Solved

SSH remote execution

Posted on 2004-10-28
1,152 Views
Last Modified: 2012-05-05
Good-day,

I have two windows computers named Client1 and Server1.  Server1 is running OpenSSH server, and Client1 is running Putty, and is connected to Server1 via SSH.

From Server1, how do I execute a command, like notepad.exe to open up and run on Client1.

Thanks for your time.
0
Question by:PastorDwayne
    24 Comments
     
    LVL 3

    Expert Comment

    by:CBozeman
    SSH won't do this for you.  A shell only provides access to DOS like commands that don't require a graphic display.  And the SSH connection goes one way, the client runs functions on the server, not vice versa.

    If you want to to be able to open windows (like notepad) you will need to use a windows terminal service.  A good free one is TightVNC, http://www.tightvnc.org


    Is this what you are looking for?

    CBozeman
    0
     

    Author Comment

    by:PastorDwayne
    Thanks for your response.  I have use VNC before, but in this particular instance, it wouldn’t work.

    What I would like to accomplish is to have a client computer log into a server via a secure connection (over the internet) and after a connection is established, a program is executed from the Server to run on the client computer.

    If SSH will not allow this, is there any other form of tunneling that will? IPSec maybe?

    Thanks again.
    0
     
    LVL 3

    Expert Comment

    by:CBozeman
    Hmm... I am not sure.  

    You might look at something like PsExec (http://www.sysinternals.com/ntw2k/freeware/psexec.shtml) or seeing if login scripts work for Windows VPN server.

    Is the server Windows?

    CBozeman
    0
     

    Author Comment

    by:PastorDwayne
    CBozeman,

    Thanks for your respose.  The server right now is Windows, but I am willing to switch to Linux just to get this working properly.

    I'll have a look at that utility and see if it will work.

    Thanks.
    0
     
    LVL 51

    Expert Comment

    by:ahoffmann
    > If SSH will not allow this,
    wrong statement! M$ does not allow this, ssh does for shure.

    > is there any other form of tunneling that will?
    either use VNC (as suggested), or M$'s terminal Servises with rdesktop

    > IPSec maybe?
    no.
    Keep in mind: you've choosen M$, now you need to use what they provide ;-)
    0
     

    Author Comment

    by:PastorDwayne
    ahoffmann,

    Could you explain how I could implement this with a Linux server and a Microsoft client using SSH?

    When the client (Windows) establishes an SSH connection with the server (Linux)  I would like to be able to run a program remotely from the Linux box to the Windows box (ie like open up notepad on the client desktop).

    Thanks for your time.
    0
     
    LVL 51

    Expert Comment

    by:ahoffmann
    install a X server on windoze client, then login to Linux (using XForward option, which is default) and start any application
    Probably you need to set the DISPLAY environment variable
    Some X-Servers can be found at
            http://www.starnet.com/         X-Win32
            http://www.microimages.com/     MIX95
            http://www.hummingbird.com/     Exceed

    another popular one comes with cygwin
    0
     

    Author Comment

    by:PastorDwayne
    Is there any way to use OpenSSH or PUTTY on the Windows client compter rather than what you had listed?
    Would I still be able to execute commands from the remote Linux server if these clients were used?

    I think this is the right track though...
    0
     

    Author Comment

    by:PastorDwayne
    I would prefer to use Putty, if at all possible.

    Thanks again..
    0
     
    LVL 51

    Expert Comment

    by:ahoffmann
    you can use any command on remote system (linux) with putty
    Just if you want to use programs with GUI, then it must use a protocol which your system (windoze with putty) supports:
    and waht does M$ support to use remote programs with GUI? nothing
    Does this answer your question?
    0
     

    Author Comment

    by:PastorDwayne
    So the configuration that I have now is a Windows computer running PUTTY (SSH client) and a Linux computer (SSH server).

    When the SSH Client (Win) establishes an SSH connection to the server (Linux); is it possible then to start an application from the Server to the client?

    For example, if I am logged on locally to the Linux SSH server computer, and a Windows client (Putty) establishes a connection with me, what command would I use to open up Notepad on his desktop?

    Thanks again.
    0
     
    LVL 51

    Expert Comment

    by:ahoffmann
    > For example, if I am logged on locally to the Linux SSH server computer, and a Windows client (Putty) establishes a connection with me, what command would I use to open up Notepad on his desktop?

    In this scenario "you" cannot open notepad on "his" desktop
    Why would you do that? the initiator is the PC ...
    0
     

    Author Comment

    by:PastorDwayne
    Yes, That is what I am wondering; If the server can control and execute commands from the client.


    I think CBozeman had a good suggestion with the PsExec utility... I think this may be the closest I'll get.
    0
     
    LVL 51

    Expert Comment

    by:ahoffmann
    psexec will not help you anyhow on Linux

    Could you please explain what you want to aquire? Just a login script ...
    0
     

    Author Comment

    by:PastorDwayne
    Here is more specifically what I would like to do:

    I would like the ability to maintain windows computers remotely (and securely).  If someone calls in, for example, to say that their computer is slow,  I would like to be able to run defrag / and Adaware scanner on their computer from my server computer (Linux).

    There are multiple windows clients that require this type of administration, and ideally I would like to do this remotely, rather than on site.

    The problem is that most free SSH server (and open source) packages for windows have a large footprint, and from what I have read, emulate Linux operating system anyways (which I would prefer not to do)

    So, what I thought I could do is install a customized PUTTY client on their windows computer, and then from there, have them login to my SSH Linux server, and remotely administer it from there.

    Do you have any suggestions of how this can be implemented?  I have been using VNC, but this is not secure; as well there can be a problem with firewalls in front of the windows client computer.

    thanks again.




    0
     
    LVL 51

    Expert Comment

    by:ahoffmann
    > I would like the ability to maintain windows computers remotely (and securely).
    M$ provides a couple of ways to do this, AFAIK all for $$$$ (and probably highly unsecure too)-:

    I'd install VNC on each client, then you can run vncwiever on Linux with full control over the client.
    There're various VNC servers arround, a few links:
           TightVNC http://www.tightvnc.com/
           RealVNC http://www.realvnc.com/       
           TridiaVNC http://www.tridiavnc.com/       
           Cygwin http://www.cygwin.org/xfree/       
    and here how to install some remotely (not shure, never checked myself):
           http://www.digitaloffense.net/docs/Remote.VNC/remote_installation.txt       

    I don't have experiance about security of these solution, in particular with man-in-the-middle attacks. If you care,
    you always can tunnel the VNC ports using ssh, which requires an additional ssh server on the client, for obvious reason.
    0
     
    LVL 3

    Accepted Solution

    by:
    VNC is the route you will need to go.

    To secure vnc, i would suggest using OpenVPN:
    http://openvpn.sourceforge.net/

    The Linux machine can run the server, the client can then connect the VPN when you need it, and you can then VNC into the VPN address of their computer.

    OpenVPN supports encryption and compression of data.

    CBozeman
    0
     
    LVL 8

    Assisted Solution

    by:edkim80
    Try using a very simple program called netcat (nc).  This program is considered the "swiss army knife" of networking.  It has a variety of uses, and because of its flexibility, it is used frequently as a hackers tool.  

    http://www.securityfocus.com/tools/139/scoreit

    Basically, you have netcat on both computers.  The client executes a command
    nc -l -p 23 -t -e cmd.exe
    which has netcat listening on port 23 (or whatever port) and upon a connection to that port, it will spawn a cmd shell on the server with the permissions of the client user who initiated the netcat listen.

    on the server (linux or windows) you use
    nc xxx.xxx.xxx.xxx 23

    and will be presented with a cmd line where you can execute anything u want and it will pop up on the client machine.  Of course, you can't control an gui's ... everything will be cmd line only.  VNC would be the way to go with the gui's.

    Hope this helps
    0
     
    LVL 51

    Expert Comment

    by:ahoffmann
    how does openvpn and/or netcat help to run notepad.exe for example from Linux?
    0
     
    LVL 3

    Expert Comment

    by:CBozeman
    I don't think netcat would do anything for you, but Openvpn can create the secure tunnel for running VNC. Then another workstation in the same VPN could connect via VNC to the PC needing attention.  

    So you would end up running VNC listening mode on all remote PCs with an icon for conencting to OpenVPN.  If a user calls with troubles, have them connect OpenVPN, then the admin (either from the server location or another remote location with their on OpenVPN connected) could VNC into the PC.

    CBozeman

    0
     
    LVL 8

    Expert Comment

    by:edkim80
    On a windows machine, using the command prompt, you type in the above netcat listening command.  It then waits for an incoming connection.  Then on a linux machine, you issue the nc command to the ip / port, and you are then presented with a windows cmd.exe on your linux shell.  Any programs executed from the linux netcatted shell are displayed on the windows client machine.

    I believe this was essentially what PastorDwayne was asking, except subsituting nc with ssh.  I have tested this on a windows xp and fedora 2 setup.

    Also another alternative to using openvpn would to use ssh forwarding (ssh -L and -R ) to establish a secure connection between client and server and simply VNC to the localhost:portforwarded to connect to the client machine.
    0
     
    LVL 51

    Expert Comment

    by:ahoffmann
    my question was about notepad, not cmd.exe, I know how to use netcat and other tunnels to do that, and still suggested this. I was wondering why this sugesstion have been graded 'cause the initial question was about GUI programs (notepad) which do not work this way. See all my comments.

    Still waiting for an answer why nc helped but not my suggestion about using openssh on windoze (which is more straight forward:)
    0
     

    Author Comment

    by:PastorDwayne
    edkim80;

    I'm curious about your comment concerning port forwarding; would this be remote port forwarding on the PuTTY side?
    0
     
    LVL 8

    Expert Comment

    by:edkim80
    yes.. so for a VNC example...

    the client would run VNC server - (listening to port 5901)
    the client would then run the command ssh -g -R 5900:localhost:5901 admin@servermachine

    (this establishes a tunnel where all traffic from admin@servermachine:5900 ----> clientmachine:5901)

    the server would then run VNC viewer to localhost:5900 which would tunnel to the client.

    hope this helps
    (sorry I believe the putty equivalents are under the tunneling section but i am not too familiar with putty)
    0

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Free Trending Threat Insights Every Day

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
    Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
    Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
    Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

    884 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now