OpenSSH for Windows configuration

1. Download OpenSSH and install.
The installation is simple, just like other Windows software, double-click it.

2. Configuration.

First, open an MS-DOS terminal and enter the Openssh/bin directory.

Second, import groups from the computer into the group file. Here are two things, the first is local, the second is in the domain. Run the-L and-D parameters, respectively. If you want to import both groups, you can run the-l argument and then run the-d parameter command.
The following is the original text:
Use Mkgroup to create a group permissions file. For local groups, use the "-l" switch. For domain groups, use the "-d" switch.
For both domain and local, it are best to run the command twice (remember to use >> not >). If use both, make sure to edit the ' file to ' remove any duplicate entires.
Mkgroup-l >> ... \etc\group This is the command to join the local group.
Mkgroup-d >> ... \etc\group This is a command to join a domain group.
(Note the path to the execution location)
Third, import the computer's users and their passwords into the passwd file. As with the above group, it is both local and domain. If you do not have the file or you have not imported the user's information. As a server, it will not be logged in.
The following is the original text:
Use MKPASSWD to add authorized users into the passwd file. For local users, use the "-l" switch. For domain users, use the "-d" switch.
For both domain and local, it are best to run the command twice (remember to use >> not >). If use both, make sure to edit the ' file to ' remove any duplicate entires.

Mkpasswd-l [-u <username>] >>. \ETC\PASSWD This is a command to join a local user.
mkpasswd-d [-u <username>] >>. \ETC\PASSWD This is a command to join a domain user.

Note:to Add users from Domain "is" primary domain of the machine, add the domain name after the user name.
Note:ommitting The username switch adds all users from the machine or domain, including service accounts and the Guest AC Count.

If your computer does not have a domain, just run two commands. (Note that I'm running in the Openssh/bin directory.) ）

Mkgroup-l >> ... \etc\group Mkpasswd-l [-u <username>] >>. \etc\passwd

4. Start OpenSSH server.
net start opensshd
Obviously, the command to stop the OPENSSHD service is:
net stop opensshd
5, use.
Ssh-p port user name @ opposite host IP
Sftp-p port user name @ opposite host IP
Scp-p port User name @ Offset Host IP: file path. Note: The port defaults to 22, so it is generally not necessary to add the-p parameter. To change the port, you can change it in Etc/sshd_config.

2, after the installation of the group and passwd files can be a simple SSH operation

I. Generate group and passwd files (Note: parameter-l is native –d for domain –u username to local/domain username)

CD D:\svn\openssh

Mkgroup-l >> Etc\group

Mkpasswd-l >> etc\passwd

II. Enabling services

Enable stop service command:

Enabled: Net start opensshd

Stop: net stop opensshd

Iii. after the above two steps are complete, SSH commands can be accessed to the SSH server.

In the Command Line window, enter the SSH username @ machine name Login server, I log on this machine, enter life

SSH Administrator@localhost

When you use SSH to connect to a remote SSH server for the first time, information similar to the bottom appears.

The authenticity of host ' 10.0.0.1 ' can ' t be established.

RSA key fingerprint is c6:d4:e7:23:03:ce:15:2c:08:ec:39:7e:52:29:a5:a6.

Are you sure your want to continue connecting (yes/no)? Yes

This is because SSH does not recognize this host, typing Yes will write information about this server to the/.ssh/known_hosts file, and this information will not appear the next time you connect to this remote server.

The following prompts may also appear on the Windows machine: Could not create directory '/home/administrator/.ssh '. This is due to directory/home/administrator/. SSH does not exist, in the following settings, will change the/home directory location and create a user directory

3, set/home (root directory):

In Windows /home and XP, the default is in C:\Documents and Settings; in Windows NT 4.0,/home defaults to C:\WINNT\ Profiles, but after I install the View registry, the default value for the/home directory is "C:\Documents and settings\administrator\" start "

Modify the registry and change it to D:\svn\openssh\home:

[Hkey_local_machine\software\cygnus solutions\cygwin\mounts V2\/home]

"Native" = "d:\\svn\\OpenSSH\\home"

"Flags" =dword:0000000a

Change "native" to your own/home directory, which is the default login directory, such as username: Administrator then the directory you enter is/home/administrator (note: To create a corresponding directory after changing the directory, And the directory of the username will also be created)

To cope with the changes above, you have to do some work: Create a home directory on the D:\svn\OpenSSH directory, user directory (for example, for administrator users)

CD D:\svn\OpenSSH

MD Home

MD home\administrator

MD home\administrator\.ssh

4, restart the server, check the configuration after the operation is normal 5, Advanced: Set based on key authentication approach, the above configuration login is the use of user name, password access, weak security, if you want a higher degree of security, you can use the security authentication based on the key.

To configure the OpenSSH for Windows key authentication procedure:
----------------------------------------------------------
1. Create a Windows user SSH dedicated to SSH remote login.
SSH Local login can be set in the local security policy, but it is not convenient to debug a single machine since then.
----------------------------------------------------------
2. Generate user information. Here is the information generated for all users, of course, only to specify the user SSH also line
. \bin\mkgroup-l >> \etc\group
. \bin\mkgroup-d >> \etc\group
. \bin\mkpasswd-l >> \ETC\PASSWD
. \bin\mkpasswd-d >> \ETC\PASSWD
----------------------------------------------------------
3. Generate User SSH home directory
mkdir Home
CD Home
mkdir SSH
CD SSH
mkdir. SSH
----------------------------------------------------------
4. Modify the default home directory for the Cygwin environment
Windows Registry Editor Version 5.00

[Hkey_local_machine\software\cygnus solutions\cygwin\mounts V2\/home]
"Native" = "C:\\Program Files\\openssh\\home"
"Flags" =dword:0000000a
----------------------------------------------------------
5. Generate key
CD bin
mkdir keys
Ssh-keygen-t rsa-b 2048-f keys\rsa2048-c "This is passphrase hint"-n "This is passphrase"
mkdir Keys\.ssh
Cat rsa2048.pub > Keys\.ssh\authorized_keys
----------------------------------------------------------
6. Make the above generation private SSH client can use the format, here with putty, can be used Puttygen into Putty PPK format
----------------------------------------------------------
7. Set the OpenSSH to accept only key authentication.
There is an additional SFTP service here. In addition, the Strictmodes no option will tell OpenSSH to not check the permissions settings of the user SSH home directory
Protocol 2
Port 22
Hostkey/etc/ssh_host_rsa_key
Permitrootlogin No
Permitemptypasswords No
Strictmodes No
Pubkeyauthentication Yes
Authorizedkeysfile. Ssh/authorized_keys
#IgnoreUserKnownHosts Yes
Passwordauthentication No
Usepam No
Useprivilegeseparation No
Maxstartups 10:30:60
subsystem Sftp/usr/sbin/sftp-server
----------------------------------------------------------
8. Set up router NAT and software firewall
NAT sets a TCP packet that maps to port 22nd.
Software firewall settings allow C:\Program Files\openssh\usr\sbin\sshd.exe to listen for TCP port 22.
----------------------------------------------------------
9. Basically almost, to enable or stop the OpenSSH service can
net start opensshd
net stop opensshd
It can also be enabled or stopped in Services.msc.
----------------------------------------------------------
Putty as the middle end is not bad, is Chinese difficult to do.
If you want to SFTP, you can use WINSCP and FileZilla.
WinSCP and FileZilla See and enter the Chinese directory name/file names are no problem, but copy and other operations Report server can not find a file error,
Maybe the sftp-server.exe version of the OpenSSH for Windows Band is low. (3.x)
Note Map Windows disks to/cygdrive/in the Cygwin environment.