I have been trying alot of different solutions lately to run an SSH server on my Windows PC at home. One of the requirements was that it had to be a free solution. I came to the conclusion after trying a lot of different tools (which all turned out to have some issues) that the best solution is to stay with the trusted UNIX utilities and use Cygwin for setting up the SSH server.

Here’s an overview of how you install and configure the SSH server in Cygwin:

• Install Cygwin
• Be sure the openssh package is selected in the packages list
• After installing run the following command

$ ssh-host-config -y

• Output

Generating /etc/ssh_host_key
Generating /etc/ssh_host_rsa_key
Generating /etc/ssh_host_dsa_key
Generating /etc/ssh_config file
Privilege separation is set to yes by default since OpenSSH 3.3.
However, this requires a non-privileged account called ’sshd’.
For more info on privilege separation read /usr/share/doc/openssh/README.privsep
.

Should privilege separation be used? (yes/no) yes
Warning: The following function requires administrator privileges!
Should this script create a local user ’sshd’ on this machine? (yes/no) yes
Generating /etc/sshd_config file
Added ssh to C:\WINDOWS\system32\drivers\etc\services

Warning: The following functions require administrator privileges!

Do you want to install sshd as service?
(Say “no” if it’s already installed as service) (yes/no) yes
Which value should the environment variable CYGWIN have when
sshd starts? It’s recommended to set at least “ntsec” to be
able to change user context without password.
Default is “ntsec”. CYGWIN=tty

The service has been installed under LocalSystem account.
To start the service, call `net start sshd’ or `cygrunsrv -S sshd’.

Host configuration finished. Have fun!

• Installation is complete. Now run the SSH server:

$ net start sshd

• Output received:

The CYGWIN sshd service is starting.
The CYGWIN sshd service was started successfully.

• Test to see if it really works:

$ ssh 127.0.0.1

• Output received:

The authenticity of host ‘127.0.0.1 (127.0.0.1)’ can’t be established.
RSA key fingerprint is 73:52:45:46:c5:ce:09:06:af:7d:c2:73:86:01:3e:c0.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘127.0.0.1′ (RSA) to the list of known hosts.
Wouter Veugelen@127.0.0.1’s password:

Wouter Veugelen@veugelenw-pc ~
$ exit
logout
Connection to 127.0.0.1 closed.

• If you want your SSH connection to work through most firewalls, change the port it’s running on to 443 by editing sshd_config located in c:\cygwin\etc . Uncomment the port line and change it to Port 443

That’s it!

This entry was posted on Saturday, June 21st, 2008 at 11:23 am and is filed under Linux, Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.