The Glade 4.0

We have encountered issues at work with SSH Server software and are looking at switching to WinRM for remote management via PowerShell.

There's a catch, however, and it's something I didn't expect.
If I tunnel to a remote server via SSH, then launch a command-line program like WinSCP.com, my console switches from the shell prompt to the WinSCP prompt and my user experience becomes virtually indistinguishable from what I'd get if I had connected via remote desktop and then launched the program "directly". This is good. This is what I wanted, what I expected, and what makes my life easy.
If I tunnel to that same remove server via WinRM, then launch that same program, my PowerShell console displays the greeting text and the WinSCP prompt, then closes WinSCP and presents me with the session prompt. For some reason, no such program will remain "active" in that environment.

What I want:


What I get:


Thankfully, WinSCP has published a .NET Assembly which allows me to work around this behavior.
Unfortunately, the same thing happens with Connect:Direct, and they have not published a .NET Assembly.

So when I attempt to use Connect:Direct via WinRM, I get this:


I'm busy working to discover a way to get around this, and am tempted to write my own damn .NET Assembly for in-house use, but I'm dying to know why WinRM can't seem to launch a usable, interactive session with a command-line application.
Anybody have insight?

_________________
Go back to zero, take a pill, and get well ~ Lemmy Kilmister

I don't know much about WinRM (didn't even know it existed, frankly), but from what I can tell, WinRM is not anything like an actual, general purpose remote terminal, and it certainly doesn't support arbitrary port forwarding like SSH does. Every application that you want to use with WinRM has to be explicitly modified to support communication over the WinRM protocol.


Alol. Remember kids: Microsoft's definition of "interoperability" between "different operating systems" explicitly means between "different versions of Windows" and between "different versions of Microsoft(TM) software".

Sorry, I don't really have a solution for you. It sounds like you'd not only need to write a WinRM listener, but you'd also have to modify the source code of Direct:Connect to use it. Which, is probably not trivial. Everything going through the WinRM pipe has to be XML-ified. It doesn't sound very amenable to transferring arbitrary binary files, though I'm sure it could be done.

Out of curiosity, what were the issues you were having with SSH and which SSH software were you using? I think you'd be better off figuring out how to solve your SSH problems than figuring out how to pound WinRM through a square hole. Or, failing that, just resign to using remote desktop for remote Windows administration.

_________________
Sail forth! steer for the deep waters only!
Reckless, O soul, exploring, I with thee, and thou with me;
For we are bound where mariner has not yet dared to go,
And we will risk the ship, ourselves and all.

We were using CopSSH and after working well for a couple of days it said:


In response to our help ticket, ITeF!x said:


Surprisingly enough, the complete wipe/clean re-install actually solved the problem ... for a couple of days.
After the second round of errors, we gave up. The software was installed on a Windows box and configured to present users with a cmd shell, not bash, so we can't figure out why the hell it's attempting to execute chown/chmod commands - let alone why it's attempting to execute them against non-existent files.

I did eventually figure out how to pass all the necessary arguments to Connect:Direct so it would do what I want it to.
This is a good thing, because RDP really isn't an option - this utility is for automated workflow management, not human users.
I am still, however, irked by not having interactive access.

_________________
Go back to zero, take a pill, and get well ~ Lemmy Kilmister

Every Windows port of SSH that I can think of requires some kind of POSIX-like environment to function. It would just require far too much modification of the source code to be feasible any other way. The /dev/ptyXX nodes are the psuedo terminal devices that SSH (and other utilities like gnome-terminal, GNU screen, etc.) uses as a stand-in for the actual, physical terminal (/dev/ttyXX). These dev nodes may be created on-the-fly whenever the sshd daemon spawns a new terminal. It's trying to change ownership of the dev node to root:root and then grant +rw for user, group, and everyone on the dev node. Those are overly permissive for a Mac or *NIX system, but it's probably required to make things work on Windows. It sounds to me like the dev nodes aren't being created for some reason. I would guess that it's a Windows permission issue. Is the ssh daemon running with elevated privs? It probably needs to, even if it's running under an admin account.

It looks like CopSSH just utilizes cygwin and its sshd port under the hood. I would suggest cutting out the middle man. Uninstall CopSSH and try installing the latest greatest Cygwin directly. Tech issues notwithstanding, Cygwin is GPL'd. Unless you're packaging it in a closed-source product, there's absolutely no reason to pay someone licensing fees for the privilege of running Cygwin.

Edit: I just tested this on my own Cygwin install. I don't see any /dev/ptyXX devices until I launch a pseudo-terminal with screen. I don't have SSH running, so I can't test with that, but I'd assume it's the same.

This is the ownership/perms:


I'm not sure why CopSSH is trying to set root:root and 0666.

_________________
Sail forth! steer for the deep waters only!
Reckless, O soul, exploring, I with thee, and thou with me;
For we are bound where mariner has not yet dared to go,
And we will risk the ship, ourselves and all.

As it stands, the WinRM tunneling is working well and is enthusiastically endorsed by our IT Security department, whereas the SSH tunnel was something they were willing to tolerate but weren't terribly thrilled about. So it would appear my experimentation phase has ended.

_________________
Go back to zero, take a pill, and get well ~ Lemmy Kilmister