Thursday, June 23, 2011

Installing SSH server in Cygwin on Windows 7

The following steps document how to install SSH server in Cygwin on Windows 7.

Run the Cygwin setup.exe program, and install the openssh package.

If you wish to install sshd as a service, you should run the Cygwin terminal with administrator privileges. To do this, right click on Cygwin.bat and select "Run as administrator." When the User Account Control dialog box is displayed, click Yes. In the Cygwin terminal, type the following commands.

$ ssh-host-config 
*** Info: Generating /etc/ssh_host_key
*** Info: Generating /etc/ssh_host_rsa_key
*** Info: Generating /etc/ssh_host_dsa_key
*** Info: Generating /etc/ssh_host_ecdsa_key
*** Info: Creating default /etc/ssh_config file
*** Info: Creating default /etc/sshd_config file
*** Info: Privilege separation is set to yes by default since OpenSSH 3.3.
*** Info: However, this requires a non-privileged account called 'sshd'.
*** Info: For more info on privilege separation read /usr/share/doc/openssh/README.privsep.
*** Query: Should privilege separation be used? (yes/no) yes
*** Info: Updating /etc/sshd_config file

*** Warning: The following functions require administrator privileges!

*** Query: Do you want to install sshd as a service?
*** Query: (Say "no" if it is already installed as a service) (yes/no) yes
*** Query: Enter the value of CYGWIN for the daemon: []
*** Info: On Windows Server 2003, Windows Vista, and above, the
*** Info: SYSTEM account cannot setuid to other users -- a capability
*** Info: sshd requires.  You need to have or to create a privileged
*** Info: account.  This script will help you do so.

*** Info: You appear to be running Windows XP 64bit, Windows 2003 Server,
*** Info: or later.  On these systems, it's not possible to use the LocalSystem
*** Info: account for services that can change the user id without an
*** Info: explicit password (such as passwordless logins [e.g. public key
*** Info: authentication] via sshd).

*** Info: If you want to enable that functionality, it's required to create
*** Info: a new account with special privileges (unless a similar account
*** Info: already exists). This account is then used to run these special
*** Info: servers.

*** Info: Note that creating a new user requires that the current account
*** Info: have Administrator privileges itself.

*** Info: The following privileged accounts were found: 'cyg_server' .

*** Info: This script plans to use 'cyg_server'.
*** Info: 'cyg_server' will only be used by registered services.
*** Query: Do you want to use a different name? (yes/no) no
*** Query: Please enter the password for user 'cyg_server':
*** Query: Reenter:

*** Info: The sshd service has been installed under the 'cyg_server'
*** Info: account.  To start the service now, call `net start sshd' or
*** Info: `cygrunsrv -S sshd'.  Otherwise, it will start automatically
*** Info: after the next reboot.

*** Info: Host configuration finished. Have fun!

If you answer yes to install sshd as a service above, you can start the service now with the following command.

$ net start sshd
The CYGWIN sshd service is starting.
The CYGWIN sshd service was started successfully.

Testing

Try logging into locahost from the computer on which the SSH server was installed. If you choose to log in with a password, make sure you have set a Windows password for your account before testing. From a Cygwin shell, type the following.

$ ssh localhost

Troubleshooting

If you run into any problems, check the permissions of the following files and directories.

$ ls -ld /etc/passwd /etc/group /var /var/log/sshd.log /var/empty
-rw-r--r--  1 <user>     None 1089 Jan 01 00:01 /etc/group
-rw-r--r--  1 <user>     None 1072 Jan 01 00:01 /etc/passwd
drwxr-xr-x+ 1 <user>     root    0 Jan 01 00:01 /var
drwxr-xr-x+ 1 cyg_server root    0 Jan 01 00:01 /var/empty
drwxr-xr-x+ 1 cyg_server None    0 Jan 01 00:01 /var/log/sshd.log

If the permissions of these files look different from the above, run the following commands prior to the installation.

$ chmod +r  /etc/passwd
$ chmod u+w /etc/passwd
$ chmod +r  /etc/group
$ chmod u+w /etc/group
$ chmod 755 /var 
$ touch /var/log/sshd.log
$ chmod 664 /var/log/sshd.log

5 comments:

mallikarjuna said...

Administrator@IK-PC ~
$ ssh-host-config

*** Query: Overwrite existing /etc/ssh_config file? (yes/no) yes
*** Info: Creating default /etc/ssh_config file
*** Query: Overwrite existing /etc/sshd_config file? (yes/no) yes
*** Info: Creating default /etc/sshd_config file
*** Info: Privilege separation is set to yes by default since OpenSSH 3.3.
*** Info: However, this requires a non-privileged account called 'sshd'.
*** Info: For more info on privilege separation read /usr/share/doc/openssh/README.privsep.
*** Query: Should privilege separation be used? (yes/no) no
*** Info: Updating /etc/sshd_config file

*** Query: Do you want to install sshd as a service?
*** Query: (Say "no" if it is already installed as a service) (yes/no) yes
*** Query: Enter the value of CYGWIN for the daemon: []
*** Info: On Windows Server 2003, Windows Vista, and above, the
*** Info: SYSTEM account cannot setuid to other users -- a capability
*** Info: sshd requires. You need to have or to create a privileged
*** Info: account. This script will help you do so.

*** Info: You appear to be running Windows XP 64bit, Windows 2003 Server,
*** Info: or later. On these systems, it's not possible to use the LocalSystem
*** Info: account for services that can change the user id without an
*** Info: explicit password (such as passwordless logins [e.g. public key
*** Info: authentication] via sshd).

*** Info: If you want to enable that functionality, it's required to create
*** Info: a new account with special privileges (unless a similar account
*** Info: already exists). This account is then used to run these special
*** Info: servers.

*** Info: Note that creating a new user requires that the current account
*** Info: have Administrator privileges itself.

*** Info: The following privileged accounts were found: 'cyg_server' .

*** Info: This script plans to use 'cyg_server'.
*** Info: 'cyg_server' will only be used by registered services.
*** Query: Do you want to use a different name? (yes/no) no
*** Query: Please enter the password for user 'cyg_server':
*** Query: Please enter the password for user 'cyg_server':
*** Query: Please enter the password for user 'cyg_server':

mallikarjuna said...

i am unable to intall ssh-host-config

tsengf said...

mallikarjuna, ssh-host-config should be available after you have installed the OpenSSH package.

Unknown said...

Thanks, worked perfectly.
Here's a related issue.
In the past I have had conflicts in the config when adding it to a system that already had a user name of the special account from a previous attempt and also when there was also a correctly installed CygWin that had /etc/passwd & group configured correctly. I'm going to keep working at it since I have to install CygWin with sshd on 10-15 machines.
Thanks again for the article.
Costa

Unknown said...

amazing information...salam kenal dari saya.. blockwalking to visit :
http://ssh-windows.blogspot.com