OpenSSH for Windows configuration

Source: Internet
Author: User
Tags command access filezilla openssh server

1, download OpenSSH.

2, installation.
Installation is simple, just like other Windows software, double-click. Install to more than half, there will be a prompt box pops up, saying "must be set." /etc/passwd files can function properly openssh, see Readme.txt or Quickstart.txt files for details. "Do not worry about it, press OK to continue the installation." You can see the contents of the Quickstart.txt file when you are finished installing.


3, configuration.

First, open an MS-DOS terminal and enter the Openssh/bin directory. (After installing OpenSSH, found a few more common commands in Linux, such as: LS, mkdir, RM, chmod, chown, etc.)

Second, import the groups on the computer into the group file. There are two cases, the first is local and the second is in the domain. Run the-L and-D parameters separately. If you want to import both groups, you can run the-l parameter before running the-d parameter command.
Here is the original:
Use Mkgroup to create a group permissions file. For local groups, use the "-l" switch. For domain groups, use the "-d" switch.
For both domain and local, it's best-to-run the command twice (remember to use >>, not >). If both, make sure to edit the file to remove any duplicate entires.

Mkgroup-l >>. \etc\group This is the command to join the local group.
Mkgroup-d >>. \etc\group This is a command to join a domain group.

Third, import the user of the computer and its password into the passwd file. As with the above group, it is also divided into local and domain situations. If there is no information for the file or for importing the user. As the server, it will not be logged in, because there is no user!
Here is the original:
Use MKPASSWD to add authorized users into the passwd file. For local users, use the "-l" switch. For domain users, use the "-d" switch.
For both domain and local, it's best-to-run the command twice (remember to use >>, not >). If both, make sure to edit the file to remove any duplicate entires.

Mkpasswd-l [-u <username>] >>. \ETC\PASSWD This is the command to join the local user.
mkpasswd-d [-u <username>] >>. \ETC\PASSWD This is a command to join a domain user.

Note:to add users from a domain which is not the primary domain of the machine, add the domain name after the user name.
Note:ommitting The username switch adds all users from the machine or domain, including service accounts and the Guest AC Count.


Since my computer is at home, it's not a matter of domain, so I just need to run two commands. (Note that I am running in the Openssh/bin directory.) )

Mkgroup-l >>. \etc\group
Mkpasswd-l [-u <username>] >>. \etc\passwd


4. Start OpenSSH server.

net start opensshd

It is clear that the command to stop the OPENSSHD service is:

net stop opensshd

5, use.

Ssh-p Port User name @ host IP

Sftp-p Port User name @ host IP

Scp-p port User name @ Offset Host IP: file path.

Note: The port defaults to 22, so it is generally not necessary to add the-p parameter. To change the port, you can change it in Etc/sshd_config.

after installation, generate group and file can be simplified ssh operation

                          i.               generate group and PASSWD file (Note: parameter -l is native –d is the domain –u username is local / domain user name)

                                                        cd d:\svn\< Strong style= "Color:black; Background-color: #ffff66; " >openssh

                                                        mkgroup-l >> etc\group

mkpasswd-l >> etc\passwd

II. Enabling Services

to enable the Stop service command:

                                                       Enabled: net start opensshd

STOP:net stop opensshd

                       III.               ssh command Access SSH Server

                                                       In the Command Line window, enter ssh user name @ machine name Log in to the server, I log in at this machine, enter a command

                                                        ssh [email  protected]

                                                       Use ssh first connect a remote server, a message similar to the below appears.

                                                        the authenticity of host ' 10.0.0.1 ' can ' t be Established.

                                                        RSA key fingerprint is c6:d4:e7:23:03:ce:15:2c : 08:ec:39:7e:52:29:a5:a6.

is you sure want to continue connecting (yes/no)? Yes

This is because ssh does not recognize this host, and typing Yes will write information about the server to the /.ssh/known_hosts file, which will not appear the next time you connect to the remote server.

In Windows NT 4.0 ,/ home is in C:\WINNT\Profilesby default, but I finish installing view registry, /home The default value for the directory is " C:\Documents and Settings\administrator\" Start menu

Modify the registry and change it to D:\svn\OpenSSH\\home "

"Flags" =dword:0000000a

Change "native" to your own home/ home directory, this directory is the default login directory, such as user name:Administrator Then you enter the directory is /home/ Administrator(Note: To create the corresponding directory after changing the directory, and the directory of the user name to be created)

In order to match the above changes, some work has to be done: D:\svn\OpenSSH

MD Home

MD home\administrator

MD home\administrator\.ssh

4. Restart the server to check if the configuration is running properly

5. Advanced : Set based on key authentication method access, the above configuration login is using user name, password access, security is weak, if you want a higher degree of security, you can use key-based security authentication.

Note the process of configuring OpenSSH for Windows key authentication, memo
----------------------------------------------------------
1. Create a Windows user SSH dedicated to SSH remote login.
You can set the Prohibit SSH local login in the local security policy, but it is inconvenient for single-machine debugging.
----------------------------------------------------------
2. Generate user information. Here is the information generated for all users, of course, only specify the user SSH line
. \bin\mkgroup-l >>. \etc\group
. \bin\mkgroup-d >>. \etc\group
. \bin\mkpasswd-l >>. \etc\passwd
. \bin\mkpasswd-d >>. \etc\passwd
----------------------------------------------------------
3. Generate the home directory for user ssh
mkdir Home
CD Home
mkdir SSH
CD SSH
mkdir. SSH
----------------------------------------------------------
4. Modify the default home directory for the Cygwin environment
Windows Registry Editor Version 5.00

[Hkey_local_machine\software\cygnus solutions\cygwin\mounts V2\/home]
"Native" = "C:\\Program Files\\openssh\\home"
"Flags" =dword:0000000a
----------------------------------------------------------
5. Generate key
CD bin
mkdir keys
Ssh-keygen-t rsa-b 2048-f keys\rsa2048-c "This is passphrase hint"-n "This is passphrase"
mkdir Keys\.ssh
Cat rsa2048.pub > Keys\.ssh\authorized_keys
----------------------------------------------------------
6. Convert the above generated private to SSH client can use the format, here with putty, can be used Puttygen to Putty PPK format
----------------------------------------------------------
7. Set the OpenSSH to accept only key authentication.
An additional SFTP service is available here. Also, the strictmodes no option will tell OpenSSH not to check the user ssh's home directory for permission settings
Protocol 2
Port 22
Hostkey/etc/ssh_host_rsa_key
Permitrootlogin No
Permitemptypasswords No
Strictmodes No
Pubkeyauthentication Yes
Authorizedkeysfile. Ssh/authorized_keys
#IgnoreUserKnownHosts Yes
Passwordauthentication No
Usepam No
Useprivilegeseparation No
Maxstartups 10:30:60
Subsystem Sftp/usr/sbin/sftp-server
----------------------------------------------------------
8. Set up router NAT and software firewall
NAT sets a TCP packet that maps port 22nd.
The software firewall settings allow C:\Program Files\openssh\usr\sbin\sshd.exe to listen on TCP port 22.
----------------------------------------------------------
9. Basically almost, to enable or stop the OpenSSH service can be
net start opensshd
net stop opensshd
Enabled or stopped in Services.msc can also be
----------------------------------------------------------
Putty is also good for the middle end, is the Chinese is not good.
If you want SFTP, you can use WINSCP and FileZilla.
WinSCP and FileZilla to see and enter the Chinese directory name/file names no problem, but the copy and other operations Report server can not find a file error,
Maybe with OpenSSH for Windows Sftp-server.exe version of the low-related bar (3.x appearance)
Note The Cygwin environment maps Windows disks to/cygdrive/.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.