Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 920
  • Last Modified:

script to access windows files..

Hi,

I am new to solaris.

I want to write a script on solaris which will get files from one linux box and put files to different windows box.

This is because i wanted to make my solaris box as a central repository to keep the files coming from linux box and my linux box can't access windows box directly due to different ip series..

below diagram will explain the data flow in detail..

Linux Box--------------------------> Solaris Box ----------------------------> Windows Box.

Can anybody help me on this..

Thanks
Deepak
0
deepakjena_2003
Asked:
deepakjena_2003
  • 9
  • 5
  • 4
  • +1
3 Solutions
 
PsiCopCommented:
Depends on HOW the files are available from the Linux box, and HOW the file have to get to the Windoze box. For example, is everything an NFS mount on the Solaris server? Or are you using FTP? Or SFTP with host keys so there's no password sequence? No one is going to be able to write a simple script unless you take some time to *cogently* describe the environment, and what transport mechanisms are available to move the data.

So... HOW do files get moved? Or is THAT the info you're looking for, not a script?
0
 
deepakjena_2003Author Commented:
Let me explain clearly about my requirement...

1) My linux box(A) contains webserver log files.
2) i wanted to copy these log files to windows Box (C)
3) there is no network link between A and C
4) i have a central solaris Box(B) which can connect to both A and C.
5) NFS is not configured on these boxes.
6) I can use either ftp or shared folders to get files from A to B and then to C.


in a single line..... the script on "B" should be able to get files from a folder on "A" and put these files to a folder on "C".

The script should to do all the above file transfer in a secure manner as these boxes are production boxes.


Thanks
Deepak
0
 
PsiCopCommented:
Neither FTP nor shared folders are terribly secure. Among other issues, FTP sends everything in the clear, including authentication credentials. And shared folders, if you're talking about the Windoze variety, are the last thing you'd want to set up on a Linux server, epecially a webserver. Might as well chmod 777 everything.

I would use the Secure FTP (SFTP) function of SSH - this may be included with your Linux distro, but since you haven't bothered to mention which distro or version you have, nor the version of Solaris, its kinda hard to tell you if its in there. SUSE Pro 9.x comes with OpenSSH as part of its install, I can tell you that. If your distro doesn't have it, then you'll need to get and build it. Check out http://www.openssh.org and http://www.openssl.org

OK, so you set up an SSH server on the Linux server, and you create a restricted (perhaps you use rssh) account that can read the webserver log files. You configure the SSH server on the Linux server to only let that account log in from the Solaris server, and probably use hostkeys to help enforce this. This is documented in OpenSSH and related websites.

Solaris v9 and later include a SSH/SFTP client, or you can download and install the OpenSSH/OpenSSL code for Solaris 8. Before v8, it gets trickier, because there is no /dev/random before then (and its a patch for Solaris 8, #112438). Again, what you do is dependent on what version you have and what you've installed.

Finally, you also put an SSH/SFTP server on the Windoze side. I don't do much with Windoze in this respect, so I can't give you precise advice. You may be able to find an OpenSHH port package you can install, or use the commercial Secure Shell package (see http://www.ssh.com), which includes a server in its Windoze product, as I recall. Again, you set the account used to xfer the files as restricted to SFTP only, only from the Solaris server, and only able to write in one place. And use host keys so it doesn't have to login.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
Hanno P.S.IT Consultant and Infrastructure ArchitectCommented:
Why not using the Solaris box in the middle as a router between the two
network segements?
a) Make it a router (enabling at least two ethernet interfaces should do).
    Check with ndd -get /dev/ip ip_forwarding  (should be "1")
b) Add the route into network B (between Solaris and Windows boxes)
    on Linux machine:
      route add net <network> <Solaris-IP-in-net-A> 1
    Display routing table:  netstat -rn
c) Add the route into network A (between Solaris an Linux boxes) on
   Windows machine: In a DOS box enter
     route add net <network> <Solaris-IP-in-net-A> metric 1 /P
   (The "/P" makes this entry permanent).
   Display routing table: route print
Now, you can connect directly between Linux and Windows -- and vice
versa.
0
 
Hanno P.S.IT Consultant and Infrastructure ArchitectCommented:
Using SaMBa on Solaris (use version 3.x) will allow you to access files in
a shared folder/directory from Windows and Unix simultaneously. You
can also use SaMBa on Linux to share the directoy with your logfiles and
have it accessed from Windows to read the files (or share a folder on the
Win box and have SaMBa (Client) copy the files to it with a simple "cp"
command

Cheers,
JustUNIX
0
 
PsiCopCommented:
JustUNIX,

The heartburn I'd have with using the Solaris server as a router between the two nets is that it could create a significant security hole. If the Linux webserver is in a DMZ, and its deliberate that there is no direct route to the Windoze box, then setting up a router like you suggest bypasses all that security. The Asker may be in a deliberately-compartmentalized environment. I'd certainly want to limit the exposure of my Windoze box to the 'Net. If this is the case, then the dead-drop method he's seeking is the way to go.
0
 
Hanno P.S.IT Consultant and Infrastructure ArchitectCommented:
Hi PsiCop,

I understand your point, but I don't know if this is really the issue. I'd opt for the
easiest option if possible -- let's wait what Deepak says to our suggestions ...

Cheers
0
 
deepakjena_2003Author Commented:
Hi,

Actually i am new to solaris aswel as linux....

I am using...

Box A = Linux 2.4.9-e.40enterprise
Box B = Solaris 5.8
Box C =  windows2000 -Terminal Server Edition.

ssh,ftp running on box A and B.

Actually i have no rights to change the hardware configuration of these boxes...

i just wanted to use a simple script which will use secure data communication among these boxes...

JustUNIX,
thanks for suggestion, but i dont' think my security team and hardware team will allow me to do for "router" method for this script.

PsiCop ,
I can use sftp to transfer the files as i feel it's secure bcz i don't have other secure option on my boxes.

Can any body explain in detail how the data flow will happen...?

i am not sure how solaris user will fetch file from linux and put those to windows using sftp.

PsiCop,
R U talking about public key concept, if yes plz give me the details...


Thanks
Deepak
0
 
Hanno P.S.IT Consultant and Infrastructure ArchitectCommented:
you may use sftp (secure FTP9, but ssh also allows for scp (secure copy)

On your Solaris box:
scp user@linux:/path/to/file  /tmp/myfile              # get file from Linux box to Solaris box into /tmp dir
scp /tmp/myfile user@windows:\path\to\newfile   # put file onto windows box
rm /tmp/myfile                                                   # remove temp file on this box (Solaris)

If you've set up ssh server on Linux and Windows the right way you will not be asked
for password and this can be fairly easily automated (scripted)

Cheers
0
 
NukfrorCommented:
deepakjena_2003,

You can put OpenSSH onto your Windows machine using Cygwin (http://www.cygwin.com).  Cygwin on Windows is the bomb !!!  Anyone using that Unix Toolkit POOP that Microsoft puts out is just begging for a trashed system.

As to setting up OpenSSH public key authentication, there are hundreds of "How To"'s on Google.  Just Google for "openssh public key authentication" and you'll have more then enough to get it working.

If you're using the Solaris box as the middle man which its seems you are, you'll need to setup public key authentication for this Solaris machine on the Windows machine and the Linux machine.  This means you need to be very careful with the security/access configuration/profile on that Solaris server once you set this up.
0
 
deepakjena_2003Author Commented:
Hi Nukfror ,

i installed OpenSSH from http://www.cygwin.com .
i am able to get shell prompt after the installation.

Can u please guide me how to configure OpenSSH (like changing port # Etc..)

Is it secure if i open my windows box to internet.

Thanks
Deepak
0
 
NukfrorCommented:
First and foremost, letting anything from the Internet into a system should never be taken lightly.  You should really think about this before you do it.  If you do, you need to stay on top of where OpenSSH is patch wise and be sure to update your Cygwin installation quickly.  OpenSSH will come out with a patch and Cygwin is pretty good about keeping up-to-date but its not immediate.  Usually a couple of days later.

Pretty simple to setup ssh as a service under Windows.  After you've installed it, you need to run ssh-host-config and pretty much answer yes to everything.  Oh ... one note ... you need to run ssh-host-config with an administrative level account.

Once this is done, you can reboot the system and sshd will start up at boot time.  *Or* simply run:

net start "Cyginw sshd"

After this, when you run "netstat -na" you should see port 22 listening.  If you *really* want to change the ssh port number, which I don't necessarily suggest, take a look in /etc/sshd_config (obviously from your bash prompt).  You'll see "Port 22" towards the top.  Change this to whatever you want and then run:

net stop "Cygwin sshd"
net start "Cygwin sshd"

"netstat -na" should now show that port as being listened on.
0
 
deepakjena_2003Author Commented:
Hi Nukfror ,

As per your instruction when i tried to setup ssh server i got the following error...

------------------------------
$ ssh-host-config
bash: ssh-host-config:

deepak@12457intech ~
--------------------------------
user "deepak" is the administrator of this NT Box.

i couldn't see any ssh folder under /etc...
---------------------------------------
$ cd /etc

deepak@12457intech /etc
$ ls
DIR_COLORS   group     passwd       profile    setup
bash.bashrc  hosts     postinstall  protocols  skel
defaults     networks  preremove    services   termcap

deepak@12457intech /etc
-----------------------------------------


Please suggest...

Thanks
Deepak
0
 
deepakjena_2003Author Commented:
i reinstall it.....it looks working now...

i executed "ssh-host-config " command and it executed successfully.....

But when i start or stop the service it's giving error...

$ net start "Cyginw sshd"
The service name is invalid.

More help is available by typing NET HELPMSG 2185.

$ net stop "Cygwin sshd"
The service could not be controlled in its present state.

More help is available by typing NET HELPMSG 2189.


Please suggest...

Thanks
Deepak
0
 
NukfrorCommented:
You misspelled Cygwin - noticed in your start command you spelled it "Cyginw" vs "Cygwin" :)
0
 
deepakjena_2003Author Commented:
yes... i tried these also.. it didn't work out...

net stop "Cygwin sshd"
net start "Cygwin sshd"
..........................................................

am i missing something at the time of installation......

i did not select all packages because it failed 3 times to download all packages...

so i selected basic ,lib and  net package which has openssh

i only wants ssh server setup so that i can "scp" files from my central location to this "NT" Box with the help of public key authentication...

Any suggestion...

Thanks
Deepak
 
0
 
deepakjena_2003Author Commented:
Now when i tried to ssh to the box itself from
"Cygwin" shell prompt..i am not allowed to ssh....

$ ssh 192.168.30.1
deepak@192.168.30.1's password:
Permission denied, please try again.

i am also getting same error msg when tried to connect from solaris box to this NT Box...



do i have to setup any permission for any user before i connect using ssh...

0
 
NukfrorCommented:
Well, one thought comes to mind.  Is the deepak login a local account or is this a login within a NT domain ?

The logins I used in SSH are all local-to-the-box logins.

This may have something to do with it.
0
 
deepakjena_2003Author Commented:
deepak is a local account...

finally i installed openssh in NT and it's working and i am able to connect to nt box from my solaris box.

the problem i am facing now is i can't ssh/scp to nt box using public key authentication.

it's asking me password and once i provide the password i am able to connect to nt box.

i copied the content of ".ssh/id_rsa.pub" from home dir of "deepak" user(Solaris) to  ".ssh/authorized_keys" of "deepak" user in nt.


I created a local admin named "deepak" in nt.

i need silent login to nt so that i can use scp command in my script.


Public ley authentication is working for me when i use "linux" as my destination server but it fails when i use nt as destination server.


Is there any nt specific configuration required on nt ssh server to enable public key authentication ...?

Thanks
Deepak


0
 
deepakjena_2003Author Commented:
thanks a lot to every one for valuable informatioin
0
 
Hanno P.S.IT Consultant and Infrastructure ArchitectCommented:
In any case, the SSH server (sshd) must be configured to accept key authentication (interactive (user/passwd) is the default)
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 9
  • 5
  • 4
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now