Remote Support with screen
SECURITY
Remote Support with screen
2016-05-21
By
David "DeMO" Martínez Oliveira

Have you ever supported some computer installation/configuration on the phone?. Probably you did and you know how frustrating it may be. Depending on the experience of the user at the other end of the line you may be getting partial or irrelevant information, making really difficult your task.
Yes, final users have less knowledge that an experienced administrator and what it looks obvious for the later is not that straightforward to the former. I guess you had been in a situation like this:

    Remote Suppor:. Please run the command uname -a
    User: Done
    Remote Support: What does it said?
    User: Nothing
    Remote Support: What?
    User: Nothing happens
    Remote Support: Did you press Enter?
    User: No, should I?

Sometimes, specially with desktop systems, you can do a remote desktop connection and either do the configuration yourself, or see what is going on to quickly respond to misunderstandings.

The situation is worst when the machine to fix is a server or an embedded system. In general it is harder as the users are less familiar with that environment. On top of that, usually you do not have a graphical environment to connect to...

Screen to the rescue

Don't panic. We can use the tool screen to provide an excellent support to our users abusing its share mode. Let's see how to do that.

Let's suppose we have to support a customer in a remote server. We have an access account to get into the machine, and our customer can also log in using the same account. It is possible to use different accounts but that requires to setuid the screen application. Setuid programs are a security risk so we will just not cover it. The curious readers can check the CUSTOMIZATION section in the man page and look for multiuser and acladd/addacl

So, we log into the machine and we start a shared screen session.

screen -d -m -S HelpMe

The flags -d -m instructs screen to start a "detacched" session. According to the man page this is often used to create startup scripts. The -S flag let us give a name to that session, so we can attach to it later in a convenient way. You can also start the screen session and immediately join it. Just omit the -d -m flags.

Now each user to share the share the shell session has to issue the command:

screen -x HelpMe

From this point on, all users will see the same shell session and any of them can type into the session at any time. Starting a simple text editor (nano for instance) gives you an easy way to interchange text messages with the other users in the session.

Now, you can ask your user on the phone to repeat whatever process is failing and see exactly what is happening. Also at any point, if some tricky command needs to be

You can stop the session at anytime pressing CTRL+a+k. You can also detach the current session pressing CTRL+a+d and rejoin later with screen -x SessionName

That's it. Simple and clean

Header Image Credits: menchu