From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <920-082-4242@kylheku.com>
Received: from smtp-out-no.shaw.ca (smtp-out-no.shaw.ca [64.59.134.13])
 by sourceware.org (Postfix) with ESMTPS id 2BE873887016
 for <cygwin@cygwin.com>; Thu,  9 Apr 2020 00:17:59 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 2BE873887016
Received: from kylheku.com ([70.79.163.252]) by shaw.ca with ESMTPA
 id MKtIjt9HR62brMKtJjeDpH; Wed, 08 Apr 2020 18:17:58 -0600
X-Authority-Analysis: v=2.3 cv=LKf9vKe9 c=1 sm=1 tr=0
 a=95A0EdhkF1LMGt25d7h1IQ==:117 a=95A0EdhkF1LMGt25d7h1IQ==:17
 a=jpOVt7BSZ2e4Z31A5e1TngXxSK0=:19 a=IkcTkHD0fZMA:10 a=SMorJkV_YP8A:10
 a=cl8xLZFz6L8A:10 a=6HqDtAOVJbB4yl3i5loA:9 a=QEXdDO2ut3YA:10
Received: from www-data by kylheku.com with local (Exim 4.72)
 (envelope-from <920-082-4242@kylheku.com>)
 id 1jMKtI-00008q-5k; Wed, 08 Apr 2020 17:17:56 -0700
To: cygwin@cygwin.com
Subject: Re: Using ARM GNU GCC with Cygwin
X-PHP-Originating-Script: 501:rcmail.php
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8;
 format=flowed
Content-Transfer-Encoding: 8bit
Date: Wed, 08 Apr 2020 17:17:56 -0700
From: Kaz Kylheku <920-082-4242@kylheku.com>
Organization: Cygwin Mailing List
In-Reply-To: <5b9feca8-01c8-d2a2-f020-5350ebc51783@acm.org>
References: <a63033db-7f0f-cf87-3de9-f544f4aa320b@benjammin.net>
 <51717d4a9c861fd90b5f9a58b84b308a@mail.kylheku.com>
 <38a47b9b-f43a-3727-2205-f02f0dbd48d0@gmail.com>
 <867844f7772cbc73326eeb57b85a0ab8@mail.kylheku.com>
 <5b9feca8-01c8-d2a2-f020-5350ebc51783@acm.org>
Message-ID: <afc7a5bbca9805eba9b5bcbad9b4e409@mail.kylheku.com>
X-Sender: 920-082-4242@kylheku.com
User-Agent: Roundcube Webmail/0.9.2
X-CMAE-Envelope: MS4wfOmtpZLLho8smSOm7hz7o60nQ9McwCRgjH+8fa+F5E6spEadTfpPu23ikQpLnif9HJIpLeubjVJNOYJftPMrPUv47KOP1R+I3Kthq0Ln3yuIRGX6B0d3
 JJ8n4P+yWIjnBjyjtHCf2RNSorQWzPizQqsG+9LVdR5AuQCXTJI2sFjMtyiXDFiXe39eTBvlGykyZ4fN8c7BceWtMLcHDz0DCN4=
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,
 FROM_STARTS_WITH_NUMS, KAM_DMARC_STATUS, RCVD_IN_DNSWL_LOW, SPF_HELO_NONE,
 SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
 server2.sourceware.org
X-BeenThere: cygwin@cygwin.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Unsubscribe: <http://cygwin.com/mailman/options/cygwin>,
 <mailto:cygwin-request@cygwin.com?subject=unsubscribe>
List-Archive: <https://cygwin.com/pipermail/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-request@cygwin.com?subject=help>
List-Subscribe: <http://cygwin.com/mailman/listinfo/cygwin>,
 <mailto:cygwin-request@cygwin.com?subject=subscribe>
X-List-Received-Date: Thu, 09 Apr 2020 00:18:01 -0000

On 2020-04-08 13:58, David Rothenberger wrote:
> On 4/8/2020 1:50 PM, Kaz Kylheku via Cygwin wrote:
>> On 2020-04-04 11:58, Åke Rehnman via Cygwin wrote:
>> I have a major use case for Cygwin for providing remote access
>> to Windows. Using a non-Cygwin utility called "RunAsService.EXE",
>> I turned a Cygwin Bash script into a Windows service. This Bash
>> script loops around and makes a SSH connection to a host
>> in a domain that I control, setting up a tunnel for port 3389
>> (RDP). From that domain, I can then remote desktop into the
>> Windows system. Basically I can deploy this solution on any
>> Windows machine on any network where outbound SSH is allowed, and
>> have remote access to it.
> 
> You might want to look at the "autossh" Cygwin package. It handles
> exactly this use case and can be registered as a Windows service
> without any non-Cygwin utilities.

Hi David, thanks for bringing this to my attention.

That seems to use something called cygrunsrv, which is
what I should have used for that script (and will be sure
to do upon the next opportunity of using it again).

> Just look at
> 
>   /usr/share/doc/autossh/README.Cygwin
> 
> after you install the package for details about the service.
> 
> I've been using this for years for the purpose you've described and
> it's been working great.

I'm reading the documentation and basically my 25
line script has all the features, including exponential
backoff for restarting a failed connection.

I'm not terribly in favor of formal packages that can be
replaced by a shell scripts that fit into an 80x25 window.

Here it is:

#!/bin/bash

PATH=/bin:/usr/bin
THISDIR=/cygdrive/C/Cygwin/.ssh
DEST=xxxx@xxxx
sleep_exp=0

while true ; do
   time_before=$(date +%s)
   ssh -i $THISDIR/id_rsa -vv -R :3389:127.0.0.2:3389 \
     -o UserKnownHostsFile=$THISDIR/known_hosts \
     -o PasswordAuthentication=no \
     -o ServerAliveInterval=60 \
     -o ServerAliveCountMax=3 \
     $DEST rdp 2> /.ssh/log
   time_now=$(date +%s)

   if [ $(( time_now - time_before )) -le 600 ] ; then
     sleep_exp=$(( sleep_exp >= 9 ? sleep_exp : sleep_exp + 1 ))
   else
     sleep_exp=0
   fi

   sleep $(( ((1 << sleep_exp) + 15) / 16 ))
done

Why do we execute a command called "rdp" on the remote host?
Because the home directory of the account that is used has
the following shell script as its login shell:

#!/bin/bash

if [ $# -ne 2 ] || [ "$1" != "-c" ] ; then
   echo interactive login not permitted
   echo "$@" >> ~/.log
   exit 1
fi

case "$2" in
   rdp )
     while true ; do sleep 3600 ; done
     ;;
   * )
     echo that command is not allowed
     exit 1
     ;;
esac

This is necessary because the Windows machine has a password-unprotected
private key that it uses to log in to this.  The service automatically
starts if the Windows is rebooted, without requiring any password.
Anyone with access to the Windows machine (such as an IT admin)
who finds this stuff could use that key to SSH to that account on
that host.