Wondering if anyone has a simple solution to doing a reboot of a linux box from a C# windows app. I can do the reboot using ssh, but really did not want to include the SSH lib files from Tamir Is there something else I could do besides bring in the full SSH lib for a simple reboot?
Here is how I do the reboot using Sharpssh from Tamir..
SshExec exec = new SshExec("192.168.1.1", "root", "password");
exec.RunCommand("/sbin/shutdown -r");
exec.Close();
you could send a Remote Procedure Call.
http://www.cs.cf.ac.uk/Dave/C/node33.html
Are you running Apache/PHP on the box? If so, a horribly insecure way may be to setup a PHP page to initiate the reboot. (You could attempt to add some security by requiring a login / obscure string supplied as a post variable, etc) You can then just use a WebRequest to call the page in question to initiate the reboot.
Please don't ask me about the security specifics of allowing a PHP page to call out to a system command with the required permissions - it has been far too long since I worked on Linux / PHP.
Related
I'm using SshClient from Renci.SshNet and i have noticed that all the commands are not effective on the remote server.
For example, that one works fine :
mySSH.RunCommand( "touch test");
will create a file on the remote server.
but this one won't do anything :
mySSH.RunCommand( "nohup dnx web &");
I searched all over the internet and i'm so disapointed cause nobody talk about that.
Mostly, all commands that are simple like create a file or a folder, but strong commands like executing a script or starting my application (the most important) just simply don't want to do anything.
Thank you in advance.
Can you run this command when you log in over ssh as the same user Ssh.Net is using?
I have a computer A which hosts different kind of things:
A website (is developped using C# and ASP.Net)
Applications
Our customers have access to the website and sometimes, they will want to reboot the computer A (knowing that it will cut the website during the reboot).
My question is simple : does it exist a way of :
Rebooting a computer by simply clicking a button on an ASP.Net page ? How would I manage to do so ?
The same way, is it possible to execute some batch script (executes on the Computer A) when clicking on a button on an ASP.Net page ?
Thanks for your help!
This is secure enough way to do it (as long as password is stored securely)
ProcessStartInfo startInfo = new ProcessStartInfo("shutdown /r /f /t 5");
startInfo.UserName ="user with enough rights";
startInfo.Password ="password";
Process.Start(startInfo);
// /r - restart
// /f - force
// /t 5 - wait 5 seconds
You can do it using System. Diagnostics.Process namespace, Please look at the following link for full process.
http://www.c-sharpcorner.com/UploadFile/yuanwang200409/RemoteRestartWindows09252006141003PM/RemoteRestartWindows.aspx
It would be pretty easy to implement, but the question is if IIS will allow it. You will also open up for exploits, since if someone managed to exploit this, they could chain restart your server.
If you really want to go ahead and implement this, you could simply set up a Web Service call that triggers the following code.
System.Diagnostics.Process.Start("shutdown.exe", "-r -t 0");
Although, it does sounds more like you are looking for a management tool to handle this. I would recommend that you look at one of many tools available to help manage servers remotely. It is important for security that the management software has the ability to give the user specific privileges, like restricting them with access to only reboot the server.
You can execute "shutdown -r" command from C# in command line, see this SO question how to do it. Mind you that the application has to be very well secured, and the application running under IIS will have to have enough user rights.
Edit:
Fuji's proposed way works well and doesn't even require elevated process (I didn't expect it to work, whoops ;))
I have a Windows Forms Application which communicates with an FTP Server everything works flawlessly, except that the user is able to use WireShark, filter for FTP and easily get full access to my FTP Server. I really need a way to prevent this, but the only idea I could come up with was to use SFTP or FTPS. The problem is that currently I'm using edtFTPnet free and couldn't find any free SFTP or FTPS class to implement on my current code.
What would be the best approaches (free or extremely low cost) to solve this problem?
There are a few free SSH libraries: (SharpSSH, SSH.Net for example)
The problem is you're relying on someone not looking at the password. Instead, issue your clients their own credentials. Be it, username & passwords per user or issue the client a certificate.
Also, Daniel's advice is sound; make sure that if they DO get the password, there's little to no damage that can be done
I think you are going the wrong way here.
You don't really have control over the client side, so don't bother trying to secure it.
Instead, secure your server.
Make sure that the account used by your application only has limited rights on the FTP server. For example, you could disallow DIR or constrain him to a certain directory.
I want to run an exe on client system from my c# asp.net website. When I use Process.Start()
it throws an error:
The requested operation requires elevation.
How do I set permissions to run that exe?
You can't spawn processes on the client machine from server-side code.
When you use Process.Start in server-side code, it is attempting to execute the process there, on the server where the website is hosted. If you wanted to create processes on the clients computer then you would need to expose a download for them (and not in employing subterfuge, like malign sites might do to install software - supply it gracefully, and normally (and with permission)), or a Silverlight application or something along those lines.
The bottom line is that the code you want to execute (even if that is just to spawn a process) must reside on the client, and be executed there.
You can't run an application from a web server like that. You will have to have the user download the application by supplying the EXE, a setup file or using ClickOnce.
Or you can develop an ActiveX control that you can have the browser automatically download from a Trusted Internet Zone.
Once downloaded, proper signing with a certificate (signed from the trusted (corporate) root certificate) will avoid the user getting a prompt to ask whether he wishes to allow the ActiveX control to install/be activated -
The ActiveX control can subsequently do anything the interactively logged on user could. This means that to actually install a program you'd need to elevate (UAC on Vista+); But if the goal was just to run a standalone executable, you should be good to go.
This all assumes white-hat purposes in a (larger) corporate setting, because it relies on PKI infrastructure and central browser policies, to name just two.**
This would, really, lead to some excellent questions on serverfault or superuser
I noticed you said you wanted to run an exe file on the client, but you didn't say explicitly that the exe is on the server and you want to push it to the client. Everyone seems to be assuming that is the case.
You CAN accomplish this fairly easily with a small JavaScript if you have a few prerequisites:
The executable is already present on the client machine.
All of your clients are running IE
You can enforce a policy to put your site in the Intranet or Trusted
Sites zone.
So basically this means it's a corporate intranet application. I am assuming this is probably the case since, well, if you were expecting to do this with a public app, I would be surprised.
For the script to accomplish this, please see my answer to this question:
How can I get a program on a client machine to run from an ASP.NET page?
I want to know how many users installed my software successfully.
But: I do not want to open a website link after installation.
The only way you could do this would be if your software had to be installed using some installer, and that installer "called home" to some server of yours as part of the installation process. But:
You have to have already set all of this up. If you've released your software already, it is too late ...
It is easy for someone to defeat measures like this; e.g. by disabling the machine's networking while installing the software. And a serious software pirate is likely to try to modify your installer to disable the "call home" code.
A lot of legitimate users of your software would consider "call home" during installation to be an invasion of their privacy. You are likely to get loud complaints and there's a risk of bad publicity that will damage your company's reputation.
As #Pierre 303 points out, recording information about people who (for example) install your software may be limited by privacy laws in your country.
You could use a WebRequest for a simple pingback.
int serial = 123456;
WebRequest request = WebRequest.Create(string.Format("http://yourserver.com/pingback.aspx?serial={0}", serial));
var response = request.GetResponse();
Call this on the first startup of your application and store a flag in registry to remember if the pingback is already send.
Note: It is usually not appreciated by end users to have applications silently "phone home". You should provide some kind of notification with an accept button.
If you don't want to open a website after the installation, you should consider using a custom function that will be called by either the installer after the installation is finished or by the application at startup.
That function would call the website silentely without opening a browser.
I'm working on an open source project that will help you in that task. I'll publish the link in a week or two in this answer.