From SpectLog
Jump to: navigation, search

Problem

There is a common need to run GUI application on remote Windows machine so that the application window pops up within the current user's desktop session. It didn't work in many ways for background services (even with enabled "allow service to interact with desktop option" whatever it is for) and I had to turn my head to Cygwin/OpenSSH.


The widely mentioned PsExec has numerous drawbacks:

  • Issues to provide status/exit code from remotely executed commands.
  • Lack of understandable security mechanism (if any).
  • Difficulties to troubleshoot rooted in its proprietary nature.

Solution

Install sshd in Cygwin and copy default configuration to some place:

mkdir -p /home/sshd
cp /etc/defaults/etc/sshd_config /home/sshd/sshd_config


Generate host key:

ssh-keygen -t dsa -f /home/sshd/ssh_host_dsa_key


Apply the following patch to sshd's config:

--- /etc/defaults/etc/sshd_config       2013-05-16 16:43:55.000000000 +0800
+++ /home/sshd/sshd_config 2013-05-17 03:39:13.265625000 +0800
@@ -23,6 +23,7 @@
 # HostKeys for protocol version 2
 #HostKey /etc/ssh_host_rsa_key
 #HostKey /etc/ssh_host_dsa_key
+HostKey /home/sshd/ssh_host_dsa_key
 #HostKey /etc/ssh_host_ecdsa_key
 
 # Lifetime and size of ephemeral version 1 server key
@@ -102,7 +103,7 @@
 #PrintLastLog yes
 #TCPKeepAlive yes
 #UseLogin no
-UsePrivilegeSeparation sandbox         # Default for new installations.
+UsePrivilegeSeparation no              # Default for new installations.
 #PermitUserEnvironment no
 #Compression delayed
 #ClientAliveInterval 0


Run sshd from Cygwin terminal:

/usr/sbin/sshd -f /home/sshd/sshd_config

You probably need to create a single line *.bat file and place it into "Start"=>"All Programs"=>"Startup" menu directory for automatic startup when user logs in:

C:\cygwin\bin\bash.exe -C "/usr/sbin/sshd -f /home/sshd/sshd_config"


The client can connect and execute graphical applications remotely using the following command as an example:

ssh user@host "notepad.exe"

The notepad (or any other application) will appear in the current user's session because sshd runs in this user's session.

Troubleshooting

The configuration above was tested on Windows XP and Windows 7.

  • First, make sure you can run the *.bat file using cmd which keeps the terminal window with output.
  • Prevent sshd from running in background (-D) and enable log messages in stderr (-e) to inspect details or even use debug mode (-d) which does it all with verbose output.
  • Use specific unprivileged port for troubleshooting (i.e. -p 10000 to override default port for both sshd server and ssh client).