Using ARM GNU GCC with Cygwin

Kaz Kylheku 920-082-4242@kylheku.com
Thu Apr 9 00:17:56 GMT 2020


On 2020-04-08 13:58, David Rothenberger wrote:
> On 4/8/2020 1:50 PM, Kaz Kylheku via Cygwin wrote:
>> On 2020-04-04 11:58, Åke Rehnman via Cygwin wrote:
>> I have a major use case for Cygwin for providing remote access
>> to Windows. Using a non-Cygwin utility called "RunAsService.EXE",
>> I turned a Cygwin Bash script into a Windows service. This Bash
>> script loops around and makes a SSH connection to a host
>> in a domain that I control, setting up a tunnel for port 3389
>> (RDP). From that domain, I can then remote desktop into the
>> Windows system. Basically I can deploy this solution on any
>> Windows machine on any network where outbound SSH is allowed, and
>> have remote access to it.
> 
> You might want to look at the "autossh" Cygwin package. It handles
> exactly this use case and can be registered as a Windows service
> without any non-Cygwin utilities.

Hi David, thanks for bringing this to my attention.

That seems to use something called cygrunsrv, which is
what I should have used for that script (and will be sure
to do upon the next opportunity of using it again).

> Just look at
> 
>   /usr/share/doc/autossh/README.Cygwin
> 
> after you install the package for details about the service.
> 
> I've been using this for years for the purpose you've described and
> it's been working great.

I'm reading the documentation and basically my 25
line script has all the features, including exponential
backoff for restarting a failed connection.

I'm not terribly in favor of formal packages that can be
replaced by a shell scripts that fit into an 80x25 window.

Here it is:

#!/bin/bash

PATH=/bin:/usr/bin
THISDIR=/cygdrive/C/Cygwin/.ssh
DEST=xxxx@xxxx
sleep_exp=0

while true ; do
   time_before=$(date +%s)
   ssh -i $THISDIR/id_rsa -vv -R :3389:127.0.0.2:3389 \
     -o UserKnownHostsFile=$THISDIR/known_hosts \
     -o PasswordAuthentication=no \
     -o ServerAliveInterval=60 \
     -o ServerAliveCountMax=3 \
     $DEST rdp 2> /.ssh/log
   time_now=$(date +%s)

   if [ $(( time_now - time_before )) -le 600 ] ; then
     sleep_exp=$(( sleep_exp >= 9 ? sleep_exp : sleep_exp + 1 ))
   else
     sleep_exp=0
   fi

   sleep $(( ((1 << sleep_exp) + 15) / 16 ))
done

Why do we execute a command called "rdp" on the remote host?
Because the home directory of the account that is used has
the following shell script as its login shell:

#!/bin/bash

if [ $# -ne 2 ] || [ "$1" != "-c" ] ; then
   echo interactive login not permitted
   echo "$@" >> ~/.log
   exit 1
fi

case "$2" in
   rdp )
     while true ; do sleep 3600 ; done
     ;;
   * )
     echo that command is not allowed
     exit 1
     ;;
esac

This is necessary because the Windows machine has a password-unprotected
private key that it uses to log in to this.  The service automatically
starts if the Windows is rebooted, without requiring any password.
Anyone with access to the Windows machine (such as an IT admin)
who finds this stuff could use that key to SSH to that account on
that host.


More information about the Cygwin mailing list