Re: How Can I Securely Execute Script on Remote Windows Host?

In article <wvCdnfMHscInlHfbnZ2dnUVZ_sOrnZ2d@xxxxxxxxxxxx>,
"Will" <westes-usc@xxxxxxxxxxxxxx> writes:
What are the most secure options to allow a command line script written on
machine A to synchronously execute another command line script written on
machine B, wait on response, and retrieve return code at the end of
execution. Assume client is UNIX and server is Windows.

I need some basic encryption around the initial authentication of the client
user to the server, but could live without encryption for the rest of the
connection. Some authentication of the machines involved in the
conversation independent of user authentication (similar to SSH) would be
nice. Some ability to limit the programs that can be executed on the
target to a group of programs that have been registered in advance would be
nice.

Microsoft does have solutions like WShell and WMT, but they are based on
port 135 and DCOM. We aren't willing to open up those ports through the
firewall because too many other services get exposed on the target system
with those ports available.

There are plenty of REXEC daemons for Windows, but these appear to be
trivially written and offer no encryption to protect password traversal over
the TCP connection, no machine authentication, and do nothing to stop
execution of any arbitrary EXE on the target computer.

SSH implementations certainly cover the authentication requirements, but I
don't find a straightforward way to do a synchronous execution of a remote
EXE through the SSH pipe. I do not want to login to a remote shell and do
things manually there. I want to launch an EXE from within a client-side
script and get a return code from one command in the script that will tell
me how the program ran on the remote host after it has finished running.

What options do I have?

I'd suggest two things: (1) that you recheck the authentication
options under SSH - there is an option available for, ahh,
"machine authentication"; (2) check out vpn, which tunnels a
secure virtual network between 2 or more machines over an
insecure medium.

Of the two options, SSH is probably the easier, vpn the more
"elegant" solution.

HTH,

Bob Melson

--
Robert G. Melson | Rio Grande MicroSolutions | El Paso, Texas
-----
"People unfit for freedom---who cannot do much with it---are
hungry for power." ---Eric Hoffer

.

Relevant Pages

  • Re: How Can I Securely Execute Script on Remote Windows Host?
    ... EXE through the SSH pipe. ... I do not want to login to a remote shell and do ... script and get a return code from one command in the script that will tell ... do authentication without needing a manual login. ...
    (comp.unix.admin)
  • Re: vnc trough ssh
    ... Even if both end are in windows, this script will help me to do vnc ... tunnel, ... do you know what is to be done for authentication? ... the ssh server to ssh client for the ssh connection worked? ...
    (comp.security.ssh)
  • Re: Using ssh through cgi
    ... > How do you expect authentication to happen, since now ssh is not connected ... work even if I send a command to the shell that executes a script that ... goes off and performs the remote operation? ...
    (comp.security.ssh)
  • Re: MATLAB Code for a stop process button which ex
    ... especially in the while loop(for each script command starting in the ... % varargin command line arguments to stop_button ... % line_num is the order of execution. ... msgno = msgno+1; ...
    (comp.soft-sys.matlab)
  • Re: CGI Scripts
    ... the URL to have "Scripts and Executables" execution permission, ... script by their respective script engines, and all URLs that are .COM, .EXE, ... If you make a request to the CGI script and you get the download dialog, ...
    (microsoft.public.inetserver.iis.security)