When using PSTools (sysinternals) via SSH, you may notice that it stalls when you try the command. If it does this, you probably have not agreed to the license terms for each pstools command.
Solution: Log directly into the Windows computer via Console or RDP as the user you wish to SSH in as and execute each command in pstools that you need to use. You will get the license confirmation and hit accept. Once this is done, you will now be able to use the commands via SSH :)
Note: pslist is a great alternative to TOP. I have open issues with TOP command in cygwin where it only lists current user (not very useful). pslist does not have this issue.
Cheers,
-JsD
Or use the -accepteula switch that is supported by all PSTools.
Related
I have a build box, which I use to make continuous builds as well as run nightly unit tests. I'm using Jenkins to do by builds/unit test scripts, which is running on a windows box because our compiler is windows based.
One of our enterprise solutions uses Python code with rabbitmq for exchanging messages for syncing specific database tables over a faulty network. I have unit tests to help verify that updates are happening correctly.
In order to unit test the Python updates, I need to be able to stop some services running on my Linux box, then restart them after I update the python code. I setup a key exchange between my Windows box and Linux box, so that I don't have to put a password in the batch script.
When I'm remoted into the windows box, I can successfully run the batch file, which uses plink commands which rely on the key exchange and putty's pageant (which is running in the background). e.g. I use plink to execute commands on the Linux box from command line in my batch file. However, when I try to run the batch file from Jenkins, the batch file doesn't work properly because it is prompted for the SSH password when trying to run the plink commands.
I believe my current issue can be summarized by two issues, which I'm hoping can be verified and rectified:
I think Jenkins may be running as a different user or using different system credentials so it's not able to connect like the logged in user can. If this is the case, what would I need to do, to get it so that Jenkins can run the plink commands properly without being prompted for the password.
Pageant looks like it needs to get a password typed in every time the computer restarts. My research unearthed ways to put Pageant in startup, so you get prompted when you first login, but I need this to be automatic, like how I can on Linux boxes. If Windows reboots because of a Windows update, then the unit tests would fail as they won't be able to connect to the Linux server. Sure this only happens once a week, but over the course of a year it'll be very annoying.
What can I do to solve the above two issues? If there is a good alternative to putty for the automatic key exchange between Windows and Linux, I'd be interested in hearing about it (I would prefer to stay away from Cygwin with OpenSSH, but might go down this route if the above can't be rectified).
I use plink on my Windows Jenkins box to communicate with Linux on daily basis, there is no problem with it.
Like you theorized, Jenkins runs under it's own user (Windows default, I think, is SYSTEM user), which is different than your logged in session, even if you login as Administrator. Your authentication key is stored in your (Administrator or otherwise) profile directory
What you need to do is use Pageant to export your key as ppk file, then supply the path to this ppk file with plink:
plink -i "C:\path\to\id.ppk"
Looks like there is a simpler way to do what I'm trying to do, Jenkin's plugin https://wiki.jenkins-ci.org/display/JENKINS/Publish+Over+SSH+Plugin
I'm trying to edit files on a remote Amazon EC2 Linux instance. I'm currently just sshing in and using nano, but would really like a graphical text editor. I have two problems:
I have to use sudo to edit these server files when I ssh in.
I can only login with the key Amazon gave me. Ex: ssh -i Andrew.pem ec2-user#55.55.44.33
Please help! I'm not picky, just any graphical text editor since using nano is a huge pain.
For remote editing, there are lots of options here: This answer, like any other, is sure to become outdated as more options enter the field.
For vim, the netrw module meets this need, and is shipped with the editor by default.
For emacs, this is available with TRAMP.
For the ATOM editor, see the remote-files plugin.
For IntelliJ, editing files on remote hosts is supported in the commercial edition.
For Eclipse, see the Remote System Explorer from the Target Management project.
I'd suggest starting with the editor you prefer and evaluating options from there. If you set up your SSH session to be able to authenticate directly to root (password auth is best disabled for root, but if you have sudo you can install RSA keys), then you'll be able to specify root as a target user for any of the above.
By contrast, if you really do need sudo, you still have options:
See Using tramp to open files sudoed to root on the Emacs wiki. New versions also support a ssh+sudo transport, meaning this wiki entry may already be out-of-date.
To help anyone that just need a quick command line text editor:
you can use vi:
vi file-name.txt
or nano:
nano file-name.txt
optionally use sudo if editing the file, eg:
sudo nano file-name.txt
Just modify the appropriate files on your local machine and scp the file into the remote machine.
scp <local_machine_path_to_file> remoteUser#remoteHostName:<filePath>
amazon now acquire Cloud9, which is a browser-based IDE that can edit your EC2.
https://aws.amazon.com/cloud9/
Today I found two products that can use sudo, they are
MobaXterm (free version) and SmarTTY
MobaXterm has a button in the file browser that enables sudo mode. You can view, create and edit files as a sudo user. Use this switch when necessary.
Unfortunately, this only works through the SCP protocol.
SmartTTY works differently. When you try to save a file that requires sudo, SmarTTY throws an error and immediately suggests trying to save the file with sudo
Of the two products, I recommend MobaXterm.
Sudo is for root privileges for that particular command. You will need to use root privileges to edit system files. Even on a local machine. If you don't like typing sudo every time, you can type sudo -s. You will change to root user and it will show you in terminal i.e. root#ip.... The $ sign will also change to #. Honestly, I prefer not going root, because it is easier to make irreversible mistakes with root privileges. I've made some mistakes and I'm talking from experience...
As far as the second part of your question goes, you can configure various text editors to sftp into your instance such as sublime.
You will have to use the .pem key file every time you ssh using terminal. This is because AWS takes security very seriously. You can put the key file in your home directory. That way you don't have to change directories every time you open up terminal.
You can also edit a local copy of files and then use FileZilla to transfer. Setting up FileZilla to work with your EC2 instance is straightforward. You can give vim a try since it colors your code and is more advanced than nano. Use the command vi or vim from terminal.
Happy SSH'ing ;).
ssh -X user#server.
You have to make appropriate setting for forwarding.
I use SFTP Net Drive SFTP, which let you create a virtual drive on your local computer that will map the remote file system accessible via SFTP protocol. After the map is created, you can use the editor of your preference.
You can use nano, vim, vi or many others. However if you want to edit with a graphical text editor you will have to create SFTP since Amazon does not support FTP. One way is to use filezilla to upload your files. Here is a video on using filezilla https://www.youtube.com/watch?v=VawBMj29g0o I suggest SSH though. Its fast and easy here is a video on that https://www.youtube.com/watch?v=O2-3HoRjBH4
I found a weird workaround for a GUI based text editor on AWS, I used Jupyter Notebook. If you have Anaconda installed on you instance, you follow the following steps
ssh onto your instance using ssh -i <location of your private key> <username>#<public DNS>
Start jupyter notebook on your instance using jupyter notebook --no-browser --port=8888
Open a new terminal window and ssh onto your jupyter notebook using ssh -i <location of your private key> -L 8212:localhost:8888 <username>#<public DNS>
Now you can open jupyter notebook at localhost:8212
Using the jupyter notebook environment, you can not only launch and run Ipython notebooks but also create and edit any files like a text editor.
would really like a graphical text editor
You cannot have a graphic editor, you need to use any editors like nano as you said or vim,emacs. Sudo would be required when you have to edit configuration files with root as owner.
To assist others with this same question, I would suggest jEdit. It is very capable, and it has a very rich plugin environment, language parsing, etc.
http://www.jedit.org
It has "always" supported sftp read and write of files with the sshConsole plugin.
I use it now on my AWS EC2 instance with the key pair supplied by AWS.
Lastly, it is not a good idea to edit files owned by root in the "production" environment.
Do your dev work in the AWS user's home folder so that you have full control of the source files. Then use a symlink to the actual server's file tree so you can serve it to yourself for testing. There are lots of controls in nginx and apache to limit who can view your dev site.
EDIT/UPDATE:
The NppFtp plugin to Notepad++ profides sftp access to AWS. I just tested it with the .pem file that they provided for my login at AWS.
For this, i'd suggest one of:
Learn and use emacs; it's quite powerful as far as textmode editors go.
Install your favourite graphical editor on the server and use X forwarding, 'ssh -X server.com'. This will allow you to launch the editor remotely, but have it display locally.
Most elegant in my opinion, use sshfs (https://github.com/libfuse/sshfs) to mount the remote directory locally, so you can work on the files directly using your favourite text editor.
What I would do is using Putty (or other solution) on Windows to connect to a SAN switch and get results from a command with ssh.
I use Powershell as scripting language and it could be done easily but i don't want to save the password in the script.
I'm looking for a solution to use Putty from command line and set the password not stored in clear in the script.
What I thought is to launch the script with \RUNAS (through a Scheduled task) and pass the actual credentials directly to Putty. (The switch would have the same password as the account used with the Runas). Is that possible?
Or is there any solution using putty with a certificate or something like this?
You may want to consider using key authentication as opposed to a password.
People will say use a password in addition to the key, but if your alternative is storing the password on your PC in a file anyway, someone with access to your machine owns you in either case.. So you just need to generate the keys. The requirement is: no-one but you has access to that key file.
http://www.linuxproblem.org/art_9.html
I'm in the same boat, have to use Windows, but for me www.mingw.org which gives you a shell, and the basic *nix tools - extremely useful for SSH, connect to remote Linux VPS, etc.. Cygwin, of course which is similar, and has an easier tool (setup.exe if I recall) to install new apps. I actually use git-bash with is mingw with git. No-GUIs. I've found this easy to just drop to the mingw shell when I need to use ssh openssl cut awk etc..
So running any remote command using SSH from the command line without third-party programs like Putty, or those with GUIs, etc.. Using the key authentication and offing password auth completely in ssh on the remote device (at least on devices where you have control) is some additional lockdown for the remote device, especially if you're the only one need access it.
Which leaves, scheduling the script. There should be a way to do that via batch file and Windows or within the command line environment.
I'll suggest following options:
use password authentication. Store the text file with password in a file with limited access (some service account) and launch your script under this account's credentials
same as above, but instead of text file use certificate file
write a small program (C#) which uses DPAPI to store the certificate or password in service account-specific store.
combine any of the above with the use of BitLocker/EFS
No options are can protect you from an attacker having admin access to the server, but implementing them will give an increasing (in order of number) headache to someone who will be trying to break it.
The script will be a weak spot in any case, though.
This is probably not the answer you're looking for, but I wouldn't use Putty for this, and would rather communicate with the SSH server directly using SSH.NET library. It's available in both source and binary form, and you could use it from PowerShell too if you like.
Examples: http://sshnet.codeplex.com/wikipage?title=Draft%20for%20Documentation%20page.
Then you'd have a lot of options to store your login credentials securely.
I recommend setting up 2-factor authentication on the ssh machine that you have to communicate with IF you can't use key authentication.
Google's 2 factor authentication can be implemented for ssh and is relatively easy to set up as long as SE linux is disabled...if it isn't disabled, you can add an exception and that would essentially help reduce the risk of compromise and increase security.
Is it possible to use gvim to edit remote Linux files if I am running Windows?
To elaborate, I would like to connect to the Linux server via Putty and then use my local gvim instance to edit the files on the server -- Is this possible?
It seems x11 forwarding (via xming?) might be the solution but I cannot get it to work.
The remote server runs Debian; my local machine is Win7
This should fix you up:
let g:netrw_cygwin = 0
let g:netrw_ssh_cmd = '"C:\Program Files\PuTTY\plink.exe" -batch -T -ssh'
let g:netrw_scp_cmd = '"C:\Program Files\PuTTY\pscp.exe" -batch -q -scp'
let g:netrw_sftp_cmd = '"C:\Program Files\PuTTY\pscp.exe" -batch -q -sftp'
See :help netrw-putty (and lots of scrolling around in that documentation page).
You don't say what protocol you're using to access the files via putty, but odds are that winscp will support what you want. Check out http://winscp.net
Personally, when I need to do this; I open up a local gvim (A little speedier; I have had issues with x11 forwarding over WAN) and do
:e ftp://<username>#<server>:/<fileToEditRemotePath>
You will have to authenticate each time; but works fine for quick edits. On linux; you can use scp rather than ftp; but I'm not sure how to setup the putty forward for that...(Most likely the netrw-putty answer above takes that into consideration, hence I am up voting it)
An officemate of mine used something like this a while back, but I've never tried it. I prefer to just ssh to the machine in question and fire up vim.
Have you seen this page? It seems to be what you're looking for.
I currently have a script that ssh's into another server and runs a command. When the ssh command runs though in prompts if I would like to connect (yes/no) and for the password. Is there a way that when the ssh call is made that I could automatically supply the input for the prompt?
Also, I do realize that using a public key with the ssh command would resolve this issue, but I do not have permission to create a public key.
Don Libes created Expect exactly so you could program tools that need to interact with prompts. I've even used it with modems! It's a very old tool but very effective, and it deserves to be more widely known.
The only downside is that it uses Tcl, which is not my favorite programming language. But to learn enough Tcl to make simple expect scripts won't take you more than an hour. And Expect is really the perfect tool for the job.
can you download and install external tools? if you can try, try sshpass. I have not tried, but you can give it a go.