login about faq

Can Tectia Client (Broker) be run as Windows Service?

asked Jan 17 '11 at 11:53

SSH%20KB's gravatar image

SSH KB ♦
509250247238


Here's a information how to run Broker as Windows Service.

Please note that SSH does not officially support Broker running as a Windows Service. We have tested on Windows Server 2003 and Windows XP but this has been not tested on Windows 2000 and/or Windows Vista.

While we do not officially support the Client (Broker) running as a Windows Service, we are providing this information to those customers who may wish to run the Tectia Client as a Windows Service. Remember that we do not officially support this configuration, so if you should encounter problems, we may not be able to provide assistance to help resolve any issues related to that configuration.

The recommended way to run the broker as a service is to run it as a regular user account instead of something like the SYSTEM account. This allows for the user to be set up and test for things like proper public/user key setup, and can allow for use of some of our Connect secure features (as long as the 3rd party apps are run as the same user the service is running as).

User profile folder

Broker stores configuration files and keys for user and server authentication under %USERPROFILE%\Application Data\SSH folder.

When you run Broker as SYSTEM account, %USERPROFILE% folder will be:
Windows Server 2003: C:\Documents and Settings\Default User
Windows XP: C:\Documents and Settings\LocalService
Windows Vista/7: C:\Windows\system32\config\systemprofile

IMPORTANT Please do not run broker as SYSTEM process on Windows Server 2003 and place key files for user authentication under C:\Documents and Settings\Default User folder. Windows copies all files and folder under C:\Documents and Settings\Default User to newly create user's user profile folder. That means that public key pairs for user authentication will be copied and available to all newly created users. Please use Local Service or Network Service instead of SYSTEM account.

For non-interactive user authentication, you have to create and setup public key authentication with ssh-keygen-g3 command line tool. Please refer to the manual on how to set up public key authentication. Here is a link to the 6.0. documentation over public key authentication: http://www.ssh.com/support/documentation/online/ssh/winhelp/60/userauth-pk.html

Restrictions

  1. Broker does not stop when service stopped. You need to stop broker manually from "Task Manager".
  2. Broker does not capture packet from application running as SYSTEM account that means when the application is running as SYSTEM and broker is running as SYSTEM, you can not use "Transparent TCP tunneling", "Transparent FTP Tunneling" and "FTP-SFTP Conversion".

We do not recommend to run Broker as service. Instead, we recommend to use command line file transfer tools such as sftpg3 and scpg3 from script instead of running Broker as service.

Command line tools such as scpg3 and sftpg3 launches Broker if it is not running so you do not need to run broker as service or manually.

How to setup the broker to run as a service

You need srvany.exe to run Broker as Service. srvany.exe is included in "Windows Server 2003 Resource Kit Tools" which support both Windows Server 2003 and Windows XP.

Please see the Microsoft KB for updates or changes to these instructions. Here are some links to review:

http://support.microsoft.com/kb/251192

http://support.microsoft.com/kb/137890

srvany.exe can be downloaded from following link.

http://www.microsoft.com/downloads/details.aspx?familyid=9d467a69-57ff-4ae7-96ee-b18c4790cffd&displaylang=en

Configuration steps

  • Download and install "Windows Server 2003 Resource Kit Tools"
  • Open cmd.exe
  • Create Service with "sc.exe" command. sc.exe command is included in default Windows' installation. Following is a example of the command which creates Service which name is "Broker". Please type "sc create help" to check command syntax.

    sc create Broker binPath= "C:\Program Files\Windows Resource Kits\Tools\srvany.exe" start= auto

  • Run Registry Editor (Regedt32.exe) and locate the following subkey:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\My Service

Here, My Service is a service name of the service you have created. In above sc command example, subkey is: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Broker

  • From the Edit menu, click Add Key. Type the following and click OK:
Key Name: Parameters
Class : 
Select the Parameters key.
  • From the Edit menu, click Add Value. Type the following and click OK:
Value Name: Application
Data Type : REG_SZ
String : \

where <path>\<application.ext> is the drive and full path to the application executable including the extension (i.e., C:\Program Files\SSH Communications Security\SSH Tectia\SSH Tectia Broker\ssh-broker-g3.exe)

  • Close Registry Editor.

Now you can run Broker as service. By default, Broker runs as SYSTEM account so if you need to change account, please change it from Services console.

link

answered Jan 17 '11 at 13:13

SSH%20KB's gravatar image

SSH KB ♦
509250247238

edited Sep 20 '11 at 22:06

Martin%20Dobsik's gravatar image

Martin Dobsik
599126

This procedure, though not supported by Microsoft, has been verified to work on Windows Vista 32bit and Windows 7 64bit and 32bit.

(Sep 20 '11 at 22:07) Martin Dobsik Martin%20Dobsik's gravatar image
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or __italic__
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×60
×27
×5

Asked: Jan 17 '11 at 11:53

Seen: 8,339 times

Last updated: Sep 20 '11 at 22:07

All user contributed content licensed under the cc-by-sa license.
Powered by OSQA.