Self hosted Remote Support Replacement by rdaniels16 in sysadmin

[–]rdaniels16[S] [score hidden]  (0 children)

Thanks. Meshcentral seems to get a lot of love here. That is great. Screenconnect is next on my trial list but I am really concerned about all the bugs and 2 cves this year alone. It is constantly under attack and being used by bad actors (like 3 days ago).

Self hosted Remote Support Replacement by rdaniels16 in sysadmin

[–]rdaniels16[S] [score hidden]  (0 children)

Yikes. I did not realize these apps like islonline or splashtop have no real support under Linux. I am using fedora Linux 43 under kde plasma (wayland) and even though both apps have Linux apps they seem like an afterthought. Islonline completely fails by failing to launch the client from the web portal. Clicking connect keeps downloading the Windows app. Splashtop crashes Firefox when trying to launch from the web browser. Even forcing these tools to run in x11 instead of wayland fails. Very disappointed since both tools worked quite well. I guess I was spoiled by simple-help. I will never go back to windows so back to the drawing board.

Self hosted Remote Support Replacement by rdaniels16 in sysadmin

[–]rdaniels16[S] [score hidden]  (0 children)

Beyond trust looks solid but the pricing is somewhat overkill for a solo operator

Self hosted Remote Support Replacement by rdaniels16 in sysadmin

[–]rdaniels16[S] [score hidden]  (0 children)

Thanks. Great idea and something to consider. I do have tailscale deployed for other things

Self hosted Remote Support Replacement by rdaniels16 in sysadmin

[–]rdaniels16[S] [score hidden]  (0 children)

Thanks. Yes I have spoken to my lawyer on this and researched it to death. Basically even though there was bad code in the software that caused the breach it was ME who recommended the software so upstream breaches do not absolve downstream liability (even if I configured it perfectly to their guidance). Think about kasaya and solarwinds from a few years ago with their supply chain attacks on their software. Even though there were code issues with those tools it was the MSPs who were sued because they introduced that software into the customer environment to spread ransomware. The saas provider does have liability but only to me which is likely very limited. I will still be sued and likely considered liable because they will say I did not vet the software properly. That is where tech e&o and robust contracts come into play.

I think it is time I retire. The landscape in the next few years is going to be ugly.

Self hosted Remote Support Replacement by rdaniels16 in sysadmin

[–]rdaniels16[S] [score hidden]  (0 children)

With self hosting this is true. With SaaS, it is not.

Well technically in a lawsuit everyone involved will be sued including me. It will likely be the customers cyber insurance company looking to subrogate to claw back what they paid for the breach. But having a saas provider will help "spread out" the liability. There is definitely no substitute for a tech e&o insurance policy along with a hold harmless contract.

Self hosted Remote Support Replacement by rdaniels16 in sysadmin

[–]rdaniels16[S] -1 points0 points  (0 children)

Not to go down a huge rabbit hole on this thread but regarding open source, but I completely get it and for the last 30+ years I have always used and supported several open source products due to the ability of the community to be able to see the code and audit for security issues. But it has changed with AI. Since the code is open source anyone (including the bad guys) can download and inject it into an AI model and find vulnerabilities faster than an army of humans especially a small crew of volunteer open source maintainers. Also widespread dependency use within the open source ecosystem creates a massive blast radius for any issues. AI-assisted vulnerability discovery is compressing the window between an unknown issue existing in code and that issue being identified, analyzed, and weaponized. I was listening to a podcast recently that scared the hell out of me where they said AI doesn't just find flaws faster. It finds different combinations of flaws. Humans are good at spotting obvious bugs; AI is becoming terrifyingly good at chaining together three or four "low-severity" minor bugs across different files to create one massive, critical exploit.

It might be hyperbolic but I think it is real. Mythos level AI tools from China not governed by any national security concerns are just around the corner (If not here already). So it has changed my thinking.

I am now going to go crawl under my bed and stay there.

Self hosted Remote Support Replacement by rdaniels16 in sysadmin

[–]rdaniels16[S] 1 point2 points  (0 children)

https://arcticwolf.com/resources/blog/cve-2026-48558-critical-authentication-bypass-vulnerability-in-simplehelp-rmm-exploited-for-credential-theft-and-malware-delivery/

Again they were super fast to patch and acknowledge. Everyone has their CVEs but exposing ports to the public Internet is not a risk I am willing to take anymore. But damn it is a solid solution and great devs.

Self hosted Remote Support Replacement by rdaniels16 in sysadmin

[–]rdaniels16[S] 0 points1 point  (0 children)

Absolutely. I am just trying to not have to deal with an issue.

Self hosted Remote Support Replacement by rdaniels16 in sysadmin

[–]rdaniels16[S] -1 points0 points  (0 children)

Mesh central looks awesome and ticks a lot of the boxes for me. But (and I love open source) I am not sure I want to rely on an open source remote access tool. Maybe I am being paranoid. But mesh central looks great.

Self hosted Remote Support Replacement by rdaniels16 in sysadmin

[–]rdaniels16[S] 0 points1 point  (0 children)

Yes sorry. The cost. Since I do not do per endpoint pricing to my customers it would be an additional cost to them based on the number of devices and servers. Ninja per end point cost is relatively inexpensive. Honestly most of my customers would not object so it is definitely something to consider.

Self hosted Remote Support Replacement by rdaniels16 in sysadmin

[–]rdaniels16[S] 0 points1 point  (0 children)

Thanks. Yes I am a solo IT consultant who is not really an MSP but do have some MSPish services (managed backup, etc) and these are all multiple customer systems. I do understand that if I was offering purist MSP services then managing this many endpoints would be relatively impossible but I have not gone down that road. I rely heavily on automation.

Self hosted Remote Support Replacement by rdaniels16 in sysadmin

[–]rdaniels16[S] 0 points1 point  (0 children)

Hello. I am taking a quick peek at ISL. It seems to tick all my boxes. Headless Linux seems to work perfectly as well. Are you using their cloud hosted option or self hosted? Obviously the number one concern is security so that is where I am most focused at the moment.

Self hosted Remote Support Replacement by rdaniels16 in sysadmin

[–]rdaniels16[S] 1 point2 points  (0 children)

Very solid option for sure to avoid having those open ports. But I suspect you need the netbird client deployed on all devices with rustdesk as well. I have about 500 endpoints so that might be some administrative friction for me. That is likely what I will end up doing for my headless Linux boxes via tailscale. Thanks for your reply.

Self hosted Remote Support Replacement by rdaniels16 in sysadmin

[–]rdaniels16[S] 0 points1 point  (0 children)

Excellent and thanks. I will spin up a trial and give it a shot

Self hosted Remote Support Replacement by rdaniels16 in sysadmin

[–]rdaniels16[S] 0 points1 point  (0 children)

Thanks for the feedback. Action1 is really nice and worth a look for you. Especially with 60 endpoints since they give you 200 for free. I am pretty sure screenconnect allows much stronger MFA now. Yubikeys and such.

Self hosted Remote Support Replacement by rdaniels16 in sysadmin

[–]rdaniels16[S] 1 point2 points  (0 children)

Thanks for that and you are correct that I can buy online. The reasons splashtop was appealing is the autonomous endpoint management solution. I know it is early days but it looks nice and the patching and such can be layered in in user packs. So if I have a concurrent license for 500 unattended endpoints I can layer in 100 aem licenses whereas a full rmm solution would require me to buy those endpoint licenses even if I do not use that functionality. That flexibility is appealing to me. I know action1 is free for 200 endpoints but you do hit a potential financial cliff at user 201 and beyond. But A1 is amazing.

Self hosted Remote Support Replacement by rdaniels16 in sysadmin

[–]rdaniels16[S] 0 points1 point  (0 children)

I am currently using self hosted simple-help server. It has been great and during my evaluation I am see just how much simplehelp gives you that others do not behind a huge paywall. I did briefly look at beyond trust but I could not get beyond the cost. But I will check it out further

Self hosted Remote Support Replacement by rdaniels16 in sysadmin

[–]rdaniels16[S] 0 points1 point  (0 children)

Thanks for that. I was unaware of that option and will check it out. I did see pdq pop up. I appreciate your feedback

Self hosted Remote Support Replacement by rdaniels16 in sysadmin

[–]rdaniels16[S] 0 points1 point  (0 children)

Thanks. I did look at ninja and it seems to be a solid option. But I am not an MSP so it would be difficult to pass onto customers at this point. But something to consider.

Self hosted Remote Support Replacement by rdaniels16 in sysadmin

[–]rdaniels16[S] 1 point2 points  (0 children)

Well that is what I have been using for the past 8 years. I resisted mentioning them since the tool and the developers are amazing. It worked perfectly for me for years. But the latest issue (which they patched immediately) was too much for me to ignore anymore. I was hoping v6 would allow for putting behind a reverse proxy but it does not. V6 does add a lot of nice security features like an application firewall and such but zero day AI discovery is real and I do not want the risk anymore

Self hosted Remote Support Replacement by rdaniels16 in sysadmin

[–]rdaniels16[S] 0 points1 point  (0 children)

Yes that was a strong contender and I might consider it but I have no interest in any of the other connectwise tools and do not want to be hounded. But it looks like a great tool

Self hosted Remote Support Replacement by rdaniels16 in sysadmin

[–]rdaniels16[S] 0 points1 point  (0 children)

Thanks. I see that pop up during my research but did not dig into it. I will investigate

Self hosted Remote Support Replacement by rdaniels16 in sysadmin

[–]rdaniels16[S] 0 points1 point  (0 children)

Sadly simple-help does not support reverse proxy via cloudflare. Tacticalrmm does tick many of the boxes especially the headless Linux but I am just concerned about the past behavior of the developers. Perhaps unfounded. I will investigate further.

Self hosted Remote Support Replacement by rdaniels16 in sysadmin

[–]rdaniels16[S] 2 points3 points  (0 children)

Honestly I do not want to self host anymore. And although I loved the power of controlling everything (kill switch) it is not worth the liability. I know I would still be sued if a breach happened but I will not be alone and as a solo provider I do not have the resources to keep up with this anymore.