Install meshcentral on embedded devices or provide statically linked mips version of meshcommander. #6068
Comments
|
Intel AMT is no longer being maintained, I do seem to remember someone got meshcentral running on an arm router by install node arm version the just using the npm install! |
|
Also note you can download the meshcmd.exe from ur meshcentral server and run the meshcommander directly from it! And also on the meshcentral.com download page is the meshcommander.msi for u to install and run! |
|
What about running meshcentral manually without node.js? Standalone statically linked builds of apache, lighttpd, JamVM 2.0.0, js OSSP 1.6.20070208, PHP 5.6.40 etc. are available to run on embedded devices. I think that this should be everything that is required to run what the meshcommander firmware installer copied to the intel AMT internal storage to run meshcommander from there. Is it possible and can anyone provide a step by step tutorial on how to run a copy of meshcentral manually without node.js with any of the tools mentioned above? Or what other tools are required on a rudimentary linux machine to host meshcentral if node.js is not available? |
|
meshcentral requires nodejs
|
Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
In the newest versions of Intel AMT, intel has closed "insecure" methods of accessing inte AMT machines.
No VNC on Port 5900 anymore. See Issue:
Ylianst/MeshCommander#98
No Web Intel AMT Access anymore and installing Meshcommander as firmware on the Intel AMT machine isn't working anymore. See issue: Ylianst/MeshCommander#99
The only way to access latest Intel AMT versions right now is to have meshcommander or meshcentral installed on a third pc from which you can then access the Intel AMT machine via TLS. In the past you could vnc into the intel AMT mahcine with any vnc client, even from a mobile phone or acces the intel AMT website with any browser from any phone. This not possible anymore and a huge setback for usability of the intel AMT features.
Describe the solution you'd like
A clear and concise description of what you want to happen.
I need a way to be able to remote control intel AMT machines without having to run a meshcentral or meshcommander on a dedicated pc/raspberry/VPS.
Best way would be to be able to install meshcommander on the Intel AMT machines web storage area like we could in the past.
Alternatively make meshcentral a statically linked binary preferrably for mips systems, that I can run on my linux based mips router which is running 24/7 anyway in order to avoid having to run a third pc/raspberry/vps just to host meshcentral on node.js. These embedded routers do not have fully fledged linux system and are unable to run a full node.js instance, but are able to run smaller programms like openssh, dropbear, lighthttpd etc. A standalone statically linked meshcentral or meshcommander programm in my case for a mips system would be perfect and allow me to run meshcentral/meshcommander from my Internet router, from which I could access my intel AMT machines despite Intel now having closed non-TLS methods for accessing intel AMT features.
Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.
Right now I have installed dedicated third pc that has a meshcentral instance running on it which I can access remotely and then from there I can access my intel AMT machines. This is a huge setback, as I have to set apart a whole pc just for this task. Even doing that on a raspberry pi, which is the smallest, least costing solution is not satsifatcory, as all this could be done in the past wothout any third pc running 14/7. But with intel having ended support for meshcommander, the future of this method is also in doubt.
Also I'm trying to find a way to create a custom UEFI firmware that has an older intel AMT version that still has the non-TLS methods open. But my problem is that my CPU and RAM needs the latest version of UEFI, which unfortunately comes with the latest cut-down Intel AMT versions. And downgrading the intel ME version only breaks too much in the UEFI to make it run stable. So far that avenue did not lead to success, as it is vers difficult to mod UEFI bios without running into issues. Only way is to stick with older hardware that comes with older intel AMT versions. So this method is not worakble for the longer future and a solution to this problem must be found.
Additional context
Add any other context or screenshots about the feature request here.
I think for many intel AMT users the new "features" introduced by Intel for the sake of security are a deal breaker and make intel AMT useless. The possibility to remotely control your intel AMT pc from any web browser or any standard vnc client was a huge huge feature that made me buy a dozen of intel AMT pc's until now. if that is not possible anymore, i will stop buying intel AMT system in the feature and look for alternative ways for bios level remote access.
If there any questions or further clarifications or need for testing, please don't hesitate to contact me. i'm very eager to get the old intel AMT features back despite intel removing them.
The text was updated successfully, but these errors were encountered: