Native “SSH” on Windows via WS-Management
by William Vambenepe
Did you know that you can now SSH to a Windows machine over WS-Management and its is a documented protocol that can be implemented from any platform and programming language? This is big news to me and I am surprised that, as management protocol geek, I hadn’t heard about it until I started to search MSDN for a related but much smaller feature (file transfer over WS-Management).
OK, so it’s not exactly SSH but it is a remote shell. In fact it comes in two flavors, which I think of as “dumb SSH” and “super SSH”.
Mi comentario:
Investigando como hacer cosas interesante con PowerShell 1.0 (Se instala automáticamente en una instalación de SQL Server 2008 full), ese lenguaje de script que pretende desterrar los batch y cmd en servidores de windows (parece ser que PowerShell no procesa texto, procesa objetos de .Net:
Windows PowerShell does not process text. Instead, it processes objects based on the .NET platform.) … Bueno, como iba diciendo, llegue a este blog donde dice que se puede trabajar con SSH nativo en windows via WS-managemet …. continuará.
Y continua:
PowerShell desde Windows Remote Shell:
El lenguaje de Script que va a desterrar a los batch y cmd de windows.
Parece ser que PowerShell no procesa texto, procesa objetos de .Net:
Windows PowerShell does not process text. Instead, it processes objects based on the .NET platform.
Si queremos visualizar los servicios de un equipo en la consola, antes de Powershell tendríamos que haber escrito un script para WMI en vbs similar a este:
strComputer = «.»
Set objWMIService = GetObject(«winmgmts:» _
& «{impersonationLevel=impersonate}!\\» & strComputer & «\root\cimv2»)
Set colProcessList = objWMIService.ExecQuery(«Select * from Win32_Process»)
For Each objProcess in colProcessList
Wscript.Echo «Process: » & objProcess.Name
Next
Ahora con PowerShell
Get-process
Power Shell 1.0 se puede instalar en XP, 2003 y Vista. Ya viene instalado en 2008 y creo que en W7. Requisito indispensable es el framework .Net 2.0
Pero 1º empecemos a dotar a nuestro servidor W2003 SP2 con un servidor de shell tipo ssh. La solución es Windows Remote Shell. Para ello debemos de instalar:
WS-Management v1.1
Esto para el servidor, para el cliente me baje el fichero XP para español ( http://www.microsoft.com/downloads/details.aspx?displaylang=es&FamilyID=845289ca-16cc-4c73-8934-dd46b5ed1d33 )
Una vez instalado tanto en cliente como en servidor .Hay que seguir los pasos aqui descritos: (KB555966): Cómo habilitar Shell Remoto de Windows
O desde shell cmd:
C:\WINDOWS>WINRM quickconfig
WSManFault
Message
ProviderFault
WSManFault
Message = Unable to check the status of the firewall.
Error number: -2147023143 0x800706D9
There are no more endpoints available from the endpoint mapper.
Error que resulta por no tener el servicio Firewall/ICS(Internet Connetion Sharing) Habilitado. Habilitamos el Firewall y volvemos a ejecutar WINRM quickconfig
C:\WINDOWS>WINRM quickconfig
WinRM is not set up to allow remote access to this machine for management.
The following changes must be made:
Create a WinRM listener on HTTP://* to accept WS-Man requests to any IP on this
machine.
Enable the WinRM firewall exception.
Make these changes [y/n]? y
WinRM has been updated for remote management.
Created a WinRM listener on HTTP://* to accept WS-Man requests to any IP on this
machine.
WinRM firewall exception enabled.
Para establecer el host de confianza
winrm set winrm/config/client @{TrustedHosts=»<local>»}
En el lado del cliente le digo que la ip del servidor es de confianza
winrm set winrm/config/client @{TrustedHosts=»80.59.69.240″}
Client
NetworkDelayms = 5000
URLPrefix = wsman
AllowUnencrypted = false
Auth
Basic = false
Digest = true
Kerberos = true
Negotiate = true
Certificate = true
DefaultPorts
HTTP = 80
HTTPS = 443
TrustedHosts = 80.59.69.240
Idem lado del servidor a la ip del cliente
winrm set winrm/config/client @{TrustedHosts=»80.59.69.239″}
En el lado del cliente ejecutaremos: WINRS -r:http://servidor <comando> Como un usuario con permisos en el servidor
Abro una shell con el usuario comun.Administrator
C:\Documents and Settings\usuario>runas /u:administrator cmd
Escriba la contraseña para administrator:
Intentando iniciar cmd como usuario «CASACUARTEL\administrator» …
C:\WINDOWS\system32>WINRS -r:http://80.59.69.240 dir
Volume in drive C has no label.
Volume Serial Number is 24F0-1088
Directory of C:\Documents and Settings\Administrator
19/06/2009 17:19 <DIR> .
19/06/2009 17:19 <DIR> ..
29/06/2009 10:27 <DIR> Desktop
19/06/2009 17:17 <DIR> Favorites
22/06/2009 06:34 <DIR> My Documents
29/05/2009 05:57 <DIR> Start Menu
29/05/2009 06:00 0 Sti_Trace.log
1 File(s) 0 bytes
6 Dir(s) 57.493.209.088 bytes free
Para configurar WinRM sin usar quickconfig
rem ejecutar esto en un bat o cmd o en consola
sc config «WinRM» start= auto
net start WinRM
winrm create winrm/config/listener?Address=*+Transport=HTTP
netsh firewall add portopening TCP 80 «Windows Remote Management»
http://blogs.technet.com/davidcervigon/archive/2008/02/06/windows-remote-shell-winrm-y-winrs.aspx
Finalmente, tras tener la shell del servidor. Pruebo a ver si se puede trastear con PowerShell: ejecuto como Administrator (usuario comun en cliente y servidor)
C:\WINDOWS\system32>winrs -r:http://80.59.69.240 powershell.exe
Windows PowerShell
Copyright (C) 2006 Microsoft Corporation. All rights reserved.
ping 80.59.69.240
Pinging 80.59.69.240 with 32 bytes of data:
Reply from 80.59.69.240: bytes=32 time<1ms TTL=128
Reply from 80.59.69.240: bytes=32 time<1ms TTL=128
Reply from 80.59.69.240: bytes=32 time<1ms TTL=128
Reply from 80.59.69.240: bytes=32 time<1ms TTL=128
Ping statistics for 80.59.69.240:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
ping 80.59.69.239
Pinging 80.59.69.239 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 80.59.69.239:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
OK EFECTUA PING
dir
dir c:\
cls
LOS COMANDOS dir, cls, … NO LOS MUESTRA POR PANTALLA
netstat -ano
Active Connections
Proto Local Address Foreign Address State PID
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 744
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING 500
TCP 0.0.0.0:1027 0.0.0.0:0 LISTENING 1396
TCP 0.0.0.0:2382 0.0.0.0:0 LISTENING 1780
TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING 2928
TCP 80.59.69.240:80 80.59.69.239:4185 ESTABLISHED 4
TCP 80.59.69.240:80 80.59.69.239:4186 ESTABLISHED 4
TCP 80.59.69.240:135 80.59.69.240:1208 ESTABLISHED 744
TCP 80.59.69.240:139 0.0.0.0:0 LISTENING 4
TCP 80.59.69.240:1175 80.59.69.239:3128 CLOSE_WAIT 2484
TCP 80.59.69.240:1208 80.59.69.240:135 ESTABLISHED 2296
TCP 80.59.69.240:3389 80.59.69.239:4016 ESTABLISHED 2928
TCP 127.0.0.1:1110 0.0.0.0:0 LISTENING 1432
TCP 127.0.0.1:1206 0.0.0.0:0 LISTENING 1756
UDP 0.0.0.0:445 *:* 4
UDP 0.0.0.0:500 *:* 500
UDP 0.0.0.0:1434 *:* 1780
UDP 0.0.0.0:4500 *:* 500
UDP 80.59.69.240:123 *:* 824
UDP 80.59.69.240:137 *:* 4
UDP 80.59.69.240:138 *:* 4
UDP 127.0.0.1:123 *:* 824
UDP 127.0.0.1:1026 *:* 824
UDP 127.0.0.1:1037 *:* 4020
UDP 127.0.0.1:1052 *:* 2184
UDP 127.0.0.1:1090 *:* 2484
NETSTAT SI LO MUESTRA POR PANTALLA
get-process
NO MUESTRA NADA
get-process > c:\procesos.txt
PERO SI LO DIRECCIONO A UN FICHERO DEL SERVIDOR SI FUNCIONA …
LO DEMAS QUEDA A LA IMAGINACION Y LA POTENCIA DE POWERSHELL
—————————————————————————————————–
Deja un comentario