Remote Control Linux Client in Deployment Server, Part 2

Remote SSH within the Deployment Console

Purpose:

This article will go over steps to enable ssh through a right click event. With the adlagent installed on the linux servers running OpenSSH server. The deployment server will store the inventory of the linux machines and hold information like IP address, DNS, and hostname. Once this is setup it will allow anyone in an organization to be able to enable and use ssh without knowledge and how or where to get to the server.

Definitions:

What is OpenSSH - Short for Open Secure Shell, OpenSSH is a free suite of tools (similar to the SSH connectivity tools) that help secure your network connections. OpenSSH encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking and other network-level attacks.

The OpenSSH suite includes the ssh program that replaces rlogin and telnet, and scp which replaces rcp and ftp. OpenSSH has also added sftp and sftp-server which implement an easier solution for file-transfer. OpenSSH comes in two downloadable distributions: the native OpenBSD distribution and the multi-platform portable distribution. OpenSSH is developed by the OpenBSD Project.

What is putty - PuTTY is a client program for the SSH, Telnet and Rlogin network protocols.

These protocols are all used to run a remote session on a computer, over a network. PuTTY implements the client end of that session: the end at which the session is displayed, rather than the end at which it runs.

In really simple terms: you run PuTTY on a Windows machine, and tell it to connect to (for example) a Unix machine. PuTTY opens a window. Then, anything you type into that window is sent straight to the Unix machine, and everything the Unix machine sends back is displayed in the window. So you can work on the Unix machine as if you were sitting at its console, while actually sitting somewhere else.

PuTTY is a free terminal program.it supports telnet and SSH (protocols 1 and 2), and it also supports the use of SSH keys (RSA and DSA) for authentication. There are several tools that work together with PuTTY, for instance:

• An agent, Pageant, for storing your keys and allowing easy authentication.
• A secure copy client, PSCP, for securely copying files between hosts on a network.
• A secure ftp client, PSFTP.

What is plink - Plink (PuTTY Link) is a command-line connection tool similar to UNIX ssh. It is mostly used for automated operations, such as making CVS access a repository on a remote server.

Plink is probably not what you want if you want to run an interactive session in a console window.

USING PUTTY in Deployment Server:

below are the command line variables I am using in this article.

-load ( is used to load a saved session in the putty GUI )

-ssh ( is used to specify ssh session)

-telnet ( is used to specify telnet session)

-rlogin (is used to specify a rlogin session)

-raw ( is used to specify raw sessions)

-serial ( is used to specify serial connections. This is mainly used for hyper-term sessions with switches and routers)

-l username ( to specify the user account for authentication – storing usernames can open a system up to security issues)

-P password( is used to specify port if the default is not used for the protocol. Storing passwords in files will open up security holes to your servers. I don't recommend saving those to clear text files. Use at your own risk.)

-i key ( is used to specify private key for authentication)

How to Add SSH to Deployment Console.

1. download putty.exe (just the executable and not the installer) and save it to the root of the drive (for ease of use) or any specified location.
2. Browse to the remoteControlTools.ini file in the express share. Edit the file and make sure it reflects the information below. (warning storing information in the RemoteControlTools.ini is in clear text. So passwords and usernames are readable to anyone who can get to the file.)
3. Close the console if it was open and reopen the console.
4. You should now have a right click option for remote control called "SSH"

[Remote Desktop]
Display-Name=&Remote Desktop
RemoteToolEXEFilePath=mstsc.exe
CommandLine=/v:"%COMPNAME%"

[SSH]
Display-Name=&SSH
RemoteToolEXEFilePath=e:\putty.exe
CommandLine=-ssh "%AGENTIPADDR%"

HOW TO DO X11 Forwarding:

The SSH protocol has the ability to securely forward X Window System applications over your encrypted SSH connection, so that you can run an application on the SSH server machine and have it put its windows up on your local machine without sending any X network traffic in the clear.

In order to use this feature, you will need an X display server for your Windows machine, such as X-Win32 or Exceed. This will probably install itself as display number 0 on your local machine; if it doesn't, the manual for the X server should tell you what it does do.

You should then tick the "Enable X11 forwarding" box in the Tunnels panel (see section 4.17.1) before starting your SSH session. The "X display location" box reads localhost:0 by default, which is the usual display location where your X server will be installed. If that needs changing, then change it.

Now you should be able to log in to the SSH server as normal. To check that X forwarding has been successfully negotiated during connection startup, you can check the PuTTY Event Log (see section 3.1.3.1). It should say something like this:

2001-12-05 17:22:01 Requesting X11 forwarding
2001-12-05 17:22:02 X11 forwarding enabled

If the remote system is Unix or Unix-like, you should also be able to see that the DISPLAY environment variable has been set to point at display 10 or above on the SSH server machine itself:

fred@unixbox:~$ echo $DISPLAY
unixbox:10.0

If this works, you should then be able to run X applications in the remote session and have them display their windows on your PC.

Note that if your PC X server requires authentication to connect, then PuTTY cannot currently support it. If this is a problem for you, you should mail the authors and give detail

NOTE: For a full reference on how to use putty and ssh please refer to http://the.earth.li/~sgtatham/putty/0.52/htmldoc/