Feature Request: Is my screen being accessed ?

[reidjr]

I use the hardware KVM where possible, but have to run meshagent ( which is great) in other circumstances

What I miss is that when someone (usually me I hope) is running meshagent kvm there is no indication on the target machine that the screen is being accessed. With the hardware KVM, a really obvious flashing icon/scrolling edge is displayed.

Is a desktop indicater on the target machine possible with meshagent ? Be good to know if you are on camera when you are doing your banking ....

[krayon007]

Which OS are you using on the meshagent? I actually have a flashing border feature implemented for Windows and Linux, but I haven't figured out a good way to accomplish it on MacOS. We haven't released it yet, becuase the flashing borders are drawn on the client, so they are actually scraped as part of the KVM and drawn on the remote screen too, which isn't ideal.

[Ylianst]

Not sure if this is widely known, but MeshCentral has a "User Consent" settings in the device group screen as shown below. Bryan will be adding the blinking border at some point to these options, but I want to make sure the existing options are known.

Let me know if these work for you. Thanks.

[reidjr]

Thanks both for the quick replies.

Ylianst,
Good reminder. I was thinking the consent wasn't useful for my use case. (I want to be able to access the deskyop remotely, when I am not there. As well as to be aware if someone is accessing when I am there.) Hiowever I wasnt aware/had forgoten about the notify option. Its nearly works for me as the pop-up right in th emiddle of the screen is exactly the unsubtle message I want. However it times out, so if the remote session starts when you are AFK, then you miss it.

[ off topic, but this request was kicked off because I dont get offered the options on the server to activate 2 factor authentication with my meshcentral server runnning perfectly on a raspbery PI. Is there some pre-requisite or setting I am missing]

krayon007,

Linux ( Ubuntu 18.04)

I see how the flashing border being sent back to the remote user is a problem. One thought, If you were to place a few pixel wide flashing strip on one edge, rather than a band all the way round, but then crop the desktop when viewed remotely, does that work ?. With the flashing strip feature on cropped/without the feature not cropped ...

kind regards

[Ylianst]

[ For the off-topic question: You can only use 2-factor authentication if the server is "named" (is in Hybrid or WAN mode). So you need to run --cert [servername] or add "cert":"servername" in the "settings" section of config.json. This is because OTP and FIDO2 use the server's DNS name. Hope it helps ]

[Ylianst]

One easier option would be to place a non-removable notice on the remote screen when doing a remote control session as one of the available user consent option and see how that goes.

[ghplw]

Just as long as notification always stays as an option when using the agent. One thing we are using MC for is to remote in to digital signage. This is where it has a huge advantage over Teamviewer because you can remote in and make changes on a second screen without the public seeing anything happen on the main screen.

[reidjr]

Ylianst,

Yes for my purposes the current notify " mr X has connected " without the timeout would be more than adequate. The continuous annoying flashing edge of the hardware KVM is great for making sure you notice it, but all I want is to know if anybody is accessing the local machine if I am sitting in front of it.

[reidjr]

[ For the off-topic question: You can only use 2-factor authentication if the server is "named" (is in Hybrid or WAN mode). So you need to run --cert [servername] or add "cert":"servername" in the "settings" section of config.json. This is because OTP and FIDO2 use the server's DNS name. Hope it helps ]

I am accesing my meshcentral server "over the internet" using dynamic DNS and letsencrypt, so it should allready be set up correctly (?) It is an old install that I continually update, is there somthing I need to add to the config.jason ? [ Do you want me to open a seperate issue ? ]

[Ylianst]

Yes, open a new issue for the 2nd factor problem 👍

[reidjr]

Just realised a catch 22 problem. If there is an indicator middle of the desktop, and you make it permanent. Then both local and remote good guys will be inconvenienced. If it times out you miss it locally, and if you can cancel it, you can cancel it as the remote (possibly bad guy) user. So any woorking solution needs the indicator to only be visible by the local user.

[krayon007]

Any solution in software will be vulnerable to being disabled by a bad actor, because they'll have root access. The border thing is really meant as a type of notification.

To secure from a bad actor, you should really either use a user consent dialog to explicitly allow a connection, or use a hardware KVM where the borders are drawn locally in hardware, such as the case for Intel AMT Hardware KVM.

[Ylianst]

Published MeshCentral v0.4.5-b with a new option for showing a privacy bar on the remote desktop. You can enable this in the "User Consent" options of the device group.

I am going to close this issue since it's starting to be old. If there are any problems or suggestions with the new privacy bar, please open a new issue.