|
issue commands to linux box from windows?
i have samba successfully networking 2 windows boxes and a linux box
i was wondering if there was a way to use my windows box to login and issue commands to the linux box via the samba network i have checked the openssh page, but there is no ssh for windows, but rather cygwin; is there a way to do this without cygwin? also, is it possible to login to a windows machine from linux and perform a shutdown remotely? |
My windows program of choice to ssh into Linux/Unix boxes is 'Putty'. It is a lightweight application, that does not require any changes to the registry, fits on a floppy, and it is free. Not bad in my book.
http://www.chiark.greenend.org.uk/~sgtatham/putty/ If you are looking for a Microsoft solution, the new version of Windows Services for UNIX that is now available for free, but I have been told it is a huge program. It can be found at: http://www.microsoft.com/windows/sfu...ds/default.asp |
very awesome!
i'll give putty a go; as for the microsoft stuff, i definitely wouldn't mind using it if it wasn't 220 freaking megs large! what could be contained it it that makes it that large? i'll have to give that a go one day, too also, i actually have found that there is a sourceforge openssh project for windows http://sshwindows.sourceforge.net/ now i just need a way to give commands to windows from linux (if that's possible) |
It seems that the sshwindows project that you mentioned includes a ssh daemon. So in theory you should be able to ssh to a windows box that is running this application. I would try it, but I do not have a windows box with me at the moment to try connecting to. But if it does what I think it should, it might be the answer to the remaining part of your needs.
I agree 220 MB is awfully large. It seems to me that it was not that long ago when that would be bloated for a full fledged OS with your most commonly used applications thrown in for good measure... yet so it goes. |
Something you may not have noticed about puTTY is that you can log in to mulitple machines with multiple protocols at the same time. Very handy for managing two or more boxes at the same time. Remember that you may want to disable remote root login too, though
|
SecureCRT is great. Multiple logins and interface is really nice.
|
SecureCRT is a nice product, but the cost of nearly $100 for a license is a little steep in my book for a program that allows you to create secure shell connection. When it came time outfit the 20 windows boxes at my site, I took a long hard look at SecureCRT, but I simply could not justify the cost for my needs. They offer a discount rate of $85 each for 20 licenses, but I had a lot of other use for my $1700.
Another option if you are feeling wealthy is Hummingbirds's Exeed: http://www.hummingbird.com/products/...eed/index.html I have not checked on the price as of late, but if I recall correctly they used to want about $400 a pop, but they have a nice demo that you can take for a spin if you like. But for now my group will continue to use Putty and Cygwin. |
You can simply use the Windows Telnet server and telnet into the Windows machine and use it that way.
You need to disable NTLM for it to work from a Linux machine though. But that is a simple registry edit. |
Yes, the telnet can work both ways (linux -> windows, and windows -> linux ), but I am one of many people who refuse to run telent on my boxes, because I do not want to send information such as system account names and password across the wire in plain text.
|
Quote:
Security is a myth |
Just because something can be done, does not mean that you need to make things as easy as possible. There has never been a vault that can not be broken into, most of them can be broken into in a very short time, but I have not found a bank that has opted to keep their cash in a laundry hamper, just because vaults are so easy to hack.
|
There is no difference between pulling in an SSH and a telnet password from the LAN.
Why bother jumping through hoops since you are screwed either way? If there is a compromised machine on your network, any protocol is going to be insecure. I would go so far to say that SSH is no more secure than telnet. The only difference is that with telnet is that it is much easier to see the commands that the remote user is executing than with SSH, but if they already have your password and user name, it doesn't matter, since you are already compromised. The only thing that you could do in SSH (and not telnet) to add security is to login as a normal user and then use "su" to switch to the root user. Since commands in SSH are encrypted, it will make it harder to see the root password. However, they still can grab your normal user name and password, login, and use a root kit, so it still won't completely protect you. The only way to be completely secure is to not login remotely at all. |
SSH has another major advantage over telnet (well, lots of them, actually :) ), which we may be forgetting: public key authentication.
Once you have this set up, you can configure SSH to accept logins only with public keys - something I'm currently working on with my main Linux PC upstairs. If it's a choice between sending a username and password in clear text to log in, or using a 2048-bit key pair which you'd need a Cray supercomputer running for years to crack, I think I know what I'd prefer. (Doesn't SSH encrypt the username and password transaction? I could be wrong.) Of course, if there's a compromised box on your LAN, your network security is toast anyway. But frankly, that's not a good enough reason for me not to use an encrypted remote login method in favour of a wide-open one, especially if there is no compromised box on my LAN. (AFAIK...) Not to mention the other fringe benefits of SSH - automatic X forwarding, tunnelling, data compression, secure copy/file transfer, making the tea, etc... My tuppence-worth. Tim |
You are right, SSH does encrypt the username and password. And you make a good point about the extra functions that are available in SSH can really make a big difference in day to day usability, especially if you have more than a handful of systems to deal with.
Plus many recent distributions default to running an ssh daemon and not running run for telnet (which I think is a good idea). |
Encrypted or not, the username and password for an SSH session can still easily be sniffed.
|
| All times are GMT -5. The time now is 09:46 PM. |