MeshCentral (web-based remote computer management)

MeshCentral is a free open source web-based remote computer management software. Target end-points are Linux, BSD, MacOS and Windows computers with Intel AMT or where an agent is installed. It allows to remotely manage and control computers on a LAN or a WAN, performing remote desktop, remote terminal, file transfers…

MeshCentral includes its own messaging web application it can be used to chat, transfer files and optionally used for audio and video chat.

MeshCentral will work on NodeJS 6.x and higher (some features, like multilanguage support, require NodeJS 8 at least, built-in letsencrypt requires at least NodeJS 10.12). The default database is suitable to manage less than 100 computers, but for larger scale scenarios MongoDB can be used. MeshCentral can be combined with a reverse proxy and has built-in support for Let’s Encrypt.

Default ports (note it can try the next higher port if it fails to connect to the default one):

  • 80 (to redirect from http to https)
  • 443 (https)
  • 4433 (for Intel AMT)

Development stage: beta (at the time of writing)
License: Apache 2.0
What to backup: meshcentral-data and meshcentral-files directories. MongoDB databases if used.
Configuration file: meshcentral-data/config.json (unless MeshCentral is run in state-less mode). To enable any config parameter make sure to remove the initial underscore ( _ ) from the variable and to restart MeshCentral to apply the changes.

Other features:

  • server peering (load-balancing)
  • 2FA
  • built-in support for HashiCorp Vault
  • Hardware keys support (YubiKey)
  • multi-tenancy
  • custom branding and terms of use
  • multi-language
  • MeshCtrl CLI tool
  • MeshCmd CLI tool
  • MeshCentral Router: a Windows application that performs TCP and UDP port mapping from a local machine to any remote computer thru a MeshCentral server. This feature can be useful to, for example, perform a remote desktop session using RDP.

https://www.reddit.com/r/MeshCentral/



3 Likes

Wow, is this like guacamole but on steroids…
Seems to also have some other added functions.

Cant wait but help install and test this solution.

Not quite… Not quite at all.

Am trying to understand what exactly it is in genrall, ill have to test ride or install to get a footing. It sounds something close to pulseway or manageeninge etc.

So look for what AMT is. It’ll help you to understand better.

Hi

MeshCentral sounds good, but AFAIK is ONLY for Intel CPUs…

and:

According to Wikipedia:


or in german:

Intel confirmed a Remote Elevation of Privilege bug (CVE-2017-5689, SA-00075) in its Management Technology on May 1, 2017.[12] Every Intel platform with either Intel Standard Manageability, Active Management Technology, or Small Business Technology, from Nehalem in 2008 to Kaby Lake in 2017 has a remotely exploitable security hole in the ME.[13][14] Some manufacturers, like Purism[15] and System76[16] are already selling hardware with Intel Management Engine disabled to prevent the remote exploit. Additional major security flaws in the ME affecting a very large number of computers incorporating Management Engine, Trusted Execution Engine, and Server Platform Services firmware, from Skylake in 2015 to Coffee Lake in 2017, were confirmed by Intel on November 20, 2017 (SA-00086).

Seems they don’t have much regard for security, not an Intel first!
Only: one can hardly evade Intel completly…

My 2 cents
Andy

@Andy_Wismer you just killed my head now.

@oneitonitram

I thought it good til I read about bugs, security by obscurity - and it’s Intel… :slight_smile:

Andy

Here is some useful info on Meshcentral:

Andy

This looks interesting. Simple enough to install on a Ubuntu VM, but the “agents” don’t seem to work–I’ve installed it on three Linux servers and one FreeNAS box, and none of them are showing up in my dashboard. The guide says it may take up to a minute to appear; these aren’t showing up after an hour.

2 Likes

guacamole can be used as a central gateway to access any number of machines running different remote desktop servers (RDP, VNC, SSH…) while MeshCentral can use either an agent on the remote computer (Intel/AMD…) or agentless using Intel AMT (with more options specific to Intel AMT). It can be extended using/developing plugins.

Some users were asking for DASH support for AMD but as the developer works for Intel that won’t happen unless done by the community of users.

I’ve tried a minimal part of it over Ubuntu/Debian. By default it is started for only LAN but using the --cert parameter can be started with WAN support (forwarding necessary ports on the gateway). After switching from one mode to the other I found it easier for the machines to show up to restart the client service on remote computer.

2 Likes

Today I’d the same problem. MeshCentral configured in Hybrid mode (LAN+WAN). Agent on remote computers (WAN). Previously used agents (debian/ubuntu) were grayed out. New agents not showing up (windows 7/8/10). After deactivating a software firewall on the computer where MeshCentral is hosted, the agents started to show up (20s-2 minutes).

This lead to “need to improve firewall configuration for MeshCentral” :slight_smile:

MeshCentral is a great, fast tool for remote control/managing.
I tested with MeshCentral server on Nethserver and agents on Nethserver, Neth/ARM, Proxmox, Debian, Ubuntu, Win10 and all are working so far.
All except one agent are in my home network.
You can add and control the local server too.
I am using rh-nodejs10, a virtualhost reverse proxy, WAN only mode and this way only need to port forward 443 from my router to the Nethserver. I assume on a gateway it just works.
I need to get all my notes and the cmdline history together, then I am going to create a howto asap.

Apr 24 06:18:58 testserver systemd: Started MeshCentral Server.
Apr 24 06:18:59 testserver node: MeshCentral HTTP redirection server running on port 81.
Apr 24 06:18:59 testserver node: MeshCentral v0.5.13, WAN mode, Production mode.
Apr 24 06:19:00 testserver node: MeshCentral Intel(R) AMT server running on server.domain.tld:4433.
Apr 24 06:19:00 testserver node: MeshCentral HTTP server running on port 8989, alias port 443.
3 Likes