OpenSSH for Windows configuration

Note that configuring the OpenSSH for Windows key authentication process, Memo
———————————————————-
1. Create a Windows user SSH dedicated to SSH remote login.
SSH Local login can be set in the local security policy, but it is not convenient to debug a single machine since then.
———————————————————-
2. Generate user information. Here is the information generated for all users, of course, only to specify the user SSH also line
. \bin\mkgroup-l >> \etc\group
. \bin\mkgroup-d >> \etc\group
. \bin\mkpasswd-l >> \ETC\PASSWD
. \bin\mkpasswd-d >> \ETC\PASSWD
———————————————————-
3. Generate User SSH home directory
mkdir Home
CD Home
mkdir SSH
CD SSH
mkdir. SSH
———————————————————-
4. Modify the default home directory for the Cygwin environment
Windows Registry Editor Version 5.00

[Hkey_local_machine\software\cygnus solutions\cygwin\mounts V2\/home]
"Native" = "C:\\Program Files\\openssh\\home"
"Flags" =dword:0000000a
———————————————————-
5. Generate key
CD bin
mkdir keys
Ssh-keygen-t rsa-b 2048-f keys\rsa2048-c "This is passphrase hint"-n "This is passphrase"
mkdir Keys\.ssh
Cat rsa2048.pub > Keys\.ssh\authorized_keys
———————————————————-
6. Make the above generation private SSH client can use the format, here with putty, can be used Puttygen into Putty PPK format
———————————————————-
7. Set the OpenSSH to accept only key authentication.
There is an additional SFTP service here. In addition, the Strictmodes no option will tell OpenSSH to not check the permissions settings of the user SSH home directory
Protocol 2
Port 22
Hostkey/etc/ssh_host_rsa_key
Permitrootlogin No
Permitemptypasswords No
Strictmodes No
Pubkeyauthentication Yes
Authorizedkeysfile. Ssh/authorized_keys
#IgnoreUserKnownHosts Yes
Passwordauthentication No
Usepam No
Useprivilegeseparation No
Maxstartups 10:30:60
subsystem Sftp/usr/sbin/sftp-server
———————————————————-
8. Set up router NAT and software firewall
NAT sets a TCP packet that maps to port 22nd.
Software firewall settings allow C:\Program Files\openssh\usr\sbin\sshd.exe to listen for TCP port 22.
———————————————————-
9. Basically almost, to enable or stop the OpenSSH service can
net start opensshd
net stop opensshd
It can also be enabled or stopped in Services.msc.
———————————————————-
Putty as the middle end is not bad, is Chinese difficult to do.
If you want to SFTP, you can use WINSCP and FileZilla.
WinSCP and FileZilla See and enter the Chinese directory name/file names are no problem, but copy and other operations Report server can not find a file error,
Maybe the sftp-server.exe version of the OpenSSH for Windows Band is low. (3.x)
Note Map Windows disks to/cygdrive/in the Cygwin environment.