How Can I Securely Execute Script on Remote Windows Host? - SSH

This is a discussion on How Can I Securely Execute Script on Remote Windows Host? - SSH ; What are the most secure options to allow a command line script written on machine A to synchronously execute another command line script written on machine B, wait on response, and retrieve return code at the end of execution. Assume ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: How Can I Securely Execute Script on Remote Windows Host?

  1. How Can I Securely Execute Script on Remote Windows Host?

    What are the most secure options to allow a command line script written on
    machine A to synchronously execute another command line script written on
    machine B, wait on response, and retrieve return code at the end of
    execution. Assume client machine A is UNIX and server machine B is
    Windows.

    I need some basic encryption around the initial authentication of the client
    user to the server, but could live without encryption for the rest of the
    connection. Some authentication of the machines involved in the
    conversation independent of user authentication (similar to SSH) would be
    nice. Some ability to limit the programs that can be executed on the
    target to a group of programs that have been registered in advance would be
    nice.

    Microsoft does have solutions like WShell and WMT, but they are based on
    port 135 and DCOM. We aren't willing to open up those ports through the
    firewall because too many other services get exposed on the target system
    with those ports available.

    There are plenty of REXEC daemons for Windows, but these appear to be
    trivially written and offer no encryption to protect password traversal over
    the TCP connection, no machine authentication, and do nothing to stop
    execution of any arbitrary EXE on the target computer.

    SSH implementations certainly cover the authentication requirements, but I
    don't find a straightforward way to do a synchronous execution of a remote
    EXE through the SSH pipe. I do not want to login to a remote shell and do
    things manually there. I want to launch an EXE from within a client-side
    script and get a return code from one command in the script that will tell
    me how the program ran on the remote host after it has finished running.

    A user on another newsgroup suggested that SSH can be set up to
    invoke an executable on a remote host, then capture the return code to the
    calling computer.

    What options do I have?

    --
    Will



  2. Re: How Can I Securely Execute Script on Remote Windows Host?

    On 16 Sep, 05:38, "Will" wrote:
    > What are the most secure options to allow a command line script written on
    > machine A to synchronously execute another command line script written on
    > machine B, wait on response, and retrieve return code at the end of
    > execution. Assume client machine A is UNIX and server machine B is
    > Windows.


    If the command line script on machine B can be well defined, take a
    good look at NRPE. It's a plug-in for Nagios targets that executes
    arbitrary scripts and responds in a reasonably well thought out way
    for low risk operations, such as "du" commands or mysql queries.

    SSH has an issue in that its operations are tough to limit to only a
    few commands. There are ways involving the use of SSH keys with
    defined operations permitted. on the target, which are used for ssh
    +svnserve setups. But that SSH client account is tough to keep in a
    specific target directory, without allowing access to the rest of the
    filesystem.

    What kind of "command line script" do you want to run? Arbitrary ones?
    Then SSH might work well, but with the automatic security risks of
    providing shell access on the target host. For better defined ones
    where you don't worry about the result, you can use NRPE or even a
    webserver that responds with an output code to a specific query.


+ Reply to Thread