Wednesday, April 5, 2017

Using SCP and SUDO to copy a file to a remote host into a folder which only has root permissions.



The Linux utility scp is great for copying files to remote hosts. But very often you need to copy files into folders that only have root permissions, like  /etc , /var , /bin .   And very often root login via ssh in not allowed. And scp itself does have an option for sudo on the remote host. What a pain!

  Ahhh... Here is a solution :  run the scp command-- via ssh-- on the remote host instead of   source host that has the file you want to copy. 

From the remote host you can use scp to pull the file from the source host , as long as  your user account on the source host has read access to it. 
But you need to run   "sudo scp"  on the remote host  to copy the file into a folder with root-only  permissons

Hooray !! 
Here are the steps:


-Copy a file  "script.sh"  from sourcehost:/var/prtg/scripts to  /var/prtg/scripts on a remote host-

#The /var/prtg/scripts  directory does not exist on the remote host so we have to create it.  And we have to use “sudo”  because  my account  afrancis  does not have write permissions for /var 

[afrancis@linuxhost/]$     ssh –t  afrancis@remotehost  “sudo mkdir –p  /var/prtg/scripts “

#Now  we need to use ssh to run scp on the remote host and copy the file  from the source host  to /var/prtg/scripts.
# In this example my user account has read access to  the file "script.sh" on the source  so it can copy it ok, but we need to use "sudo scp" on the remote host  because my user account does not have write perms for  /var/prtg/scripts on the remote host. 

[afrancis@linuxhost/]$ssh -t afrancis@remotehost  "sudo scp  afrancis@linuxhost:/var/prtg/scripts/script.sh /var/prtg/scripts/"

#Type in my password to ssh into the remote host
afrancis@remotehost’s password:
 #Type in again to run sudo on the remote host
[sudo] password for afrancis:
# Type my password a third time  to copy the file from the source
afrancis@linuxhost's password:
#  And it copied !
script.sh                                                                                                                                                              100% 1058     1.0KB/s   00:00
Connection to remotehost closed.
[afrancis@linuxhost/]$
#All Done !

--------------------------------------------------------------------------------------------------------------

Notes :

  1. The /var/prtg/scripts  directory does not exist on the remote host so we have to create it. 
  2. We have to use “sudo”  because  my account  does not have write permissions for /var
  3. The –t   override the  “no tty error”  when ssh’ing to the remote host
  4. Mkdir –p  creates both   prtg and  scripts   folders at the same time.
Posted by at No comments:

Tuesday, November 1, 2016

Remote Desktop access from Mobile Hotspot

       [This post is a work in progress] 

       I have Windows 2008 servers hosted on Amazon AWS. I use AWS Security groups to restrict access to the servers by ip address.

When I am on the road, I often use a 4G mobile broadband hotspot with my laptop to connect to the Internet. 

That's a  problem because the  public ip address of my mobile hotspot changes frequently.

 When I am using my hotspot for internet access, I want to connect from my laptop to my Windows 2008 servers on AWS but I still want to restrict access to the servers to just me and not the entire world. 

I connect to my Windows servers using Windows Remote Desktop with  128 bit SSL. 

Now, the Windows Remote Desktop login page is fairly difficult to break into if you have a strong password. Still, I would prefer the login page not be  globally  accessible  from any ip address, where bots and scripts can hammer away at it.

I could put the Windows servers in a private subnet on AWS and then connect to them via a VPN connection. 

But  here's  another  possibility:

--Setup Windows Remote Desktop Gateway Server on AWS ---

http://windows.microsoft.com/en-us/windows7/what-is-a-remote-desktop-gateway-server



From the Windows Server 2008  Help File  for  Remote Desktop Services 

Why use RD Gateway?

RD Gateway provides these benefits:
  • RD Gateway enables remote users to connect to internal network resources over the Internet by using an encrypted connection, without needing to configure virtual private network (VPN) connections.

  • RD Gateway provides a comprehensive security configuration model that enables you to control access to specific internal network resources.

  • RD Gateway enables remote users to connect to internal network resources that are hosted behind firewalls in private networks and across network address translators (NATs).

  • Remote Desktop Gateway Manager (RD Gateway Manager) enables you to configure authorization policies to define conditions that must be met for remote users to connect to internal network resources.

  • RD Gateway Manager provides tools to help you monitor RD Gateway connection status, health, and events.

  • You can configure RD Gateway servers and Remote Desktop Services clients to use Network Access Protection (NAP) to enhance security.

  • You can use an RD Gateway server with Microsoft Internet Security and Acceleration (ISA) Server to further enhance security.
For more information about RD Gateway, see the Remote Desktop Services page on the Windows Server 2008 R2 TechCenter (http://go.microsoft.com/fwlink/?LinkId=140433).

==And THIS IS COOL :   From   WIndows Help File  - Remote Desktop Services Overview :==

You can configure Remote Desktop Services to use Hyper-V™ to either assign virtual machines to users or have Remote Desktop Services dynamically assign an available virtual machine to a user upon connection

===More ...  to be continued ....



1.









2.



3.

You need to create a Computer Group in AD to use this.

Or Select "Any computer on the Network"




4.






5.






Posted by at No comments:
Subscribe to: Posts (Atom)