Friday, January 12, 2007

Running a SSH server on Windows

This post is not essentially about software development but is about something I found very useful: having an ssh connection to the machines where I work.

SSH daemon in available in linux from the start and there are no big matters about it other than security issues.

Running an ssh server on a Windows machine is a little bit trickier. Thanks to the guys at Cygnus we have Cygwin, which is, as stated in their web site "a Linux-like environment for Windows".

This environment comes with a ssh server daemon which can be run as a service in Windows, allowing you to have ssh connections to your machine using any valid ssh client.

First step would obiously be to donwload and install Cygwin on your machine. You can find a quick reference on installing it under Windows.

There is an official document distributed with Cygwin on setting up a secure environment using ssh. You will find it entering the following commands on your cygwin prompt:

cd /usr/share/doc/Cygwin

less openssh.README

This document can also be found online and the tips below are intended to be a quick start guide.

So now that you have Cygwin installed, you should open your cygwin prompt and type:

ssh-host-config

The output should be something like this:

$ ssh-host-config
Overwrite existing /etc/ssh_config file? (yes/no) yes
Generating /etc/ssh_config file
Overwrite existing /etc/sshd_config file? (yes/no) yes
Privilege separation is set to yes by default since OpenSSH 3.3.
However, this requires a non-privileged account called 'sshd'.
For more info on privilege separation read /usr/share/doc/openssh/README.privsep.

Should privilege separation be used? (yes/no) yes
Generating /etc/sshd_config file

Host configuration finished. Have fun!

This should be enough to run the server daemon. Run one of the following two commands to start it.

net start sshd
cygrunsrv -S sshd

Check if the server is actually running:

$ ps -ef | grep ssh
SYSTEM 760 3508 ? 00:29:11 /usr/sbin/sshd

Now test if the connection was successfull:

$ ssh localhost
dambrosio@localhost's password:
Last login: Sat Jan 13 00:31:53 2007 from 192.168.1.1
Fanfare!!!
You are successfully logged in to this server!!!

There are a lot of security issues about ssh and remote connections. Read a bit more about the subject, and there is an interesting article which is a good starting point.

This other article will give you some hints on installing cygwin, setting it up as a service on Windows 2003 and some issues about security as well.

Remember:
ssh runs by default at port 22, so remember to open this TCP port on your firewall. You do have one, right? :)

No comments: