Remote Control Software (SSH alike)

Question

Hi,

I'm about to start a project for coding a remote control software for windows machines and I would like to start from the server side application. I need something like OpenSSH server because the main purpose of the program would be to provide http tunneling of the client through the server,something like proxy but more secure and with encryption. I have some experience mainly with a several unix-based daemons and clients in C++ or Python, but here I am facing with something bigger. My major problem for now is the tunneling part - I don't know how to do it and it's very important to implement. The clients should be able to surf the web through the server (like SSH tunneling) and i have no idea how this works. I would like someone to point me to some nice links where this is explainned well, or at least recommend me some books i should look up.

Thanks.

Answer 1

You don't describe the threat against which you want to provide security, so I'm going to assume that you want to prevent an attacker located between the client and server from reading and/or modifying the web traffic, and this is why you require encryption.

To do that, you don't need to write your own code. Instead, you can get what you need by running a HTTP proxy (such as squid) and an SSH server (such as openssh) on the server, and tunneling access to the HTTP proxy over SSH.

You would configure the HTTP proxy to accept connections only from "localhost", while the SSH server accepts connections from your client systems.

A nice description of how such a setup would be used from a Windows client can be found at http://kimmo.suominen.com/docs/proxy-through-ssh/ (It describes using such a setup to get into an intranet from the internet, but the principle is the same)

For security, you'll want to go through the SSH server configuration file and disable everything but port forwarding of the one specific port that's needed to access the HTTP proxy.

That's what you describe as "the main purpose" taken care of. If there are other things that you require the server to do on behalf of the clients, my suggestion would be to implement those as a separate application running on the server, with a HTTP interface (CherryPy is a simple way to do that in python) that clients can access via the HTTP proxy.

Answer 2

Not sure if this is what you need but I guess you could use a VPN. OpenVPN builds an encrypted vpn and you can configure it to send gateway (with DHCP) and routes you want to clients so you can redirect all client http traffic to the server you want though the encripted connection.

Doc. link if you need

Answer 3

You can run an OpenSSH server on Windows, e.g.: http://sshwindows.sourceforge.net/

Unfortunately that particular link points to a dead project with the latest release made in 2004. How many security updates were there since 2004? More than zero, I'm sure...