In order for administrators to understand a user’s problem, they need to log on as the user, who usually need their password, but if the user is not at their workplace, the admin can reset his password to get his user profile afterwards. This article shows how to do it without a user password.
This will be done using the PsExec tool, which we copied to the download folder before.
PsExec by Mark Russinovich is part of the Sysinternals Suite, which is now part of Microsoft, Sysinternals are system tools developed as freeware, PsExec can be downloaded here.
The help desk employee opens a Command Prompt with raised right and performs the following command:
1
2
%USERPROFILE%\Downloads\PsExec-SID cmd.exe
From the second command prompt, which is now open, the task manager (taskmgr) is started:
Figure: Task manager run from Command Prompt.
Now in the task manager with the mouse go over the corresponding user, and with the right mouse button click on Connect, the switch to the user now happens without entering a password.
Especially on a terminal server, this solution is very effective for admins, where several users are logged in, wherethe admin can switch to its session without a user password. It should also be mentioned here that this is not a security vulnerability, otherwise the admin can also do and leave what he wants, for users with normal rights this procedure is not possible.
Linux has build in SSH from the start, Apple has also integrated Secure Shell into macOS, and Microsoft also missed OpenSSH on Windows 10 from 1803 and Server 2019 as an optional feature. There are Also SSH tunnels and SSH port forwarding from the tools known for some time like PuTTY and KiTTY. So why use SSH only as a terminal (TTY), but also as a VPN tunnel, there are useful possibilities for use, for example, if a VPN tunnel is not to possible at the firewall, or if additional software cannot be installed in corporate networks, or the right ones are missing. An SSH reverse tunnel is always useful when you cannot access a remote computer that is behind a firewall.
Windows 10 OpenSSH client can be found in the settings, under Apps & Features – Optional Features – OpenSSH Client.
This article describes the usge of SSH as a VPN tunnel with port forwarding on OpenSSH on Linux, macOS and Windows.
SSH Tunnel to Remote Host B
Here as an example, a tunnel is built from host A to host B, host B is a web server from which the intranet page is to be opened http://192.168.111.10 on Host A. The only requirement is that there is a NAT mapping via port 22 to host B on the firewall (NAT router) and that the SSH is present on each host.
Illustration: ssh tunnel host A to host B
Run the command in the Linux terminal on Host A as follows:
On Host A, the web page can now be opened http://localhost. The SSH tunnel makes the forwarding for TCP port 80 on host B from 192.168.111.10 to the localhost 127.0.0.1 on host A, the external port is 45680.
Whereby we log on to Host B with user cherry. The meaning of the parameters: -L = Local port -N = do not run a remote command -p = External SSH port (NAT port at firewall) -T = do not open a terminal
On host B the SSH daemon must be configured and activated, in the configuration file /etc/ssh/sshd_config the following settings are required, for many Linux distributions this is default.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
# Force SSH Protocol 2
Protocol2
#Turn on Privileged Separation for security
UsePrivilegeSeparation yes
#Deny root login
PermitRootLogin no
#Do not allow empty passwords
PermitEmptyPasswords no
# installations will only check .ssh/authorized_keys
AuthorizedKeysFile.ssh/authorized_keys
# Forward my X Sessions
X11Forwarding yes
X11DisplayOffset10
# I hate Motd displays
PrintMotd no
# It's alliivee
TCPKeepAlive yes
#AllowTcpForwarding yes
The lines commented out with the words are default values, e.g. #AllowTcpForwarding is by default yes.
SSH servers include synology NAS, FreeNAS, FreePBX Distro, OpenWrt, Raspberry Pi (Raspbian) and now Windows Server, to name a few.
SSH Tunnel to Remote Host C
In this example, an SSH tunnel is built from host A to host C, Host C is an RDS terminal server, Host B serves as a port forwarder.
Illustration: ssh tunnel host A to host C
Run the command in the Linux terminal on Host A as follows:
The Remote Desktop session to Host C is built via localhost on Host A, by pressing the Win + R key opens Run, to confirm the input mstsc /v:localhost with OK.
This example uses the tcp port 3389 for RDP as both internal and external port. All unprivileged ports (-L) higher than 1024 can be used, if a port other than 3389 is used, then the port must be passed to RDP for execution, e.g. mstsc /v:localhost:44389
For Host B, the kernel must be enabled for IP forwarding, which is command for this in the shell as root:
1
2
$net.ipv4.ip_forward=1
Alternatively, echo in the Shell Console does the same thing:
1
2
echo1>/proc/sys/net/ipv4/ip_forward
Check the current IPv4 forward status as follows:
1
2
3
$sysctl net.ipv4.ip_forward
net.ipv4.ip_forward=1
With 1 the activation is confirmed, 0 applies to the deactivation. The change is not boot persistent, so that after the next start the IP forwarding is active again, one edisins with nano or sudo vi /etc/sysctl.conf
1
2
3
Controls IP packet forwarding
net.ipv4.ip_forward=1
It is recommended to use an SSH key for authentication, a key pair can be created as follows:
1
2
$ssh-keygen-f~/.ssh/key_rsa-trsa-b4096
The public key ~/.ssh/key_rsa.pub is stored in the user’s home path, here in this example on host B under the path in the file .ssh/authorized_keys.
Authentication using SSH keys is not only more secure, there are other advantages, for example, the user is not asked to enter a password, also the SSH tunnel and other commands can be executed from a script.
SSH Tunnel on macOS
For Apple macOS, SSH is only available after activation, and this will be executed in the terminal as follows:
1
2
sudo systemsetup-setremotelogin on
After that, the SSH tunnel can be set up under macOS.
With the Remote Desktop for Mac, Gateway localhost is now registered and the RDP session is set up, in this way terminal servers are protected and can only be reached via SSH.
macOS also offers the possibility for automation and uses launchd and the launch system services, the following script is created at: @/Library/LaunchDaemons/server.hostc.client.cherry.home.plist with the following content:
Search for text and strings in files and subdirectories with result in variables
Usually when searching for strings in files, we use windows explorer or windows search, on Linux Gnome uses nautilus or nemo, on macOS we use the finder.
Command-Line commands help with automated processing by scripts and batch processes. This post shows how to search for strings in Windows Command Prompt and in the Linux shell.
Search in the command prompt
The Windows Command Prompt (cmd) a good use provide the findstr command, as the following example shows.
Windows
1
2
3
findstr/s/i"dolor"*.*
doc.txt:Lorem ipsum dolor sit amet
If you want to assign the result of a variable for further processing in scripts, this can be made possible in a FOR loop, the following lines are stored and executed in a CMD file.
With echo the entire line is output with the searched word dolor, if you want to narrow the output only to the characters of a word, this can be achieved with variable parameters.
1
2
3
doc.txt:Lorem ipsum dolor sit amet
1234567890123456789012345678901234
From the sign 20 our word is dolor, it is 5 characters long. The CLI input findstr dolor now brings dolor to the output found in the doc.txt file.
The var variable is assigned the output of findstr.
Searching in the Linux Shell
Linux
1
2
3
$grep-r"dolor"*
Dokumente/doc.txt:Lorem ipsum dolor sit amet
In the Linux bash Console does grep and find are used.
Linux
1
2
3
$find.-typef-print0|xargs-0grep"dolor"
./Dokumente/doc.txt:Lorem ipsum dolor sit amet
The text search with grep is as follows, the result is assigned to the variable var, and output with echo.
Linux
1
2
3
4
$var=`grep-r"dolor"*`
$echo$var
Dokumente/doc.txt:Lorem ipsum dolor sit amet
When searching with grep, you do not want to output the entire line, but only the third word.
Linux
1
2
3
4
$var=`grep-r"dolor"*|awk'{ print $3 }'`
$echo$var
dolor
There are many other possibilities especially in the Linux bash, the command find is very extensive and offers with xargs also regular expressions and other commands for handing over, with find –help you get all possible applications. The only point here is to show an introduction to the application and procedure.
UNBLOG verwendet Cookies, um Dein Online-Erlebnis zu verbessern. Mit "ACCEPT" gibst Du Deine Zustimmung zur Nutzung dieser Website und unseren Datenschutzbestimmungen, oder wähle Cookie settings.
Diese Website verwendet Cookies, um Ihre Erfahrung zu verbessern, während Sie durch die Website navigieren. Von diesen werden die Cookies, die nach Bedarf kategorisiert werden, in Ihrem Browser gespeichert, da sie für das Funktionieren der grundlegenden Funktionen der Website wesentlich sind. Wir verwenden auch Cookies von Drittanbietern, mit denen wir analysieren und verstehen können, wie Sie diese Website nutzen. Diese Cookies werden nur mit Ihrer Zustimmung in Ihrem Browser gespeichert. Sie haben auch die Möglichkeit, diese Cookies zu deaktivieren. Das Deaktivieren einiger dieser Cookies kann sich jedoch auf Ihre Browser-Erfahrung auswirken.
Notwendige Cookies sind unbedingt erforderlich, damit die Website ordnungsgemäß funktioniert. Diese Kategorie enthält nur Cookies, die grundlegende Funktionen und Sicherheitsmerkmale der Website gewährleisten. Diese Cookies speichern keine persönlichen Informationen.
Alle Cookies, die für die Funktion der Website möglicherweise nicht besonders erforderlich sind und speziell zur Erfassung personenbezogener Daten des Benutzers über Analysen, Anzeigen und andere eingebettete Inhalte verwendet werden, werden als nicht erforderliche Cookies bezeichnet. Es ist obligatorisch, die Zustimmung des Benutzers einzuholen, bevor diese Cookies auf Ihrer Website ausgeführt werden.
