30
12/10
OpenSSH Server on Windows
It’s been a pipe dream of mine for a while now to setup an SSH server on Windows. I love the idea of SSH—RDP is great and I love it, but it’s always seemed counter-productive RDPing in only to open a command prompt, do one thing, and then log back out—but I love Windows more, and I certainly love having RDP/a GUI for some things; a pet peeve of mine is when I need to download a file to a remote Linux server, I invariably wind up downloading it locally (because a GUI-less server has no web browser FML) and then pushing it to the remote server with SCP, which takes a ridiculous amount of time (especially if the file is massive).
The problem with this is that all standalone SSH server software for Windows is terrible. I must’ve tried 5 different packages, and they’re all terrible. They just don’t do one thing or another. I’ve seen problems from the server stopping when I log out (even though it’s running as a Windows service) , to password login just not working, at all (inb4: People yelling about public/private key authentication).
So today I finally broke down and tried getting it to work ontop of CYGWIN as a CYGWIN Windows service (I think it’s great that CYGWIN wraps daemons into Windows services). Here’s how you do it:
- Download CYGWIN.
- Install CYGWIN. You’re going to want to install it for all users, and it doesn’t matter where you put it (by convention it should be installed in C:\cygwin\).
- You’re going to want to select these packages:
- OpenSSH
- zlib
In addition to the packages already selected. I also like to install vim (kind of useless SSHing in if you can’t edit text via the command line…) and OpenSSL (openssl s_client is beast), but that’s up to you.
- Finish the installer. If Windows Vista/7/Server 2008 complains to you about CYGWIN not installing properly, tell it to get out; it installed fine.
- Go start up your CYGWIN BASH shell. Start it “As Administrator” if you’re using an NT6.x-based OS (i.e. Vista/7/2008).
- Run these by typing them and then hitting ENTER:
- mkgroup -l > /etc/group
- mkpasswd -l > /etc/passwd
If you’re in a domain, also run these (these could very well take a while):
- mkgroup -d >> /etc/group
- mkpasswd -d >> /etc/passwd
These synchronize your Windows user information with CYGWIN.
- chmod +r /etc/passwd
- chmod u+w /etc/passwd
- chmod +r /etc/group
- chmod u+w /etc/group
These insure that the appropriate permissions are set on group and passwd.
- chmod 755 /var
- touch /var/log/sshd.log
- chmod 664 /var/log/sshd.log
This will setup permissions/files for OpenSSH Server’s logging.
- Now is the time to setup OpenSSH Server itself. Type “ssh-host-config” to run the OpenSSH Server configuration script. You’re going to want to answer with “yes” to everything with the exception of two questions:
- When it asks you what to change “CYGWIN” to in the service’s name. Just hit ENTER without typing anything.
- When it asks you if you want to change the name of the privileged user, answer “no“.
- If you want to change the server’s configuration, now is the time. Edit /etc/sshd_config if you want to do so. CYGWIN/OpenSSH Server do some weird things with the permissions for this file when it’s created, so you’ll have to—through Windows Explorer—take ownership of it and give yourself read/write permissions so you can alter the file.
- Back if your CYGWIN BASH shell, run “net start sshd” to start OpenSSH Server. You should now be able to use something like PuTTY—or even ssh from within your CYGWIN BASH shell—to SSH into your computer.
As they always say: “Pics or it didn’t happen!”
Here I am using PuTTY to log into OpenSSH Server running on my Windows Server 2008 R2 web server (the one that’s hosting this very blog!):
And here’s the bash.exe process running on the web server as the appropriate user:
