On 2020-04-08 13:58, David Rothenberger wrote:
On 4/8/2020 1:50 PM, Kaz Kylheku via Cygwin wrote:
On 2020-04-04 11:58, Åke Rehnman via Cygwin wrote:
I have a major use case for Cygwin for providing remote access
to Windows. Using a non-Cygwin utility called "RunAsService.EXE",
I turned a Cygwin Bash script into a Windows service. This Bash
script loops around and makes a SSH connection to a host
in a domain that I control, setting up a tunnel for port 3389
(RDP). From that domain, I can then remote desktop into the
Windows system. Basically I can deploy this solution on any
Windows machine on any network where outbound SSH is allowed, and
have remote access to it.
You might want to look at the "autossh" Cygwin package. It handles
exactly this use case and can be registered as a Windows service
without any non-Cygwin utilities.
Hi David, thanks for bringing this to my attention.
That seems to use something called cygrunsrv, which is
what I should have used for that script (and will be sure
to do upon the next opportunity of using it again).
Just look at
/usr/share/doc/autossh/README.Cygwin
after you install the package for details about the service.
I've been using this for years for the purpose you've described and
it's been working great.
I'm reading the documentation and basically my 25
line script has all the features, including exponential
backoff for restarting a failed connection.
I'm not terribly in favor of formal packages that can be
replaced by a shell scripts that fit into an 80x25 window.
Here it is:
#!/bin/bash
PATH=/bin:/usr/bin
THISDIR=/cygdrive/C/Cygwin/.ssh
DEST=xxxx@xxxx
sleep_exp=0
while true ; do
time_before=$(date +%s)
ssh -i $THISDIR/id_rsa -vv -R :3389:127.0.0.2:3389 \
-o UserKnownHostsFile=$THISDIR/known_hosts \
-o PasswordAuthentication=no \
-o ServerAliveInterval=60 \
-o ServerAliveCountMax=3 \
$DEST rdp 2> /.ssh/log
time_now=$(date +%s)
if [ $(( time_now - time_before )) -le 600 ] ; then
sleep_exp=$(( sleep_exp >= 9 ? sleep_exp : sleep_exp + 1 ))
else
sleep_exp=0
fi
sleep $(( ((1 << sleep_exp) + 15) / 16 ))
done
Why do we execute a command called "rdp" on the remote host?
Because the home directory of the account that is used has
the following shell script as its login shell:
#!/bin/bash
if [ $# -ne 2 ] || [ "$1" != "-c" ] ; then
echo interactive login not permitted
echo "$@" >> ~/.log
exit 1
fi
case "$2" in
rdp )
while true ; do sleep 3600 ; done
;;
* )
echo that command is not allowed
exit 1
;;
esac
This is necessary because the Windows machine has a password-unprotected
private key that it uses to log in to this. The service automatically
starts if the Windows is rebooted, without requiring any password.
Anyone with access to the Windows machine (such as an IT admin)
who finds this stuff could use that key to SSH to that account on
that host.
--
Problem reports: https://cygwin.com/problems.html
FAQ: https://cygwin.com/faq/
Documentation: https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
