKey and cut and paste it into your server. Then, if the master server is NodeJS, use this code to generate a time limited cookie on your server and use it as documented. The user name is "user/(domain)/(account name in lower case)", the sample below is for "admin" on the default domain. hope it helps until I get time to work on documentation.
obj.crypto = require('crypto'); obj.encodeCookie({ u: 'user//admin', a: 3 }, obj.loginCookieEncryptionKey)
// Encode an object as a cookie using a key using AES-GCM. (key must be 32 bytes or more) obj.encodeCookie = function (o, key) { try { if (key == null) { key = obj.serverKey; } o.time = Math.floor(Date.now() / 1000); // Add the cookie creation time const iv = Buffer.from(obj.crypto.randomBytes(12), 'binary'), cipher = obj.crypto.createCipheriv('aes-256-gcm', key.slice(0, 32), iv); const crypted = Buffer.concat([cipher.update(JSON.stringify(o), 'utf8'), cipher.final()]); return Buffer.concat([iv, cipher.getAuthTag(), crypted]).toString('base64').replace(/\+/g, '@').replace(/\//g, '$'); } catch (e) { return null; } };
-
@black3dynamite Right, it's not always big updates. Doing a lot of security work recently. Just about to publish a new version with better password change dialogs, random time delay if on bad passwords, ask for old password when changing it, display password policy at the right places, etc.
-
@Ylian said in Comparing MeshCentral 2 to ScreenConnect:
I am running way behind on documentation. On embedding, let me know what server type will be the master (NodeJS, ASP.NET...). Once you get MeshCentral running, get the --loginTokenKey and cut and paste it into your server. Then, if the master server is NodeJS, use this code to generate a time limited cookie on your server and use it as documented. The user name is "user/(domain)/(account name in lower case)", the sample below is for "admin" on the default domain. hope it helps until I get time to work on documentation.
obj.crypto = require('crypto'); obj.encodeCookie({ u: 'user//admin', a: 3 }, obj.loginCookieEncryptionKey)
// Encode an object as a cookie using a key using AES-GCM. (key must be 32 bytes or more) obj.encodeCookie = function (o, key) { try { if (key == null) { key = obj.serverKey; } o.time = Math.floor(Date.now() / 1000); // Add the cookie creation time const iv = Buffer.from(obj.crypto.randomBytes(12), 'binary'), cipher = obj.crypto.createCipheriv('aes-256-gcm', key.slice(0, 32), iv); const crypted = Buffer.concat([cipher.update(JSON.stringify(o), 'utf8'), cipher.final()]); return Buffer.concat([iv, cipher.getAuthTag(), crypted]).toString('base64').replace(/\+/g, '@').replace(/\//g, '$'); } catch (e) { return null; } };
Thanks for your fast reply. My master server is running python and im not sure if i can replicate your piece of code in python.
Anyway, thanks for your reply. I see youre busy with other features and i dont want to take too much of your time away.
Maybe there is some python/crypto expert on here which can translate your code to phyton?
I mean, for my needs it would be suitable if i could easily create one login token without time limit. I think a feature like this would be easily implemented on your side but im not sure if that would be against your security model?
-
@vpr00 If you want to be completely evil... you can try on your server /createLoginToken.ashx?user=(username)&pass=(password) and it will return a login token. It's evil because passing credentials in a URL like this is really bad. Often URL's are logged and so your password is in event logs. This said, people kept wanting me to add this feature...