With the WANFast client application,wfst, you can remotely log into a user account on a computer running the WANFast server application using the command:
wfst ServerNameOrIP
You can also specify an alternate account on the server using the command:
wfst AccountName@ServerNameOrIP
The server will use your public key to authenticate your identity, and determine whether you are allowed access to the specified account using the authorized_keys file associated with the account. All remote login activity is audited on both the client and server machines. Remote logins can be easily disabled on the server machine if not desired.
To exit your remote login, you can type "exit", or ^D (control D). If the remote server is not responding, you can break your connection and close the login by typing ^] -- that is control close bracket.
The WANFast client application also allows you to remotely run a command on an computer running the WANFast server application, with the output of the command returned back to you on your local machine. For example, running the following command to a remote Linux machine will print out a detailed status of the remote machine's network interfaces in your local command prompt.
wfst ServerAddressOrIP ifconfig
As with remote login, the command is run within the context of a user account on the remote server, including the account's PATH environment variable. The server will use your public key to authenticate your identity, and determine whether you are allowed access to the specified account using the authorized_keys file associated with the account. All remote command activity is audited on both the client and server machines. Remote commands can be easily disabled on the server machine if not desired.
The similar remote command on Windows looks like:
wfst ServerAddressOrIP ipconfig.exe
But note that there are some limitations with the initial version of WANFast remote login and shell when connecting to a Windows server, as explained below.
One common use for WANFast is for implementing scripts that run between machines on the WAN. Windows and Linux both support the ability to "pipe" the output of one command into the input for another command. WANFast allows you to connect this pipe between processes over the WAN. For example, on Linux the cat command copies the contents of one or more files to standard output. When used with the empty "-" option, it will copy standard input to standard output. Thus the command:
cat FileName | wfst ServerNameOrIP "cat - > RemoteFileName"
copies the contents of "FileName" on the local machine over a WANFast tunnel to the remote machine "ServerNameOrIP", where it is provided as standard input to the cat command, which deposits the data into the file "RemoteFileName". The double quotes are needed around the remote command so that the local shell will include the "> RemoteFileName" redirection of standard output as part of the remote command rather than implement it locally.
Options
Command line options let you control several aspects of the WANFast tunnel used for a remote shell or command, including encryption algorithm, maximum bandwidth used, logging, etc. The full set of available options can be found at wfst Client Command Syntax and Configuration Options.
Server Options
The most commonly used server options include:
- logins = false Disable remote logins into the server.
- commands = false Disable clients from running commands on the server.
- max-bandwidth = int Set the maximum bandwidth used for a WANFast session.
- encrypt-alg = alg Specify the encryption algorithm. If different than the client-specified algorithm, the stronger algorithm is used.
The full set of server options can be found at wfstd Daemon Command Syntax and Options.
Audit
Audit records are written on both the client and server for:
- Login
- Failed login
- Execution of a command
- End of login session
Current Limitations Running a Remote Login or Shell on a Windows Server
In the current implementation, the shell process on the server created by a remote login or shell to Windows is unable to create a child process.
For remote login: the shell (cmd.exe) that you run can only execute built-in commands and is unable to run an actual executable. The list of built-in commands includes: ASSOC, BREAK, CALL ,CD/CHDIR, CLS, COLOR, COPY, DATE, DEL, DIR, DPATH, ECHO, ENDLOCAL, ERASE, EXIT, FOR, FTYPE, GOTO, IF, KEYS, MD/MKDIR, MKLINK (vista and above), MOVE, PATH, PAUSE, POPD, PROMPT, PUSHD, REM, REN/RENAME, RD/RMDIR, SET, SETLOCAL, SHIFT, START, TIME, TITLE, TYPE, VER, VERIFY, VOL.
Note that during login to a Windows server, you will see the error message: Not enough storage is available to process this command. This is not a problem in that it will not interfere with your login session. But it appears to be related to the limitations described above.
For remote shell: you can run any command line executable -- e.g., one that does not raise a window -- but cannot pipe the data to another process. A list of command line programs can be found at https://ss64.com/nt/index.html. If you want to use remote shell to run a built-in command, then you will need to explicitly invoke the Windows shell, cmd.exe, using the /C options. For example:
wfst ServerNameOrIP cmd /c dir c:\Users\MyHomeDirectory
will display a directory listing of your home directory (replacing "MyHomeDirectory" with your actual account name, of course).
If your local machine is running Linux and the remote command is to be run on a Windows machine, you will need to double all backslashes as they are interpreted as a special character by your Linux shell. So when called from a Linux computer, the command above would need to be run as:
wfst ServerNameOrIP cmd /c dir c:\\Users\\MyHomeDirectory