OpenSSH for Windows

From Consultancy.EdVoncken.NET

On Unix systems, Secure Shell is the preferred way for secure communications. OpenSSH has been ported to the Windows platform, as "OpenSSH for Windows".

Contents 1 Download the software 2 Install OpenSSH for Windows 3 Configure the OpenSSH server 4 Configure your account 5 Start the Server 6 Log on to your account

Download the software

• OpenSSH
• OpenSSH for Windows

Install OpenSSH for Windows

• Download the installer (current version: setupssh381-20040709.zip) from the OpenSSH for Windows homepage
• Unpack the installer from the ZIP-file and install the application; leave all options at their default values

Configure the OpenSSH server

• Open a Command Prompt in the OpenSSH /bin directory (C:\Program Files\OpenSSH\bin) and create a group-file with Local and Domain groups:

 mkgroup -l >> ../etc/group
 mkgroup -d >> ../etc/group

Note: adding the Domain groups from Active Directory can take several minutes to complete - please be patient!

• Add your Domain account(s) to the OpenSSH environment:

 mkpasswd -d -u dom01234 >> ..\etc\passwd

• Check etc/passwd; if necessary, change the home directory to start with /home/:

 dom01234:unused_by_nt/2000/xp:132647:12463:Voncken, Ed,AD\dom01234,...:/home/dom01234:/bin/switch

• Check etc/sshd_config; ensure that the following settings are made:

 Port 22
 Protocol 2

 LoginGraceTime 2m
 PermitRootLogin without-password

 # This is sometimes needed, in case your authorized_keys file does not work.
 # "StrictModes yes" is better.
 StrictModes no

 PasswordAuthentication yes
 PermitEmptyPasswords no

 AllowTcpForwarding yes
 UsePrivilegeSeparation no
 PermitUserEnvironment yes
 Compression yes

Items in bold were changed from their defaults.

Configure your account

You will probably want to use public-key authentication instead of passwords.

Assuming that you already have a key-pair (on Unix), an authorized_keys file needs to be created on Windows.

• Create a .ssh directory under "C:\Documents and Settings\username\".
  You will need to use the command prompt; Windows Explorer refuses to create a directory that starts with a dot.

 cd "c:\Documents and Settings\dom01234"
 mkdir .ssh

• Copy your authorized_keys file into that directory

• Modify the Security properties on your authorized_keys file; give Read access to SYSTEM (OpenSSH runs under this account)

Start the Server

• Open a Command Prompt:

 > net start opensshd
 The OpenSSH Server service is starting.
 The OpenSSH Server service was started successfully.

Log on to your account

There a two ways of logging on to the SSH server:

1. authorized_keys; you do not need to type a password
2. password; type the Windows password for your account

If a key is not available, SSH automatically falls back to password authentication.