A yak running remotely
I've encountered a few scenarios now where I need to perform different logic based on whether or not I am running locally or remotely. One scenario may be that I have just provisioned a new machine from a base image that has a generic bootstrap password and I need to change the root/admin password. If I do this in an SSH or WinRM/PowerShell session, it will likely kill the process I am running in (of course I could schedule it to happen later). Another scenario may be I'm about to install some Windows updates. I've blogged before about how this does not work over WinRM. So I know I will need to perform that action in a scheduled task.
Depending on your OS and the type of process you are living in (ruby, powershell, ssh, winrm, etc) there are different techniques to detect if you are remote or local and some are more friendly than others.
Detecting SSH
There are a couple ways I have done this. One is language independent. Its probably os independent too but I have only done this on Linux. There are a couple environment variables set in most SSH sessions so you may be able to simply check if that exists:
if ENV('SSH_CLIENT')
# your crazy remote code here
endI've run into problems with this though. Lets say you start a service in a SSH session. Now the process in that service has inherited your environment variables. So even if you logout and the process continues to run outside of the initial SSH context, using the above code will still trigger the remote logic.
Is the console associated with a terminal (tty)?
Most languages have a friendly way to determine if the console has a TTY. Check out this wiki that provides snippets for several different programming languages. Ive done this in ruby using:
if STDOUT.isatty puts 'I am remote...yo' end
Detecting a powershell remoting session
Note that WinRM or powershell remoting do not associate a TTY with the console like SSH does; so you need to take a different approach here. If you are lucky enough to be running in a powershell remoting session and NOT a vanilla WinRM session (these are similar but different), there is an easy way to tell if you are local or being invoked from a remote powershell session:
if($PSSenderInfo -ne $null) { Write-Output 'I am remote' }$PSSenderInfo contains metadata about one's remote session, like the winrm connection string.
Detecting a non-powershell winrm session
There are many reasons to dislike winrm and I regret to give you one more. I googled the "heck" out of this when I was trying to figure out how to do this and I assure you words much more harsh than "heck" flowed freely from my dry, parched lips. I found nothing. The solution I came up with was to search the process tree for an instance of winrshost.exe. All remote winrm sessions run as a child process of winrshost (god bless it).
Here is how you might do this in powershell:
function Test-ChildOfWinrs($ID = $PID) {
if(++$script:recursionLevel -gt 20) { return $false }
$parent = (Get-WmiObject -Class Win32_Process -Filter "ProcessID=$ID")
$parent = $parent.ParentProcessID
if($parent -eq $null) {
return $false
}
else
{
try {
$parentProc = Get-Process -ID $parent -ErrorAction Stop
}
catch {
return $false
}
if($parentProc.Name -eq "winrshost") {return $true}
else {
return Test-ChildOfWinrs $parent
}
}
}This function takes a process id but defaults to the currently running process's id if none is provided. It traverses the ancestors of the process looking for winrshost.exe. One thing I found I had to do to make this "safe" is watch the recursion level and don't become infinite. Your CPU will thank you. I wrote this a year ago and am trying to remember the exact situation but I do know that somehow I hit a situation here I got caught in a circular traverse of the tree.
Here is a ruby function I have used in chef to do roughly the same thing:
def check_process_tree(parent, attr, match)
wmi = ::WIN32OLE.connect("winmgmts://")
check_process_tree_int(wmi, parent, attr, match)
end
def check_process_tree_int(wmi, parent, attr, match)
if parent.nil?
return nil
end
query = "Select * from Win32_Process where ProcessID=#{parent}"
parent_proc = wmi.ExecQuery(query)
if parent_proc.each.count == 0
return nil
end
proc = parent_proc.each.next
result = proc.send(attr)
if !result.nil? && result.downcase.include?(match)
return proc
end
if proc.Name == 'services.exe'
return nil
end
return check_process_tree_int(wmi, proc.ParentProcessID, attr, match)
endThis will climb the process tree looking for any process you tell it to. So you would call it using:
is_remote = !check_process_tree(Process.ppid, :Name, 'winrshost.exe').nil?
Be careful with wmi queries and recursion. Every instance of the wmi search root creates a process. So I typically make sure to create one and reuse it.
I hope you have found this post helpful.