This is my situation:
I have a linux server/media center with a windows client.
My goal is to remote control rhythmbox amongst other things.
I've done this using plink (windows based cli ssh toy).
The problem is that starting up an ssh session logging in and sending a command is understandably slow as hell. When I had a windows server I used a tool called psexec which was almost instantaneous.
Is there any way to speed this process up? Either somehow sending the commands with the login request which should show some improvement. Or by maintaining a persistent ssh connection which I can use. (plink dcs at the end of the command).
More info: On my windows machine I'm using a bat like:
plink -ssh -l username -pw pass myipaddress "/home/username/bin/skip"
On my linux machine the skip bash file is something like:
//needed to get around a x11 error caused by controlling rhythmbox over sshif its an ssh connection copy the dbusaddressfirhythmbox-client --next //the cli wrapper for rhythmbox
Further Research:
The only way to go seems to keep an ssh connection open/maintained as a service. This seems doable as there is a demand due to setting up ssh tunnels (to bypass firewalls). From there I'd need a way to send the command line commands to this existing connection or reuse that connection.
The other option is of course to NOT use ssh. Hell I already have a connection through samba file shares and there is no lag there. I bet I could put a service linux side that checks for a modified file. Then have an ap client side that modifies said file. Amazingly hacky but so far it seems like the best option. And by best I mean the only one that cuts control lag. There has got to be a better way than this, I can't be the only nerd using linux as a media-center that wants remote controls. This kind of moves the topic from stackoverflow to superuser but that's ok.
You could user an SSL certificate to get rid of the login part. Alternatively, build yourself a small HTTP server which uses an "exotic" port for controlling your media player (amarok, btw, has one build-in)
Switching to something like mpd will bypass the ssh issue, although I give no guarantee that changing tracks will be any faster.
If anyone is curious, I ended up implementing an http based server with php to execute commands server side. And client side I used curl.exe to allow me to have nice click-able buttons without the overhead of a web-browser.
Also nice since it allowed me to implement an in browser UI which is great to use from any machine with internet, ones that don't have ssh installed. And works wonderfully from my phone as a remote control (which I can use from a country away if I so chose...)
Related
I am currently using windows telnet to submit files to the OpenVMS queue via a series of sendkeys/application waits through VBA. It works, up until the end-user shifts focus away from the telnet window. I would prefer to issue the SUBMITs using an FTP session, where I can script the commands into a batch file and shoot it across FTP. I was able to do something similar with IBM mainframes - through the quote site FTP command - setting the filetype=jes, followed by a JCL file that would be dropped into the work queue for immediate execution. I can't seem to find anything on the internet related to FTP, openVMS, and submit. I have tried using Quote submit/que=... but it does not recognize the command. (Submit works fine under telnet).
Maybe you can use Remote Shell Protocol (RSH) to execute a command in a remote node
You would need a rsh client on windows:
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/rsh.mspx?mfr=true
And also enable RSH service on VMS via TCPIP$CONFIG
(See OpenVMS documentation http://h71000.www7.hp.com/doc/index.html)
This works best with a VMS username dedicated to processing inbound FTP files. If you put in the LOGIN.COM for that username to detect it's a network connection and submit a batch job to look for the expected file, get exclusive access to it with retries (the FTP is done), and then process the file - That has worked for me.
The other option is to put a security ACL on the directory and make an audit listener - it will get file creates via a mailbox message. Then it can do similar: get exclusive access to the file being created and then process it.
I'm currently in a situation where I receive flat files via FTP from my clients. A couple of clients have insisted on the need to use SSH Private Key SFTP rather than regular FTP.
What I want to do is setup a web server (preferably in linux/unix but I guess I can do it on a windows server and purchase SFTP server software) that will do the following:
Allow me to setup an SFTP directory for each client with unique user/pass. Each directory also has to have the public/private key SSH "stuff" I'm a little new to this but I've googled it.
Once the file is completely uploaded by the client, I want to kick off an event that ftp's that file via regular FTP to my Windows cloud.
These files can be up to 10mb so the even that ftp's to the other server can't fire until the file is completely uploaded.
Has anyone set something like this up? Any guidance would be appreciated.
Thanks!
In Linux, you can use incron to monitor the directory the files will be SFTP'd to and have it trigger your ftp job. It's kind of like cron except that instead of triggering jobs based on time, it does so based on filesystem modifications. In order to only trigger once the entire file has been written, I think you can use IN_CLOSE_WRITE in the inotify mask. Failing this, I suggest configuring events for each of the events individually to echo a message to a log file and see if you can identify one which reliably happens only at the end of the SFTP transfer.
If you're using RedHat, it's not in the standard distribution, but it is in EPEL.
On Windows you could use Titan FTP Server Enterprise Edition, which supports SFTP as well as allows you to define various types of events. When the event is triggered, you could kick off anything you need on a per folder/per account basis.
PS. AFAIK, when it comes to SFTP it is either password authentication or public key authentication (SSH key), but not both.
In your UNIX server, you can configure SSH to use a custom sftp server that instead of handling SFTP protocol itself, opens a new SSH connection to to the Windows SFTP server using password authentication and forwards the SFTP traffic there.
Writting the proxy is easy with the right tools, for instance, in Perl using the Net::OpenSSH module:
#!/usr/bin/perl
# this is the sftp-proxy-server
use Net::OpenSSH;
my $ssh = Net::OpenSSH->new($windows_server, $user, $passwd);
$ssh->system({ssh_opts => '-s'}, 'sftp');
$ssh->error and die $ssh->error;
You can instruct the SSH server to use that alternative SFTP server changing the configuration in /etc/ssh/sshd_config. For instance:
Subsystem sftp /usr/local/bin/sftp-proxy-server
Did you try apache FTP Serveur ?
I think you can do what you need with the ftplet API.
see :
http://mina.apache.org/ftpserver-project/index.html
is there a way of how to connect to mysql dbf on a remote server and run sql queries using windows command line?
Yes, you can connect to a different host by running mysql -h 123.45.67.89.
Please note that there are a few security implications:
You will have to grant yourself access. You will need to run something like GRANT ALL on db_name.table TO user#your_ip IDENTIFIED BY 'password'. db_name, table and your_ip can be * but beware of opening your server to hackers.
You will have to open your server's firewall if you are not on the same LAN. Again, ymmv and you should be aware not to open the door to exploits.
You may want to use SSL and use secure-auth in order to protect your traffic and credentials.
Hope that helps.
MySQL has a command-line client, where you can run queries. If you don't want to allow remote connections to the database on the server, you can still script things into a batch. There are command-line telnet/ssh clients, that either accept external file as a list of commands to run remotely, or you can pass it with the input stream redirection (less then symbol) to them.
When opening a connection to server - most clients are programmed so that the only way to specify the login password is by typing it in from keyboard (yeah, they don't use default input stream). Things like that make it hard to script it. However, it may be possible to set up a certificate based login on SSH - you'd actually have to research that.
If the server that's hosting the MySQL database is also a web server - you could also think about putting some script (PHP, Perl, Python, Ruby - whatever you like) on the password protected area, that would allow you to execute queries by simply making a HTTP(S) queries on that script. Although, Windows doesn't have a command-line HTTP(S) client, you can always get something like wget.exe and perform queries with it. Note, that if you choose this approach - I strongly advice to put that script under HTTPS - if discovered by malicious user, it could be lethal to your data.
You could use telnet, or SSH if you want to be more secure.
If the MySQL is running on Linux or BSD, you need a Telnet or SSH connection through something like putty
This will open a command line on the remote server. The command is mysql. There will be issues around authentication of remote users (as you would expect).
If the remote server is running Windows, you have a whole different set of issues.
I'm not sure you can connect to a remote Windows server and control it this way.
I should say I'm not sure HOW you could connect to a remote Windows server and use it this way. But no doubt it's possible.
I have a shell script on a Unix box which when executed sets the DISPLAY variable dynamicaly to the clients ip address and if the client has some sort of x windows up and running then it launches say a program ike xcalc.
I would want the shell script to launch the x windows say like exceed session on the winodws client when the shell script is executed is this possible if so how ?
regards
Edwards
The general answer to that is "no, not unless you explicitly enable it."
Think about this in a general sense. Your questions is "Is my PC security so weak that external computers can connect in start programs on it, without a password or certificate?"
Clearly this effectively would mean that your PC had zero security. So for your sake, I sincerely hope that the answer to your question is "No".
If in your case the answer is "Yes", then perhaps it's time to abandon Windows 98?
This might be something worth asking on ServerFault too, since it's somewhat of a gray area between programming and system administration.
Are clients logged in via a shell to the server? Rather than setting the DISPLAY variable to their IP address, I highly recommend using SSH and some sort of client (openssh on Linux, PuTTY on Windows) that will automagically set the DISPLAY variable when you login.
The procedure would look like this:
Start an X server the client (eXceed, Xorg, etc)
Use PuTTY/SSH to login to the server with X11 forwarding turned on (-X for openssh, Connection | SSH | X11 for PuTTY)
Start the X11 program
The nice thing about this setup is that it's easy to tell if the client has an X server running - the DISPLAY variable will be set if so, but unset if not.
You say that you want to start a session on the Windows client when they login - do you want to see, for example, a login similar to what you would see if you were at the machine? In that case, you might want to use XDMCP.
I know it is not strictly a programmer question, on the other hand, I would really like to be able to do a simple svn up on the production servers, which would save us a lot of hassle.
Or production servers are within a corporate network, and access is only allowed through a gateway server. From that we can access the actual servers via Remote Desktop. Because of this maintenance unfriendly setup we use a sftp server to get our files to the production server (where the ftp server alwys resets last modified date), so it is complicated to determine which files have changed.
So if it would be possible to setup a ssh tunnel from the actual server through the citrix connection, it would ease the whole update process.
(On further option which I consider is to use bazaar to push our updates to the sftp server and then pull the updates from there, but unfortunately there is no working svn plugin for bazaar available [on windows])
Okay, not wanting this to remain unsolved, I posted the following on the usenet in alt.os.citrix:
G'day everyone
Someone asked me this question. I haven't a clue. Any ideas?
"the connection I have is PC -> Citrix Access Gateway -> actual Server. My question is, if it is possible to establish a ssh connection from my PC to the actual Server."
The response I got from a Catherine Jefferson was:
Should be. I do this all the time using an Access Gateway VPN, then ssh to servers inside the company LAN.
What version of the Access Gateway is this user running? I work for Citrix, might be able to get a more specific answer for him or her.
So may I suggest you hook into alt.os.citrix (probably via Google Groups if you don't have an NNTP tool) and buy into the conversation.
--Bruce
I do this a lot. The tunnel is like:
ssh -nvCXAN -L 1494:10.0.2.39:1494 www.starshipping.com &
Then, you need an ICA file that points to localhost.
[WFClient]
Version=2
[ApplicationServers]
Connection To Citrix Server=
[Connection To Citrix Server]
WinStationDriver=ICA 3.0
TransportDriver=TCP/IP
ClientAudio=Off
DesiredColor=8
Username=yourusername
Domain=yourdomain
Password=xxxxxxxxx ; has to be encrypted. I pulled from another ICA file generated internally
ScreenPercent=97
TWIMode=OFF
Address=localhost
This all worked very fine on OSX until Citrix gave out a new version of the Citrix client which is now called the Citrix Online Plugin. Haven't been able to get it to work since then. Meanwhile, our VPN has been working fine, so haven't worried too much about it.
Citrix over SSH, How to Create a Key Pair for SSH Authentication Using PuTTYgen, Terminals. It seems that the answers are "out there" but not readily found. That was just five minutes in Google. HTH.