Installing SSH-server for Windows

Back to guide list

Telnet-like, but secure and encrypted remote connection server (Secure SHell) and secured ftp-like file-server (sftp / scp) available as free Open Source project, OpenSSH and running under Cygwin, Unix API for Windows.

This guide is partly based on the guide "How to install OpenSSH sshd server and sftp server on a Windows 2000 or Windows XP, but I think I could have done it myself.

This is a guide for those who want to run an SSH/SCP server under Windows for shell usage or file transfering or even running irssi under screen (yes, we're going to use cygwin to also get some traditionally *nix-only programs working under Windows. This should work under WinXP and Win2000 at least - apparently it's possible even under Win9x, but really... If you must use Windows, at least ditch that 9x! For machines not powerful enough for w2k or XP I recommend some light linux setup. Seriously.

Cygwin, uh? Any other solutions?

Yes there are, but let's face it - having a UNIX like subsystem just can't make Windows any worse. On the contrary, it's an improvement. And there are serious flaws in those other solutions - let me quote SSHWindows homepage (SSHWindows is a full Windows port of OpenSSH):

Windows Command prompt, eh? What a load of fun can one have in there with that humongous amount of console based tools, utilities and programs that exists for Windows? Yes, that's the problem and to my understanding it is the same for all other solutions - cygwin then again offers powerful UNIX like command line interface and loads of utilities that you can use to what you ever would want (except graphics). And as it is one of the most common usages of shell accounts I've seen to run irssi on the server - well, there is no screen nor irssi for Windows command prompt available.
NOTE! There might be one positive exception in commercial SSH-servers: Bitvise WinSSHD. It has a nice (and unnecessary, imho) GUI for setting things up, but apparently you can set the shell that remote user will have - it defaults to cmd.exe, which is that sad Windows command prompt, but you could install 4NT, powerful replacement for cmd.exe (4NT is a Windows folower of the legendary DOS command.com replacement, 4DOS) or preferrably still install cygwin and set it's default start-up program as shell.
Of course you will have to pay for WinSSHD while you could spend a little time and get your server setup in a short while for free and all by yourself.

I've heard rumours that there are some commercial closed source programs for just this purpose, but with free and excellent unix solution, OpenSSH, that can be also installed on Windows - well, why bother with those closed source solutions that may even cost a lot.

The ssh server is an emulation of the UNIX environment and OpenSSH for Windows, by Redhat, called cygwin. - This is why we are now able to run UNIX based programs (not all of them) under windows and even remotely. This is important also because SSH is a text based connection and for a reason that I dont understand Windows doesn't really have much of them and even simplest programs are built graphical - like irc-clients that really don't need graphics at all.

1. What is needed

You need to install cygwin - there is couple options:

• Cygwin
• Cygwin/X

From these two options available, plain Cygwin is enough to get Secure Shell Server and SCP file transfer server up and running, but personally I installed Cygwin/X, because it has other features I'll wan't, like X-server (the base of most known UNIX graphical desktop system) and with that a possibility to run also graphical Cygwin ports of UNIX programs and even through SSH X11-forwarding running graphical programs from remote computer through SSH on my screen. If you need anything like that, take Cygwin/X instead of plain Cygwin. If you're not sure you might wan't to study those sites.
Although to get this SSH server we're working on running you can pick any one of the two I might still recommend Cygwin/X for many reasons - one of them beeing that really good "Cygwin/X User's Guide" on their page.

Now create a directory C:\cyginstall\ and download the cygwin.exe from any of those two sites - and place it to the directory you created. We are going to start.

2. Installing cygwin

Note! You must be logged in as user with administrator priviledges. Make sure that your account (the one with administrator privilidges) has a Windows password set (many windows users for some reason don't have). If it is not, go to Control Panel and select User Accounts and make yourself a password.

• Now run 'cygwin.exe' - with it we install all possible programs that we could need. Do note that cygwin's setup.exe can be used to add or delete or reinstall cygwin packages after initial installation, so it's not a must to browse through them all to be sure that you get all the fine tools and programs you need - but be sure to install those mentioned here, as they are vital for succeeding. In the end I'll give you hints on what else you can do with cygwin.

• On the welcoming screen, click "Next", then choose, "Install from Internet" on next screen (note, the installer will still download all packages to install to your harddisk). Click "Next" to move on.

• 
  Set Root Directory to "C:\cygwin", Install For All Users and set Default Text File Type to Unix. Note that the install directory will show later as root directory / under cygwin. Then continue with "Next".

• Cygwin asks for Local Package Directory, the place where the installation packages should be saved to. It should default to the directory where you started setup.exe from, so it should be fine. Click "Next".

• Now the setup is asking "Select Your Internet Connection". Today mostly the "Direct Connection" will be the right choise, but if have to access internet through proxy, then choose your proxy setup. Sorry, I don't have an idea of when the "Use IE5 Setup" - maybe with telephone connections or if you don't know your proxy settings, but IE has them configured correctly?
  Korjaus:
  The IE5 method will leverage your IE5 cache for performance

• Now the installer will ask for the mirror site to download packages from. Be advised that this will download and install hundreds of megabytes to your computer. I choosed finnish server, ftp.funet.fi... Click "Next" to proceed, wait a second and you'll get a screen with list of possible packets.

• On the next screen you will select the packages that will be downloaded and installed. If you have already installed cygwin before and are now re-installing it (adding packets to it I would guess). On the package list you will see a loads of packages that are marked to be installed or skipped. Here's lists of what you NEED to install, what I recommend to install and what you should install if you want to use X-Window Managers on top of default Windows UI. Note, you must install the "Absolutely needed" packages - for the others, it's up to you.

  NOTE! click the little View-button in the upper right corner of the screen to get an aplhapetical listing of all packages, so you can find them easy. Note, selecting one package may actually automatically select several - that's ok, it's because the selected package depends on those others.

  
  

  Packages marked with "Skip" are skipped and not installed - clicking that text will change the package to be installed or back to skipped. Note the two boxes on second and third column - the first one tells that the binaries for this pack will be installed, the second that sourcecode package wont - click the box if you want to change that, but it won't be needed unless I specifically mention about it.. Do NOT disable installing of items already selected for installing, for setup.exe has already chosen those needed for minimal installation!

  • Absolutely needed pack's!
    • inetutils - Common networking utilities and servers
    • openssh - The OpenSSH server and client programs
    • tcp_wrapper - Wrappers to provide host-based access restrictions on tcp services
    • zlib - the zlib compression and decompression library
  • Packet's that are not needed for just setting up SSH server, but you might want them if you want to use cygwin to run other *nix applications / work in *nix like environment under Windows.
    • cygwin-x-doc - Cygwin/X-specific documentation
    • xpdf - Simple pdf-reader that runs under X
    • joe - a nice little text editor
    • mc - Midnight Commander, norton like filesystem explorer (console based)
    • nano - another text editor, clone of pico
    • ImageMagick - superb command-line image-file manipulation tools
    • opengl - OpenGL related libraries
    • rxvt - VT102 terminal emulator for X and Windows (recommended, provides better commandline than the default cygwin executable
    • util-linux - Random Linux utilities
    • file - Determines file type using 'magic' numbers
    • links - Text mode web browser
    • wget - Command line tool to download files via HTTP and FTP
    • openbox - Window manager to run on top of X server
    • xorg-x11-f100 - Cygwin/X 100 dpi fonts
  • Packet's I preferred to include for other reasons - you don't have to worry about these if you don't understand what they are.
    • unzip - zip & unzip are commandline tools for making and extracting .ZIP-archives
    • zip
    • binutils - tools maybe necessary for compiling programs from sourcecode to cygwin binaries
    • gcc - C/C++ compiler
    • make - another development tool necessary for compiling programs

  tcp_wrappers provides host-based access control.
  zlib is the compression and decompression library that is used by a lot programs.

  Now, after selecting the necessary 3 packages and possibly some of the others I personally selected you might want to check if there's anything else you might want - but don't worry about forgetting something, you can always add or remove packets by running setup.exe again.
  When ready, continue with clicking "Next".

• The setup will now start downloading and installing - this will take some time, so take a little break.

3. Configuring Windows environment variables for Cygwin

• Right click My Computer, Properties, Advanced, Environment Variables (in finnish windows: Oma Tietokone, Ominaisuudet, Lisäasetukset, Ympäristöasetukset).
• Click the "New" new button to add a new entry to System variables:
  • Variable name: CYGWIN
  • Variable value: ntsec tty
• Select variable Path and click "Edit" - append ;c:\cygwin\bin to the existing value (see screenshot at right)

• Start up Cygwin's command window and run command ssh-host-config from it.
• The script will ask you some questions. Here's what you should answer:
  • "priviledge separation" - "yes"
  • "create local user sshd" - "yes"
  • "install sshd as a service" - "yes"
  • "CYGWIN=" - "ntsec tty"

What is ntsec and tty

tty is an environment variable used by cygwin to make it work properly with editors such as pico and nano.
Without it (the default case), you won't be able to insert characters.

ntsec is an environment variable used by cygwin to instruct cygwin to use Windows' security rules for controlling users' access to files and other operating system facilities.
For a detailed explanation of ntsec see this page
http://cygwin.com/cygwin-ug-net/ntsec.html

Make sure that every Windows user has a password set. If not, go to Control Panel, User Accounts and create a password.

Now, under Cygwin command prompt (most likely bash shell) type these commands:

If your XP logs on to a domain, you most likely have to edit /etc/group by hand. This outside webpage has a short and simple guide for it: Cygwin passwd and group.

About mkpasswd and mkgroup tools

The mkpasswd program can be used to help configure your Windows system to be more UNIX-like by creating an initial /etc/passwd from your system information. Its use is essential on the NT series (Windows NT, 2000, and XP) to include Windows security information, but the actual passwords are determined by Windows, not by the content of /etc/passwd.

For more information, see this page http://cygwin.com/cygwin-ug-net/using-utils.html#mkpasswd.

The mkgroup program can be used to help configure your Windows system to be more UNIX-like by creating an initial /etc/group. Its use is essential on the NT series (Windows NT, 2000, and XP) to include Windows security information.

For more information, see this page http://cygwin.com/cygwin-ug-net/using-utils.html#mkgroup.

Try the following commands to check if Cygwin is working and ssh up and running well:

Succeeded in test connection? If you did see a directory listing after 'ls /cygdrive/c', then you have succeeded!
If you have a Unix system that does not know what to do with TERM cygwin, add these scripts to .login.
If you have troubles ssh into the server, try run ssh-user-config.

Please, do use your own username on the commands instead of touhis and robsku. If your windows username has a space, you can write it in two ways. Here's a couple example commands: ssh mikko\ kuustonen@127.0.0.1 or ssh "mikko kuustonen@127.0.0.1". According to one of the webpages I read while setting this up myself if you get this error message: "ssh-exchange-identification: Connection closed by remote host" - it's propably caused by McAfee 8.0i.

Manage other Windows user accounts using the Control Panel, User Accounts.
After creating and/or removing Windows user accounts open a cygwin commandline and run following commands to set the Windows user accounts to Cygwin too:

Do note that users able to log in through ssh will be able to move to just about any directory.

Removing users ssh account while keeping the Windows username active

You might not want all persons with user-account for your Windows to have access right to the SSH-server. It is easy to disable. If you want to remove SSH-access from username "leetd00d", just open file /etc/passwd with a text editor (eg. nano) and remove the line that starts with the username (leetd00d).