I am trying to execute a command on a remote EC2 instance (Windows), but I am not able to connect the remote server from local machine. I have put the ICMP open for all ports.
Asked
Active
Viewed 1,895 times
3 Answers
2
ICMP is not going to do anything for you here.
Normally you'd use Terminal Services with Remote Desktop to access a remote Windows server with the full GUI (video, keyboard, and mouse) and access to local drives for file copying.
What Remote Desktop will allow you to do is first get access to your server, test out your remote script(s)/executable(s) locally (i.e. make sure your paths are correct, your expected outputs and inputs are working, etc.).
Regardless of what you're doing with remote commands, any production Windows box located remotely should be securely accessible by Remote Desktop as doing regular maintenance, installing Windows Updates, etc. will require that kind of access at some point.
Remote Desktop uses TCP port 3389 to be open and also requires that Terminal Services is enabled.
To securely access your remote Windows Server is where the VPN connection/tunnel comes in: you absolutely DO NOT want to open up TCP ports 135 (Remote Procedure Call) and 445 (Microsoft-DS Service) to the Internet!
Setup a secure connection using Windows built-in PPTP/L2TP over IPSec or an IPSec tunnel if you have a hardware firewall in front of the Windows Server (and that firewall supports IPSec tunnels). If you're going to be periodically executing commands on the remote server from one machine, a PPTP or L2TP over IPSec client VPN connection will suffice; if you want multiple machines to access this remote Windows server regularly, a site-to-site IPSec tunnel probably makes more sense.
Once you've established a secure connection to your server (and I'd also want to restrict public IP access with a packet filter either in a separate hardware firewall or at the very least, using Windows Firewall), you can now use something like psexec (or if native, perhaps PowerShell) to execute your built-in command or a script/command-line utility you want to run remotely.
gravyface
- 13,957
- 19
- 68
- 100
-
Hi, I opened port TCP 3389 and trying to connect remote instance using psexec, but it is not able to connect it. It's giving error message "Network path not found". – Darshan May 29 '11 at 14:27
-
I'm going to edit my message to clarify. – gravyface May 29 '11 at 14:53
1
Install a SSH server on your Windows server. WinSSHD is an inexpensive but good SSH server for Windows. If you want to go no cost than I like CopSSH which is a packaging of OpenSSH for Windows.
Once the SSH server is installed you can execute command line tools via a SSH client such as Putty. Or you can tunnel RDP over SSH for Remote Desktop. Directions for tunneling rdp using CopSSH and WinSSHD can be found here and here.
TimS
- 2,166
- 13
- 8
-
-
I personally prefer WinSSHD. It is a true windows application rather than a packaging of OpenSSH on cygwin. It is easier to manage (has a management GUI), ties in to Windows authentication better, and is FIPS140-2 validated (oftern a requirement for my customers). – TimS May 29 '11 at 15:47
-
Also WinSSHD has a 30 day eval period an dis free for personal non-commercial use. It only cost $100 for perpetual license and $20 a year for upgrades. A bargain next to other commercial SSH offerings. That being said sometimes $100 isn't in the budget and that's when I go CopSSH. – TimS May 29 '11 at 15:57
-
Yeah, just read through the site; seems rock solid and AD integration sounds perfect (on top of key pairs for two-factor authentication). – gravyface May 29 '11 at 16:04
0
What about running a simple website on e. g. port 1234? You can make the aspx code to execute the command easily:
Pete White
- 23
- 2