MeshCentral - Free, Open Source RDM
I discovered MeshCentral (a free open source Remote Device Management software) about a year and a half ago. After setting it up and playing around with it for a few weeks, I quickly replaced all my NoMachine and AnyDesk Remote Control installations at work & at home with it. It has became my de-facto way of interacting with remote systems for remote assistance, system setups and server patching.
| Desktop View | Mobile View |
|---|---|
 |  |
Server Installation
- Normal System Install using NPM: https://ylianst.github.io/MeshCentral/install/
- Docker Compose Install: https://github.com/Typhonragewind/meshcentral-docker
- SSL is self generated by default, but you can use your own SSL keys/reverse Proxy by following THESE steps.
Client Installation
Any 64 bit Linux system with systemd (Arch, Debian, RedHat, etc)
- CD into downloads directory, download the meshagent linux installer and ignore the fact that the server has a self signed certificate. (Not needed if you’re using a reverse proxy)
cd ~/Downloads/ ; wget --no-check-certificate -O meshagent "https://10.0.0.201/meshagents?id=40pZPmGfuvJGQHgbHBwrkuwB&installflags=0&meshinstall=6" ; chmod +x ./meshagent ; sudo ./meshagent -install
64-BIT ARM (Raspberry Pi)
cd ~/Downloads/ ; wget --no-check-certificate -O meshagent "https://10.0.0.201/meshagents?id=OIXF2bCytM26I9MBLPSNsRI22d7k3HkcWfuzAJHAhp84ie51XIOxI6FV&installflags=0&meshinstall=26" ; chmod +x ./meshagent ; sudo ./meshagent -install
32-BIT ARM (Raspberry Pi)
wget --no-check-certificate -O meshagent "https://10.0.0.201/meshagents?id=40pZPmGfuvJGQHgbHBwrkuwB&installflags=0&meshinstall=25" ; chmod +x ./meshagent ; sudo ./meshagent -install
meshagents?id=#### sets the group that the My Devices Group the device get’s placed into.
meshinstall=# sets the binary type. You can find the binary number by selecting the appropriate OS in the Add Agent screen
Cloning VMs - [Reference]
The MeshAgent has a "anti-cloning" system. When it runs, it will store the list of MAC addresses of all network interfaces into meshagent.db. Each time it starts, it looks to see if at least one network interface is the same as one in the list and updates the list. If none match, it will reset it's certificate and show up as a new device (with a new device identifier)
- By default when a Proxmox VM gets cloned, it receives a new MAC address for each of it’s network interfaces, witch means that MeshCentral can safely be installed on Template VMs for management/updates without issues.
- We can also force a device to reset it’s certificate and show up as a new device by deleting
meshagent.db
- We can also force a device to reset it’s certificate and show up as a new device by deleting
- Enable Hostname Sync in Group Settings screen > Features to have the Device Name automatically update whenever the hostname changes. I set this for my TMPLT group that all devices go into by default. I then move the device out of this group after i set it up and configure it’s permanant hostname on the host.
Check MeshCentral Agent Process Status
Linux
systemctl status meshagent
Windows w/Powershell
Get-Service -Name "Mesh Agent"
Multiple Networks / VLANS
At my previous jon we had a couple of VLANS that were for the Production floor and had no WAN access nor LAN access to any other networks. To install MeshCentral agents on these machines I had to do the following:
- Setup Firewall Allow Rule to allow one way traffic from the Firewalled Production LANs to the IP address of the MeshCentral server
- Option 1:
- Add a DNS entry to the server’s hosts file that pointed to the IP address of the MeshCentral server. (MeshCentral agents use DNS to find the Server)
Linux: edit
/etc/hostsand add your server’s DNS name, eg:meshcentral.zinchuk.xyz 10.0.0.240Windows: EditC:\Windows\System32\Drivers\etc\hostsand add your server’s DNS name, eg:10.0.0.240 meshcentral.zinchuk.xyz
- Add a DNS entry to the server’s hosts file that pointed to the IP address of the MeshCentral server. (MeshCentral agents use DNS to find the Server)
Linux: edit
- Option 2:
- Setup a MeshCentral relay server on the firewalled LAN. This would have been my goto if we had more servers on the production LAN.
Sending Commands
With MeshCentral you can send commands to individual/groups of devices. Super handy if you need to push out an urgent patch to systems, do a bulk reboot of devices, or push out a program to multiple devices.
Steps:
Example Commands
Update EndeavourOS Arch Linux System + Reboot
- Update keyring, Update system packages, clear out package cache when done, and then reboot
sudo pacman -Sy archlinux-keyring endeavouros-keyring --noconfirm --needed ; paru -Syu --noconfirm --needed && echo $(sudo ls /var/cache/pacman/pkg/ | wc -l) packages in cache ; sudo reboot
Update Proxmox Server + Reboot
apt-get update && apt-get dist-upgrade -y && reboot
Update Windows Packages with Chocolatey
choco upgrade all -y
Misc Usage
Using PowerShell in Terminal:
Right click when selecting terminal and select powershell OR
type in powershell.exe to switch to Powershell from CMD
Bugs/Workarounds/Extra info
Arch Linux Remote Desktop Bug
- Remote Desktop view doesn’t work by default
- Problem + Fix: https://github.com/Ylianst/MeshCentral/issues/602\
- Workaround is automatically installed when setting up MeshCentral with my linux-setup-script
Windows
- In order to be able to type into Powershell/CMD when remoted in through meshCentral, the “Touch Keyboard and Handwriting Panel” service must be enabled through
services.mscon the remote device. Otherwise you will not be able to type into the CMD/Powershell window directly. The terminal connection tab works just fine though.- https://github.com/microsoft/terminal/issues/9890
Last updated on August 26, 2024. For any questions/feedback, email me at blog@zinchuk.xyz.