Skip to main content

Secure LAN-based remote PC control and administration

Project description

remctl

Secure, LAN-based remote PC control and administration.

remctl lets you control machines on your local network from the command line — lock, shutdown, execute shell commands with streaming output, transfer files, take screenshots, and check system status. All communication is authenticated using Ed25519 keys and encrypted with AES-256-GCM.

⚠️ Intended for your own trusted LAN devices only. remctl is not designed for Internet-facing use. Do not expose it via port forwarding or NAT.

Installation

pip install remctl

From source

# TODO: user adds PyPI API token via env var / twine config before publishing
git clone <repo-url>
cd remctl
pip install -e ".[dev]"

Quick Start: Pairing Walkthrough

remctl requires two-way trust: both the node and the controller must explicitly authorize each other.

On the target machine (the node)

# Show the node's fingerprint
remctl node pair --show

# Start the agent (background via service is recommended)
remctl node start

On the controlling machine

# Discover nodes on the LAN
remctl ctl discover

# Pair with a node (verify the fingerprint before confirming)
remctl ctl pair <node-ip>

# Show your own fingerprint for the node to trust you
remctl ctl pair-show

Back on the node (trust the controller)

# Trust the controller's public key (copy from the controller's output)
remctl node trust-controller /path/to/controller_identity.pub

Send commands

remctl ctl <target> status
remctl ctl <target> lock
remctl ctl <target> exec "whoami"
remctl ctl <target> screenshot -o screenshot.png
remctl ctl <target> push ./file.txt /remote/path/file.txt
remctl ctl <target> pull /remote/log.log ./log.log

Command Reference

Command Description
remctl node start Start the node agent in foreground
remctl node install-service Install as OS service
remctl ctl discover Discover nodes on LAN
remctl ctl pair <target> Pair with a node
remctl ctl <target> lock Lock the remote workstation
remctl ctl <target> shutdown --delay 60 Shutdown with optional delay
remctl ctl <target> restart Restart
remctl ctl <target> sleep Sleep/Suspend
remctl ctl <target> logout Log out current user
remctl ctl <target> closefocused Close active window
remctl ctl <target> exec <command> Execute shell command (streamed)
remctl ctl <target> status Show system status (CPU/mem/disk/uptime)
remctl ctl <target> screenshot -o out.png Capture screenshot
remctl ctl <target> push <local> <remote> Push file to node
remctl ctl <target> pull <remote> <local> Pull file from node
remctl ctl <target> cancel Cancel pending shutdown/restart

Security Model (Summary)

  • Identity: Ed25519 keypairs generated on first run.
  • Authentication: Two-way explicit pairing — both sides must trust each other.
  • Encryption: X25519 ECDH key exchange → AES-256-GCM, with forward secrecy.
  • Replay protection: Per-message sequence numbers + 30-second timestamp window.
  • Permission tiers: observe (status/screenshot), standard (commands + files), full (includes exec). Default: standard.
  • Audit log: All commands logged unredacted at ~/.remctl/audit.log.

See docs/SECURITY.md for the full threat model.

Configuration

All config files live in ~/.remctl/:

File Purpose
identity.key Private key (keep secure)
identity.pub Public key
known_nodes.json Paired nodes (ctl side)
known_controllers.json Trusted controllers (node side)
node_config.json Node settings (bind address, port, tiers)
audit.log Command audit log

Platform Support

Platform Status
Windows First-class
Linux Second-class (best-effort)
macOS Not yet implemented

Publishing to PyPI

python -m build
twine upload dist/*

The user must configure ~/.pypirc or set TWINE_USERNAME/TWINE_PASSWORD environment variables before running twine upload. No credentials are included in this repository.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

remctl-0.1.0.tar.gz (24.7 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

remctl-0.1.0-py3-none-any.whl (27.6 kB view details)

Uploaded Python 3

File details

Details for the file remctl-0.1.0.tar.gz.

File metadata

  • Download URL: remctl-0.1.0.tar.gz
  • Upload date:
  • Size: 24.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.14.6

File hashes

Hashes for remctl-0.1.0.tar.gz
Algorithm Hash digest
SHA256 4c74cde3382f3506cf9cf237eee8dfc3a404db26b1ff6a564298ecdc2e16c347
MD5 6be229d4a31d9afd69b7d24868423252
BLAKE2b-256 69ef6d4601ec56c20d880106c3cdc822cdd20a982df27b4bbcbeefa6738b4c01

See more details on using hashes here.

File details

Details for the file remctl-0.1.0-py3-none-any.whl.

File metadata

  • Download URL: remctl-0.1.0-py3-none-any.whl
  • Upload date:
  • Size: 27.6 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.14.6

File hashes

Hashes for remctl-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 25f5063adfcd57301728b6699f7771455a95891a165b1e9d47cc0755a36f2728
MD5 a66c4c22a34eaf32a31509190b072093
BLAKE2b-256 2d872e1aed67b23d20fb21e29d54573ee42d2152fed9df7fcccd2bf4e78cdf0b

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page