# sshell



## lrhorer (Aug 31, 2003)

I suggest that TiVo implement somehing like secure shell to allow TiVo personnel to log in to a customer's TiVo while troubleshooting. Create a utility under Diagnostics which allows the user to select a Remote Help or Remote Troubleshooting menu when instructed by the TiVo representative. Then tech support can remotely control and / or pull information off the TiVo when the customer calls in for tech support. Putting the session under the user's control eliminates privacy and liability issues. The TiVo rep won't be able to get in unless the user specifically allows access.


----------



## classicsat (Feb 18, 2004)

They have their own telnet server they could enable, if needed, or at least can enable logging, and will use it very discretinonally. 

Anything that requires customer interaction to enable it could lead to undesired consequences.


----------



## lrhorer (Aug 31, 2003)

I disagree. It's no different than the web based live chat utilities used by many large corporations (HP, Microsoft, IBM, etc) to aid in troublehooting issues with PCs, or the Windows XP remote assistance utility. What I am suggesting is a simple selectable field in the Diagnostics section. When the user calls in to TiVo, the technician would say, "Sir / Ma'am, if you will allow it, I can access your TiVo remotely in order to aid in troublehooting." After the user approves, the tech directs them to go into the Diagnostics menu and select <Start Remote Troublehooting>. That's it. Once the user selects the menu item, it enables ssh or some similar protocol on the box, and the tech goes to town. When the tech exits, or after several minutes of inactivity, the TiVo can shut down the listener automatically. It's secure, simple, and offers extremely low liability exposure to TiVo, Inc. At the same time, it can save lots of time and money for TiVo and can reduce the frustration for both the user and the technician when trying to resolve an issue.


----------



## Mars Rocket (Mar 24, 2000)

The TiVo would have to initiate the connection back to TiVo support HQ - if it didn't do this then the techs would have to know how to configure every type of home router/firewall out there to allow an incoming ssh connection. Also, even if your TiVo did call them, they would need some type of scheme for picking up the right incoming connection, and they could easily be DDOS'd by people goofing around in the menus and trying functions like that.

It's an interesting idea, but in practice it's probably too expensive and not necessary enough to make it worthwhile.


----------



## MasterCephus (Jan 3, 2005)

Not to mention the people behind a router would have to tell their router to route traffic to the Tivo box on port 22 or some obscure port Tivo sets up.

Not a problem for geeks, but it could be a support nightmare walking grandma and grandpa through that because you don't know what type of router they have and you have to explain why you are doing that....

Then you have the geeks who have linux boxes in their network who already have SSH being routed to their linux box...

bottom line...bad idea...


----------



## lrhorer (Aug 31, 2003)

Mars Rocket said:


> The TiVo would have to initiate the connection back to TiVo support HQ


This would be the easiest way to mange it, but it isn't absolutely essential. A dual port protocol like ftp would work, as well.



Mars Rocket said:


> if it didn't do this then the techs would have to know how to configure every type of home router/firewall out there to allow an incoming ssh connection.


No, the user would have to, but then the user already has to know how to open up ports on his router for the rest of the internet features to work. Opening up one more is no big deal. If the odd customer or two can't or won't, then they are no worse off than they are now in thsie instances.



Mars Rocket said:


> Also, even if your TiVo did call them, they would need some type of scheme for picking up the right incoming connection, and they could easily be DDOS'd by people goofing around in the menus and trying functions like that.


It already exists. It's called the Media Access Key, and the servers can simply ignore any session set-up packet with an unrecognized MAK until the TiVo technician enables the session on his end. 'Piece of cake, really.



Mars Rocket said:


> It's an interesting idea, but in practice it's probably too expensive and not necessary enough to make it worthwhile.


I think it can be done very inexpensively. There's already tons of free source code out there which handles much of the necessary features, and adding the additional security for the TiVo should not represent a large investment.


----------



## lrhorer (Aug 31, 2003)

MasterCephus said:


> Not to mention the people behind a router would have to tell their router to route traffic to the Tivo box on port 22 or some obscure port Tivo sets up.


No, they don't. Have you ever used web based chat from behind a firewall? Did you have to re4configure the firewall? All that is required is to have the TiVo set uo the session. Any firewall with stateful inspection can handle the rest.



MasterCephus said:


> Not a problem for geeks, but it could be a support nightmare walking grandma and grandpa through that because you don't know what type of router they have and you have to explain why you are doing that....


See my previous reply.



MasterCephus said:


> Then you have the geeks who have linux boxes in their network who already have SSH being routed to their linux box...


If they are geeks, then they won't have a problem reconfiguring their router for a few minutes, not that I suggest they use port 22 in any case. The TiVo is already using 16 custom ports in order to provide internet services such as UnBox, One True Media, and the daily call. One more isn't going to make a difference.

Oh, and by the way, I've had to work with TiVo on more than one occasion to open up ports on my router, and their tech support guys already do it every day - I can tell. They can pretty much do it in their sleep, if the user knows anything at all about his router.


----------

