I sometimes help out a friend who uses Windows 7 and occasionally has problems that can't be sorted out over the phone but which can often be sorted out with a few clicks/keystrokes.
Remote access is obviously the answer, with the proviso that it be as simple as possible to implement from the remote end.
The solution I eventually hit upon was to run a VNC server on the
Windows 7 machine, accessed via a secure ssh tunnel initiated from that
machine - i.e. two icons to click on and then click on 'login'.
It also means that the machine is not exposed by default as both VNC and
ssh have to be manually started.
My end is a bit more complex:
The objective is to set up an encrypted tunnel from port 59000 on my PC
to port 59095 on the Win 7 PC which has only a ssh client installed, so a
reverse ssh connection is required. This will be made from the remote
Win7 PC to port 59722 on my router and then forwarded to port 22 on my
PC, ensuring an encrypted tunnel is set up between the two PCs.
A VNC server runs on the remote PC on port 59095. I use TightVNC.
Using a dynamic DNS address means that the ssh client can be configured so that no user configuration is required.
This is what I needed to do in addition to what's already installed:
create a host key:
ssh-keygen -b 2048 -P "" -f /etc/ssh/ssh_host_rsa_key
set up a guest account using the 'setupuser' script:
setupuser guest gp@ss
start the ssh server:
$(which sshd)
install java and, when the reverse tunnel has been established, run the VNC client:
java -jar tightvnc-jviewer-no-ssh.jar
connect to →
Remote Host: localhost Port: 59000 Options: as required
I set this up to forward port 59722 on the internet side to port 22 on my server.
I wanted a dynamic dns URL so that there would be no need to edit any
configuration in the ssh client set up at the remote end [remember 3
click process ..]
I chose DuckDNS because it was the first [free] one I came across where I could update from the command line and use a script:
update-duckdns
I use Bitvise Tunnelier as the ssh client - it's easy to set up for this purpose using just two of the tabs - and saving the connection profile is straight forward. The current version is marketed as BvSshClient and has the option of publickey authentication.
Tunnelier won't accept 'localhost' as a 'Listen Inteface', so it needs to be entered in numerical format.
The guest password is the one set up with the setupuser script and 'PasswordAuthentication yes' needs to be enabled in the ssh server [/etc/ssh/sshd_config] - which it normally is by default.
Start | Control Panel | All Control Panel Items | Administrative Tools | Services |
Set 'Startup Type' to 'manual'
Start | All Programs | TightVNC | TightVNC Server (Service Mode) | TightVNC Service - Offline Configuration
For ease of use, from the Start menu, link Start & Stop TightVNC Service to the desktop:
#!/bin/bash SCRPT() (/usr/bin/expect << END spawn /usr/bin/passwd "$USER" expect -exact "New password: " send -- "$PASS\r" expect -exact "Re-enter new password: " send -- "$PASS\r" expect eof END ) [[ $2 == "" ]] && echo && echo "Usage is: ./$(basename $0) User Password" && echo && exit useradd -md /$1 $1 export USER=$1 export PASS=$2 SCRPT
#!/bin/bash getIP() ( /usr/bin/expect << END set timeout -1 spawn ssh -oMACs=hmac-sha1 admin@172.16.1.3 expect -exact "admin@172.16.1.3's password: " send -- "P@SSWORD\r" expect -exact "\r > " send -- "ifconfig ppp_0_0_38_1" expect -exact "ifconfig ppp_0_0_38_1" send -- "\r" expect -exact "\r > " send -- "logout\r" expect eof END ) IP=$(getIP |grep 'inet addr'|cut -d ':' -f 2|cut -d ' ' -f 1) wget --ca-directory=/usr/share/ca-certificates/mozilla/ -o session-log "https://www.duckdns.org/update?domains=forVNC&token=1234abcd-fg56-78hi-jk90-1234567890ab&ip=$IP"
The sftp server needs to be running at 'My PC' - ensure that this line in sshd_config is uncommented:
Subsystem sftp /<path-to>/sftp-server
Set up the SFTP tab in Tunnelier and 'Save Profile':
When logged in, single click on the 'Open New SFTP Window' icon to open up the file transfer window, navigate to the folders/files required to copy between and drag-and-drop to copy files:
There is a good write up at SSHFS in Windows @ Linhost ..but the URLs are out of date
Get the required programs here and install on the remote PC:
DokanInstall_0.6.0.exe
- located at the Internet Archive's WayBack Machine, a great source of material that's disappeared from it's original URL.
dotNetFx40_Full_x86_x64.exe
win-sshfs-0.0.1.5-setup.exe
and install on the remote PC.
Dokan and Microsoft NET need to be installed before win-sshfs, which checks that they are ..
Also, as for sftp, the sftp server needs to be running at 'My PC' for the sshfs mount to be successful.
Start Sshfs Manager, and click on the 'mount' button and 'My PC' root folder (/) will be mounted and shown as drive E:
File transfer is then drag-and-drop between drive E: and any of the folders on the remote PC:
I haven't tried a Windows-to-Windows connection, but imagine the principles would be identical with a Windows ssh server required.
There is a Windows ssh server in the windows
package.
After installation, the service will run automatically, but can be set to start manually as per the VNC server via the Services screen.
Create a user for logging in from a remote ssh client:
Either set up a new user, for example 'visitor' with password 'vp@ss',
or to use the built-in Guest account on Windows 7 and set a password for it:
Turn the Guest account on.
Then: Start | All Programs | Accessories | Command Prompt → and type in
control userpasswords2
select 'Guest' User Name, and Reset Password.
Logging in with ssh is then case sensitive →