Secure LAN-based remote PC control and administration
Project description
remctl
Secure, LAN-based remote PC control and administration.
remctl lets you control machines on your local network from the command line —
lock, shutdown, execute shell commands with streaming output, transfer files,
take screenshots, and check system status. All communication is authenticated
using Ed25519 keys and encrypted with AES-256-GCM.
⚠️ Intended for your own trusted LAN devices only.
remctlis not designed for Internet-facing use. Do not expose it via port forwarding or NAT.
Installation
pip install remctl
From source
# TODO: user adds PyPI API token via env var / twine config before publishing
git clone <repo-url>
cd remctl
pip install -e ".[dev]"
Quick Start: Pairing Walkthrough
remctl requires two-way trust: both the node and the controller must explicitly
authorize each other.
On the target machine (the node)
# Show the node's fingerprint
remctl node pair --show
# Start the agent (background via service is recommended)
remctl node start
On the controlling machine
# Discover nodes on the LAN
remctl ctl discover
# Pair with a node (verify the fingerprint before confirming)
remctl ctl pair <node-ip>
# Show your own fingerprint for the node to trust you
remctl ctl pair-show
Back on the node (trust the controller)
# Trust the controller's public key (copy from the controller's output)
remctl node trust-controller /path/to/controller_identity.pub
Send commands
remctl ctl <target> status
remctl ctl <target> lock
remctl ctl <target> exec "whoami"
remctl ctl <target> screenshot -o screenshot.png
remctl ctl <target> push ./file.txt /remote/path/file.txt
remctl ctl <target> pull /remote/log.log ./log.log
Command Reference
| Command | Description |
|---|---|
remctl node start |
Start the node agent in foreground |
remctl node install-service |
Install as OS service |
remctl ctl discover |
Discover nodes on LAN |
remctl ctl pair <target> |
Pair with a node |
remctl ctl <target> lock |
Lock the remote workstation |
remctl ctl <target> shutdown --delay 60 |
Shutdown with optional delay |
remctl ctl <target> restart |
Restart |
remctl ctl <target> sleep |
Sleep/Suspend |
remctl ctl <target> logout |
Log out current user |
remctl ctl <target> closefocused |
Close active window |
remctl ctl <target> exec <command> |
Execute shell command (streamed) |
remctl ctl <target> status |
Show system status (CPU/mem/disk/uptime) |
remctl ctl <target> screenshot -o out.png |
Capture screenshot |
remctl ctl <target> push <local> <remote> |
Push file to node |
remctl ctl <target> pull <remote> <local> |
Pull file from node |
remctl ctl <target> cancel |
Cancel pending shutdown/restart |
Security Model (Summary)
- Identity: Ed25519 keypairs generated on first run.
- Authentication: Two-way explicit pairing — both sides must trust each other.
- Encryption: X25519 ECDH key exchange → AES-256-GCM, with forward secrecy.
- Replay protection: Per-message sequence numbers + 30-second timestamp window.
- Permission tiers:
observe(status/screenshot),standard(commands + files),full(includesexec). Default:standard. - Audit log: All commands logged unredacted at
~/.remctl/audit.log.
See docs/SECURITY.md for the full threat model.
Configuration
All config files live in ~/.remctl/:
| File | Purpose |
|---|---|
identity.key |
Private key (keep secure) |
identity.pub |
Public key |
known_nodes.json |
Paired nodes (ctl side) |
known_controllers.json |
Trusted controllers (node side) |
node_config.json |
Node settings (bind address, port, tiers) |
audit.log |
Command audit log |
Platform Support
| Platform | Status |
|---|---|
| Windows | First-class |
| Linux | Second-class (best-effort) |
| macOS | Not yet implemented |
Publishing to PyPI
python -m build
twine upload dist/*
The user must configure
~/.pypircor setTWINE_USERNAME/TWINE_PASSWORDenvironment variables before runningtwine upload. No credentials are included in this repository.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file remctl-0.1.0.tar.gz.
File metadata
- Download URL: remctl-0.1.0.tar.gz
- Upload date:
- Size: 24.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
4c74cde3382f3506cf9cf237eee8dfc3a404db26b1ff6a564298ecdc2e16c347
|
|
| MD5 |
6be229d4a31d9afd69b7d24868423252
|
|
| BLAKE2b-256 |
69ef6d4601ec56c20d880106c3cdc822cdd20a982df27b4bbcbeefa6738b4c01
|
File details
Details for the file remctl-0.1.0-py3-none-any.whl.
File metadata
- Download URL: remctl-0.1.0-py3-none-any.whl
- Upload date:
- Size: 27.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
25f5063adfcd57301728b6699f7771455a95891a165b1e9d47cc0755a36f2728
|
|
| MD5 |
a66c4c22a34eaf32a31509190b072093
|
|
| BLAKE2b-256 |
2d872e1aed67b23d20fb21e29d54573ee42d2152fed9df7fcccd2bf4e78cdf0b
|