Windows SSH/SFTP Server

From Mage
Jump to: navigation, search

Yet another creation for the "Bret makes weird solutions happen" folder - the OpenSSH server package can be hosted inside a Windows machine to allow connectivity via ssh/scp/sftp. This only works because of the glory that is Cygwin. [1]

Installing the Software

  • Obtain the 32-bit or 64-bit Cygwin installer from their website (www.cygwin.com) as applicable.
  • Run the installer and select next at the setup launcher. As 90% of Windows installers look the same, I'm going to forego the screenshots and only document the setting to select on each page.
  • Choose A Download Source - Install from Internet
  • Select Root Install Directory - C:\cygwin (All Users)
  • Select Local Package Directory - Location where the installer will download packages to. Any temporary directory will work, I used a folder on my desktop.
  • Select Internet Connection - Direct Connection
  • Choose a Download Site - Any will work. Try to pick one that's geographically closer. I used ftp://mirror.cs.vt.edu/
  • Select Packages - In the search box, type OpenSSH. In the middle pane under All -> Net, click on OpenSSH once. If you click it twice, it will install a much older version. If you click it three times, it won't install it at all.
  • Resolving Dependencies - This window displays the base packages and the requirements of openssh. Ensure "Select required packages (RECOMMENDED)" is checked.
  • Let setup finish. Depending on the strain on the download site you selected, this could take from 1-30 minutes.


Configuring

  • Go to Start -> All Programs -> Cygwin. Right click on Cygwin Terminal and choose "Run as administrator". Things should start looking a bit more familiar at this point, as you've just launched a bash terminal.
  • In the terminal, run the command: ssh-host-config. This is the exact same as if run under Red Hat. If you see a warning about not having admin privileges, try the previous step again. Answer the following:

Should privilege separation be used? (yes/no) yes

New local account sshd? (yes/no) yes

Do you want to install sshd as a server? (yes/no) yes

Enter the value of CYGWIN for the daemon: [] (Do not enter anything. Simply hit enter.)

Do you want to use a different name? (yes/no) no

Create new privileged user account 'cyg_server'? (yes/no) yes

Please enter the password: (Enter any strong password for the local account)

  • At this point, sshd has created its server keys and Cygwin has inserted OpenSSH as a Windows service named "CYGWIN sshd" which is run as the user "cyg_server". Sshd is run via the C:\cygwin\bin\cygrunsrv.exe wrapper.
  • Type the following command to start the new OpenSSH service: net start sshd


User List

Because Windows has no /, Cygwin emulates a POSIX environment with the root of the drive being wherever you installed Cygwin. By default that's at C:\cygwin\. If you open the location in Windows explorer you can see that it contains a lot of typical Linux root dir directories. Windows also lacks the standard passwd/group files, and these too are used via Cygwin.

If you check the file C:\cygwin\etc\passwd, you'll notice that the entries for Windows are a bit different than the *nix entries. Windows doesn't use UID as a unique account identifier so OpenSSH elects to use Windows account SID values instead. There's a much easier way to add a new user than doing this data lookup by hand though.

Open C:\cygwin\bin\ in Windows Explorer. Hold down the shift key and right click on any white space in the explorer window to unlock some extra features in the Windows right click prompt. Select "Open command window here" from the list. You're now in a typical Windows cmd.exe, but in a directory with the included Cygwin applications. Some Linux commands work as expected here.

  • Generate the list of local server groups for OpenSSH by running the following command:

mkgroup -l >> ..\etc\group

We'll be using the mkpasswd command to add new users to /etc/passwd/. Just like in the Linux environment though, there are Local and Domain users. Mkpasswd does not know how to differentiate between the two and must have a flag passed to identify which account is which.

  • To add a local Windows user to the sshd passwd file, run this command substituting $username for the user's NTID:

mkpasswd -l -u $username >> ..\etc\passwd

  • To add a domain Windows user to the sshd passwd file, run this command substituting $username for the user's NTID:

mkpasswd -d -u $username >> ..\etc\passwd



Wonky

All this can really be useful for is enabling secure file transfers to Windows machines for free or some very basic bash scripting. It could also be good for confusing monitoring and making servers that will be mistaken for the other platform...

In the end it is not a path I would recommend for many reasons but the option is available if needed.