Thursday, 23 January 2020

Veyon (Part 2) - Configure basic setup and authentication keys

Please note this is a draft and will be altered as necessary

In this series of blogs I'm working through setting up and using Veyon. Later blog posts will include configuring Veyon from the CLI and integrating Veyon with LDAP.

From the website: Veyon is a free and Open Source software for computer monitoring and classroom management supporting Linux and Windows.

1. Veyon (Part 1) - Introduction and my system setup.
2. Veyon (Part 2) - Configure basic setup and authentication keys (this blog post).
3. Veyon (Part 3) - Using the CLI (coming soon).
4. Veyon (Part 4) - Using LDAP (coming soon).

I will update these blog posts as and when I learn more or realise that I assume too much or have just got it all plan wrong.

In part 1, the introduction, I went through setting up Veyon on both the master machine and client machines. In this blog I'm going to use the GUI to configure Veyon.

Configuration files, CLI or manually


The settings can be imported via configuration files using the CLI or running individual commands using the CLI. So you can configure Veyon for the master or client and then save and load different configuration files. I’d suggest that you create two configuration files, one for the clients and the other for the master especially if you are going to alter a number of settings and/or have a number of machines to configure or rebuild.

Storing the client configuration file in a central place will allow the scripting of configuring a client machine each day or week via the Veyon CLI and say Linux cron or Windows Task manager.

Configure Veyon on the master


Once Veyon is installed on the master machine you will need to configure Veyon. Here I’m planning on leaving most of the settings as their default. In fact I'm going to alter one setting and create the authentication keys.

To run Veyon’s Configurator by either searching for it in the start menu or by running the command veyon-configurator, as root, from the command line.

Change Veyon settings

As said before I’m not going to alter many settings, in fact I’ll change only one setting.

On the General tab, change the Authentication Method to Key file authentication.

Alter Key Authentication Method to key file authentication
Alter Key Authentication Method to key file authentication

When you click on Apply, Veyon will save the configuration and ask whether to restart the Veyon service or not, click Yes.

Here is a good time to save the client configuration file. Press File->Save settings to file.

Chose your location and save the file with a meaningful name, e.g. Veyon-Client. Later on, once we have defined our rooms and computers we will save the configuration again but to a master file.

Create authentication keys


On the Authentication keys tab, click on Create key pair and enter the name of the user group or role you are creating the keys for. Most documentation suggests that you call it teacher and I think that at the moment it uses it for the file names it generates.

See the documentation for more information on using more than one key pair and access controls for groups and access rules.

Now we want to alter the access group allowed to use the teacher private key. Access to this key allows a user to run Veyon master and access/view all the defined rooms and computers.

On both Windows and Linux you can create a group and add users to the group to restrict who can run the master and login successfully with the private key.

In part 1 we created the groups veyon-master and veyon-client, shown below, and will now set the keys to the correct group access. If the groups aren't created on the master then we will get an error.
sudo groupadd veyon-master
sudo usermod -aG veyon-master $USER
We will need to logout and back in again to gain access to the groups to run the master software, but before we do that we will alter Veyon’s private and public keys to use the new groups.

Select the teacher private key, press Set access group and change the group from root to veyon-master. Do the same for the public key but set the group to veyon-client.

Set authentication key access group

We now need to export the public key to use on the client machines.

Select the teacher public key and press Export key.

Accept the default filename (teacher_public_key.pem) and save the file. You will need the Veyon installation file, the optional client configuration file and this key file to complete the client installation later, so save to a USB key or central location.

Apply the changes and say Yes to restarting the service. 

Install and configure Veyon on the client

See above for installing Veyon on Windows and Linux. Ensure that on Windows you do not install Veyon master on the client machines.

Run the Configurator and either import the client settings or alter the client to use Key file authentication.

Then we will import the public key. Go to the Authentication keys tab, press Import key and open the teacher_public_key.pem file exported earlier from the master machine.

Public authentication key imported into the client

Whilst at the client machine, note down the location and the clients IP address. You may also want to record that clients MAC address, this will allow Veyon to start the client machine remotely, assuming that you have wake on LAN setup on the clients.

Most Linux machines use "ip address" to show the IP address, older clients used ifconfig. Windows uses ipconfig or "netsh interface ip show config" or probably even PowerShell.

Rooms, machines and IP addresses


Next we need to define or rooms and machines. As this software is designed schools and colleges it allows us to define rooms (class rooms) and computers in each room.

Go to Locations and computers tab and create locations and computers for your set up.

My test setup, for example is:

Location: Downstairs
Computer: PC
Host address/IP: 192.168.1.68

Location: Upstairs
Computer: PC
Host address/IP: 192.168.136

Location: Upstairs
Computer: Laptop
Host address/IP: 192.168.1.215

Once complete, Apply settings and restart the Veyon service.

Run Veyon


Now that you have the clients setup with the configuration and public key and the master configured correctly we can start up Veyon master and monitor our clients.

Find Veyon Master in the menus or activities or run veyon-master from the command line.

Click on Location and & computers in the bottom-left hand corner of the app. You can now see your locations and computers.


We can select client machines and see a thumbnail of the actual screen and then monitor, control or take over one or every machine using the buttons across the top of the master application.

You can see the user documentation here for using the master software.

So now you are good to go. Veyon master is configured and the clients are using the authentication key to communicate back to the master.

In the part 3 on this series I'm going to show how many of the tasks completed in the GUI can be achieved from the command line.

No comments:

Post a comment

Oracle CPU downloader

Every quarter I have to go through and download numerous patches for the Oracle CPU (Critical Patch Update). You have to view the CPU docume...