Monday, August 25, 2008

Shell access to Vista from Linux

Yep, you read that right, I'm going to ssh into a Windows command prompt from Linux box. The first question to answer is, "why on earth would anyone want to do that?" to which my reply is that I wanted to be able to be able to remotely access Elrond, my media box, since it's an always-on machine. I might want to download something directly from it, check what files are there, move them around, etc. My initial thought was to do all of this from Linux, and then just use the default shares (e.g., \\elrond\c$, etc.) to move files, but I ran into trouble accessing default shares from Linux, and it's much more powerful to have command-line access, especially since I've been learning some VBScript lately. Not content with (and not too familiar with) using only the native Windows Shell command-line utilities, I of course installed Cygwin first, and added "c:\cygwin\bin;" to the Path environment variable (put it right after "%systemroot%\system32;"--not before!). Presto! Instant access to all of the Linux utilities and programs that I'm used to. See? This is much better than just Samba/CIFS mounts. The next task was to get an SSH server. My requirements were:
  1. Free
  2. Runs on Vista as a daemon (I don't have to be logged in).
  3. Easy to configure
(Open source would be nice, but it's not a must on Windows.) This article was helpful in rounding up the canidates. My choice was freeSSHd. I tested the server by logging in from my laptop using PuTTY. It worked great, but when I tried to ssh from a Linux box, I got:
$ ssh elrond ssh: elrond: Name or service not known
Oh, yeah, that's right. I use DHCP for my windows boxes, so they're not in the hosts file, and DNS doesn't resolve Windows names not in a domain. Sure, it works if I use the IP address, but using that over time would work havoc on my known_hosts file, and given the nature of DHCP, it's bound to bite me in the butt sooner or later. But Samba can find them, so there must be a way. It took me about a minute (and some bash-completion) to remember the proper command:
$ nmblookup elrond querying elrond on 192.168.5.255 192.168.5.143 elrond<00>
I thought about setting up a script that would parse out the IP address with egrep and then pass it along to the ssh command, but I like a nice clean known_hosts file. There had to be a way to log on to the host by name, so I turned to the Internet. It turns out that the solution is called WINS. Using it requires that "wins" be in the hosts line of nsswitch.conf, like this:
hosts: files dns wins
It also (at least on Gentoo) requires that Samba be compiled with WINBIND support (which is not WINS). This was a rather non-intuitive step, and I have my ignorance to thank for trying WINBIND support in the first place. Okay, at this point I have it all up-and-running!
tim@athena ~ $ ssh elrond tim@elrond's password: Permission denied, please try again. tim@elrond's password: Permission denied, please try again. tim@elrond's password: Received disconnect from 192.168.5.143: 2: Too many attempts.
Wait, what? This worked before! "ssh Tim@elrond" didn't work, and neither did "ssh 192.168.5.142". The server is up and responding. I was using the right password, but something else was wrong. After a little bit of poking around on freeSSHd's website (the forums are, thankfully, rather sparse) I was able to find this, which it turns out is also linked directly from their homepage. Apparently it's a common problem. When running freeSSHd as a service, you have to configure it in "elevated mode"--even if your account is an administrator, that is, you have to explicitly launch the configuration program with elevated privileges, or else you won't be altering the settings for the system, just for the logged-on user. That's why it worked when I had tested it before (my first clue should have been that when I launched the configuration program, I had to stop the service to keep it from saying it was already running. Another problem I ran into was this:
$ ssh elrond Tim@elrond's password: No console window found! Unable to emulate VT100 terminal. Unable to execute command or shell on remote system: Failed to Execute process. Connection to elrond closed.
Basically, I can log in, but it won't give me a terminal. It fails, and kicks me out. The solution was on the forums:
Problem already reported. Disable "use new console engine" until we find a solution.
So I did that, and now it finally works. Update: see comment(s).

3 comments:

  1. Update: "works" turns out to be a relative term. It turns out that freeSSHd has not been updated to accommodate changes in the way that services work as of W2k3 and Vista, and so it's much less useful than one might think. If the functionality that exists when running it as a system service was equivalent to that of running it as a user process, I would have no complaints (and, on Windows 2000, that's what I'm using), but on Vista it's completely unusable.

    This may have to do with the fact that in Win2k, I'm using the built-in Administrator account, and in Vista I'm not (that account isn't even set up).

    I ended up just running ssh-host-config in Cygwin and setting up its OpenSSH as a service. This, as of yet, is not the perfect solution, because I'm running into permissions problems, which is probably fixable assuming I can set the permissions so that logging in as a Cygwin user (or at least as my user) gives the bash shell equivalent access as the user in question. For now, it seems to have the rights of the service account (which may make the fix as simple as running as my user, or adding admin privileges to the service account).

    ReplyDelete
  2. One thing to note. FreeSSHd installs a service that causes the VT100 error. I installed cygwin and kept getting the same error. It wasn't until I uninstalled FreeSSHd that the cygwin ssh server worked.

    For quick instructions on installing cygwin's ssh server on vista, see http://pigtail.net/LRP/printsrv/vista-cygwin.txt.

    Also to note, I disabled "use new console engine" in FreeSSHd and I kept getting the same error. Hence my installing cygwin's ssh server.

    ReplyDelete
  3. I have yet to find a usable sshd solution (for win2k at least.) Anyone have other solutions? I did find a win2k cron solution today: cron-z

    ReplyDelete