A Windows SSH server

A Windows SSH server

A Windows SSH server 150 150 Roderick Derks

If you want to setup a SSH server on a Windows environment then this article should give you some answers. Use Cygwin: Cygwin is a Linux-like environment for Windows. This is very interesting for remote management of a Windows environment in a secure way. You can now also use Linux commands and that can save you a lot of trouble.

You can do the installation automaticaly, if you use the the package from http://sshwindows.sourceforge.net, or you can install Cygwin manually. This is just a quick howto install and configure SSHd for Cygwin.

Go to http://www.cygwin.com and download the Setup.exe. Select "openssh" from the "Net" selection and all the rest you want to install. After the installation start Cygwin and enter "ssh-host-config" to configure SSHd.

An example output:
user@cygwin /
$ ssh-host-config
Generating /etc/ssh_host_key
Generating /etc/ssh_host_rsa_key
Generating /etc/ssh_host_dsa_key
Generating /etc/ssh_config file
Privilege separation is set to yes by default since OpenSSH 3.3.
However, this requires a non-privileged account called 'sshd'.
For more info on privilege separation read /usr/share/doc/openssh/README.privsep

Should privilege separation be used? (yes/no) no
Generating /etc/sshd_config file

Warning: The following functions require administrator privileges!

Do you want to install sshd as service?
(Say "no" if it's already installed as service) (yes/no) yes

Which value should the environment variable CYGWIN have when
sshd starts? It's recommended to set at least "ntsec" to be
able to change user context without password.
Default is "ntsec".  CYGWIN=ntsec

The service has been installed under LocalSystem account.
To start the service, call `net start sshd' or `cygrunsrv -S sshd'.

Host configuration finished. Have fun!

We keep this simple, so select "use privilege separation" to no. What is privilege separation?
Privilege separation, or privsep, is method in OpenSSH by which operations that require root privilege are performed by a separate privileged monitor process.  Its purpose is to prevent privilege escalation by containing corruption to an unprivileged process.

This script creates a new service called "CYGWIN sshd".

Now we need to select, which users can connect our ssh server, some examples:
Add the local administrator to our passwd file:
$ mkpasswd.exe -l -u administrator >> /etc/passwd

Add all local users to our passwd file:
$ mkpasswd.exe -l >> /etc/passwd

If you want to add domain users, use mkpasswd –help to get more infos.

Now start the sshd service, enter: "sc query sshd" or use the MMC console to start Cygwin sshd.

To test it, fire up putty (connect to localhost):

login as: administrator
administrator@localhost's password:
Last login: Tue Jan 10 18:56:43 2006 from localhost
You are successfully logged in to this server

Roderick Derks

Liefhebber van fietsen, van het oplossen van IT puzzels, en van het delen van informatie om anderen te helpen.

All stories by:Roderick Derks

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

    Your Name (required)

    Your Email (required)


    Your Message

      Your Name (required)

      Your Email (required)


      Your Message