This looks great, but is there a TUI or headless mode?

I don't really like GUIs in my Linux, setting up VNC is such a pain.

Take a look into rustdesk the server ie self hosting bit has been recently open sourced. It's basically Teamviewer but faster and rock solid so far. Some features are missing but the basics are there. I'm going to be dumping our TV account quite soon.

The missing piece was remote installing the client on Windows en mass to be able to be able to switch to root errr Administrator. TV allows you to pass Windows creds through to remote install itself but rustdesk can't yet or that might become an "enterprise feature". However Ansible can manage a WinRM enabled Windows box with Kerb and encryption over http and no client install. You can switch on WinRM via a GPO.

Getting some bits of Ansible working on Arch and certain other bleeding edge distros might involve pip install --update pycrypto (and/or) pykerberos. Python 3.10 deprecated something in a rather cryptic way, that I'm sure was jolly important but broke quite a lot of things important to a Linux sporting sysadmin in a Windows world.

Yes, recently submitted ( https://news.ycombinator.com/item?id=31456007 ) and IIRC, the verdict was it's a bit shady and sketchy on the security front. Unfortunate.

Take a look into the source. I've only cast a vague eye so far but it looks like it reuses quite a lot of well regarded stuff including VNC, so I'll take issue with "shady and sketchy".

If you skim read that thread from HN where I also learned about Rust Desk then there is no consensus about "sketchy". Searching for the word "security" gets a discussion about SSL/TLS and some pontificating.

I'm no real expert on IT security but I do have a Nessus license and a box to wield it from. I've run quite a few firewalls from Fortinet, pfSense, Juniper, hand crafted Linux, . I have 15 VLANs at home 8)

In my office I have a pair of Dell S funky devops switches worth around £20,000 sat on the bench as I plough through the 2000 page manual. I've got over the lack of old school stacking (why do they still have a stack LED indicator?) They have a LACP mediated VLT domain link running at 200Gbs-1 (Gb/s) - two physical wires. Now, do I partition the 100Gb links into four lots of 25Gb because that will allow more flows. Ok let's look at how this thing is used: iSCSI for data and VMware. The iSCSI links are 10Gb to the M series SAN so more links seem indicated.

I also learned Ansible on Thursday rather rapidly because I can deploy these beasts with it (they boot Debian and have Docker installed already, which is adorable!) and coincidentally, I need a non MS way of getting at Windows boxes from Linux. Ansible doesn't need a client app.

It's getting busy in IT. I'm 52 FFS (and absolutely love it!)

The Rust Desk security concern is due to it's not 100% self-hosted, it uses some kind of TURN or fw hole puncher which they host and didn't provide the sources for.

If I'm mistaken please tell me, would love to use it if it's "safe".

I've got a self hosted host in my office. When you deploy a client, you can rename the Windows exe to include the DNS name and public key of your host and it will then use them - clever idea. So I don't think you need their TURN/STUN. I suspect those are simply provided as a service and nothing more sinister.

They also provide three or so really low spec jump boxes to get people up and running if they can't self host - again, I call that altruism not sinister.

I will get Wireshark out anyway to check about this stuff next week.

You can do your own real due-dil stuff yourself by browsing around this: https://github.com/rustdesk/rustdesk - read the issues, browse the source (read the comments!) get a feel for the software.

I'm asserting that it is no worse than anything else. I can also assert that the binaries that I get on Arch Linux are probably from the official sources (I checked a few strings etc). I can't sign off the Windows binaries but I can assert that I do trust them from their GitHub repo.

I can assert things until I'm blue in the face but I trust rustdesk more than most remote access facilities for now but I am still kicking the tyres.