Set up sshd service through cygwin in Windows

From: http://hi.baidu.com/angivo/blog/item/7f43bef5ade0e42fbc3109f7.html

Reprinted: http://hi.baidu.com/qiraosky/blog/item/35a7f144d9f3488ab3b7dc2e.html

Copyright belongs to the original author.

 

 

 

The sshd service is a secure connection that allows you to access the command line interface on the server. Windows does not provide this service, so we can install it through cygwin.

Install cygwin

First install cygwin. The installation time is 2006-10-8, And the cygwin dll version is 1.5.21-1. In addition to the default software packages, the following software packages are added.

• Admin
  • Cron-3.0.1-19
  • Cygrunsrv-1.17-1
  • Shut down-1.7-1
  • Syslog-ng-1.6.11-1
• Archive
  • Unzip-5.50-5
  • Zip-2.3-6
• Devel
  • Subversion-1.3.2-1
• Editors:
  • Vim-7.0.076-1
• Interpreters
  • Gawk-3.1.5-4
  • Perl-5.8.7-5
  • Expat-1.95.8-1
• Libs
• Net
  • Lftp-3.5.1-1
  • Openssh-4.4p1-1
  • Openssl-0.98d-1
  • Openssl097-0.9.7l-1
  • Ping-1.0-1
  • Netcat-1.10-2
• Shells
  • Ash-20040127-3
  • Bsah-3.1-9
  • Bash-completion-20060301-1
  • Mc-4.6.1-2
• Utils
  • Patches-2.5.8-8
  • Time-1.7-1
• Web
  • Wget-1.10.2-1

Install

Log on as an administrator, start the cygwin command line, and execute the following command.

$ ssh-host-config
Generating /etc/ssh_host_key
Generating /etc/ssh_host_rsa_key
Generating /etc/ssh_host_dsa_key
Generating /etc/ssh_config file
Privilege separation is set to yes by default since OpenSSH 3.3.
However, this requires a non-privileged account called 'sshd'.
For more info on privilege separation read /usr/doc/openssh/README.privsep.

Shall privilege separation be used? (yes/no) yes
Warning: The following function requires administrator privileges!
Shall this script create a local user 'sshd' on this machine? (yes/no) yes
Generating /etc/sshd_config file
Added ssh to /cygdrive/c/WINDOWS/system32/drivers/etc/services

Do you want to install sshd as service?
(Say "no" if it's already installed as service) (yes/no) yes

Which value should the environment variable CYGWIN have when
sshd starts? It's recommended to set at least "ntsec" to be
able to change user context without password.
Default is "ntsec".  CYGWIN=binmode ntsec tty

The service has been installed under LocalSystem account.
To start the service, call `net start sshd' or `cygrunsrc -S ssdh'.

Host configuration finished. Have fun!

Configure sshd

In cygwin's command line, enter the following command:

$ cd /etc
$ chmod 666 sshd_config
$ vi sshd_config

Modify the following configurations of sshd_config.

Permitrootlogin no # disable root logon
Strictmodes yes # cygwin = ntsec Security Configuration
RhostsRSAAuthentication no # disable rhosts Authentication
IgnoreRhosts yes # disable rhosts Authentication
Passwordauthentication no # Password Authentication prohibited
Challengeresponseauthentication no # Password Authentication prohibited
Permitemptypasswords no # disable empty password User Login

Finally, modify the sshd_config permission to 644.

$ chmod 644 sshd_config

Start the sshd server.

$ cygrunsrv -S sshd

Generate public key and key

Since the above settings only allow key authentication, We need to generate a pair of public keys and keys for our users.

Run the following command on cygwin console to generate the public key and key of SSH1.

$ Ssh-keygen-T rsa1
Generating public/private rsa1 key pair.
Enter file in which to save the key (/home/charlee/. Ssh/identity ):
Enterpassphrase (empty for no passphrase): enter the password
Enter same passphrase again: enter the password again
Your identification has been sabed in/home/charlee/. Ssh/identity
Your public key has been saved in/home/charlee/. Ssh/identity. Pub

In a similar way, use the following command to generate the public key and key of SSH2.

$ ssh-keygen -t rsa
$ ssh-keygen -t dsa

Import the public key to the authenticated public key:

$ cd .ssh
$ cat identity.pub >> authorized_keys
$ cat id_rsa.pub >> authorized_keys
$ cat id_dsa.pub >> authorized_keys

Because strictmodes yes is used in the configuration of/etc/sshd_config, to modify the directory permission, run the following command.

$ chmod 755 /home/charlee

Then, copy the Key Identity, id_rsa, and id_dsa files to the client in some way. The client I use is Linux, so you only need to copy the three files to the $ home/. Ssh directory of the client.

Log on to the server. InClientEnter the following command to log on to the server.

$ ssh 192.168.0.2

FAQs

Update

Q: cygrunsrv-s sshd cannot be started. Report

cygrunsrv: Error starting a service: QueryServiceStatus: Win32 error 1062:
The service has not been started.

A: Probably the permission settings for/var/log are incorrect. Run mkpasswd and mkgroup to regenerate the permission information, delete the sshd service, and reconfigure it:

$ mkpasswd -l > /etc/passwd
$ mkgroup -l > /etc/group
$ cygrunsrv -R sshd
$ ssh-host-config -y
$ cygrunsrv -S sshd

Q: What should I do when I use the public key to log on?

A: You can view the error message generated by sshd in Windows event logs (my computer-> right-click-> Manage-> Event Viewer. A common problem is that the. Ssh/authorized_keys permission is set incorrectly. The file must be set to 0644 to log on normally.

######################################## ##################################
Problems I encountered
Why cannot sshd be enabled?
Solution: follow the instructions above.
1) Assign permissions to/var/log Directories
2) execute user ing
3) Delete the sshd service
4) configure the sshd service
5) Enable the sshd service

1) Assign permissions to/var/log Directories
Administrator @ 8a0dbeec9a074e1/var
$ LS-rlat log
Total 7284
Drwxr-XR-x 1 administrator administrators 0 Oct 23 Apache
Drwxr-XR-x 1 administrator administrators 0 Oct 23 :55 apache2
Drwxrwxrwx 1 System Administrators 0 Oct 23 Exim
Drwxr-XR-x 1 administrator administrators 0 Oct 24 20:06 squid
-Rwxrwxrwx 1 administrator none 0 Oct 24 20:48 setup. log. postin
Stallxa05528
-Rwxr -- r -- + 1 administrator none 0 Oct 26 08:36 wtmp
-RW-r -- + 1 administrator none 0 Oct 26 08:37 messages
Drwxr-XR-x 1 administrator administrators 0 Oct 26 ..
-RW-r -- 1 administrator none 0 Oct 26 11: 20 last
-RW-r -- 1 administrator none 1257 Oct 26 setup. log. Full
-RW-r -- 1 administrator none 7449455 Oct 26 setup. Log
Drwxrwxrwx + 1 administrator administrators 0 Oct 27.
-RW-r -- 1 System Administrators 1050 Oct 28 :37 sshd. Log

Administrator @ 8a0dbeec9a074e1/var
$ Chown administrator: Administrators/log

Administrator @ 8a0dbeec9a074e1/var/log
$ LS-rlt
Total 7284
Drwxr-XR-x 1 administrator administrators 0 Oct 23 Apache
Drwxr-XR-x 1 administrator administrators 0 Oct 23 :55 apache2
Drwxrwxrwx 1 System Administrators 0 Oct 23 Exim
Drwxr-XR-x 1 administrator administrators 0 Oct 24 20:06 squid
-Rwxrwxrwx 1 administrator none 0 Oct 24 20:48 setup. log. postin
Stallxa05528
-Rwxr -- r -- + 1 administrator none 0 Oct 26 08:36 wtmp
-RW-r -- + 1 administrator none 0 Oct 26 08:37 messages
-RW-r -- 1 administrator none 0 Oct 26 11: 20 last
-RW-r -- 1 administrator none 1257 Oct 26 setup. log. Full
-RW-r -- 1 administrator none 7449455 Oct 26 setup. Log
-RW-r -- 1 System Administrators 1050 Oct 28 :37 sshd. Log

Administrator @ 8a0dbeec9a074e1/var/log
$ Chown-r administrator: Administrators *
Administrator @ 8a0dbeec9a074e1/var/log
$ LS-RTL
Total 7284
Drwxr-XR-x 1 administrator administrators 0 Oct 23 Apache
Drwxr-XR-x 1 administrator administrators 0 Oct 23 :55 apache2
Drwxrwxrwx 1 administrator administrators 0 Oct 23 Exim
Drwxr-XR-x 1 administrator administrators 0 Oct 24 20:06 squid
-Rwxrwxrwx 1 administrator administrators 0 Oct 24 20:48 setup. log. postin
Stallxa05528
-Rwxr -- r -- + 1 administrator administrators 0 Oct 26 wtmp
-RW-r -- + 1 administrator administrators 0 Oct 26 messages
-RW-r -- 1 administrator administrators 0 Oct 26 :20 lastlog
-RW-r -- 1 administrator administrators 1257 Oct 26 setup. log. Full
-RW-r -- 1 administrator administrators 7449455 Oct 26 setup. Log
-RW-r -- 1 administrator administrators 1050 Oct 28 sshd. Log

Administrator @ 8a0dbeec9a074e1/var/log

Administrator @ 8a0dbeec9a074e1/var/log
$ Cd ~

2) execute user ing
Administrator @ 8a0dbeec9a074e1 ~
$ Mkpasswd-L>/etc/passwd

Administrator @ 8a0dbeec9a074e1 ~
$ Mkgroup-L>/etc/group

3) Delete the sshd service
Administrator @ 8a0dbeec9a074e1 ~
$ Cygrunsrv-r sshd

4) configure the sshd service
Administrator @ 8a0dbeec9a074e1 ~
$ Ssh-host-config-y
* ** Query: overwrite existing/etc/ssh_config file? (Yes/No) Yes
* ** Info: Creating default/etc/ssh_config File
* ** Query: overwrite existing/etc/sshd_config file? (Yes/No) Yes
* ** Info: Creating default/etc/sshd_config file
* ** Info: Privilege Separation is set to yes by default since OpenSSH 3.3.
* ** Info: However, this requires a non-privileged account called 'sshd '.
* ** Info: for more info on Privilege Separation read/usr/share/doc/OpenSSH/read
Me. privsep.
* ** Query: Should Privilege Separation be used? (Yes/No) Yes
* ** Info: updating/etc/sshd_config file
* ** Query: overwrite existing/etc/inetd. d/sshd-inetd file? (Yes/No) Yes
* ** Info: Creating default/etc/inetd. d/sshd-inetd File
* ** Info: Updated/etc/inetd. d/sshd-inetd

* ** Warning: the following functions require administrator privileges!

* ** Query: Do you want to install sshd as a service?
* ** Query: (say "no" if it is already installed as a Service) (Yes/No) Yes
* ** Query: Enter the value of cygwin for the daemon: []

* ** Info: the sshd service has been installed under the LocalSystem
* ** Info: Account (also known as system). To start the service now, call
* ** Info: 'net start sshd' or 'cygrunsrv-s sshd'. Otherwise, it
* ** Info: will start automatically after the next reboot.

* ** Info: Host Configuration finished. Have fun!

5) Enable the sshd service
Administrator @ 8a0dbeec9a074e1 ~
$ Cygrunsrv-s sshd

Administrator @ 8a0dbeec9a074e1 ~
$ Cygrunsrv-s sshd

Administrator @ 8a0dbeec9a074e1 ~
$ PS-Ef | grep sshd
System 1316 6200? 19:42:30/usr/sbin/sshd

Administrator @ 8a0dbeec9a074e1 ~
$ SSH root@172.16.4.132.
The authenticity of host' 172. 16.4.132 (172.16.4.132) 'can't be established.
RSA key fingerprint is B0: F3: 36: D2: 46: 45: 2f: 04: 7f: 50: 0b: e4: 81: F2: 5D: BF.
Are you sure you want to continue connecting (Yes/No )? Yes
Warning: Permanently added '192. 16.4.132 '(RSA) to the list of known hosts.
Root@172.16.4.132's password:
____________________,______________________________________
. Qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqql _ |
. Gqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq__ |
Gqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq ==|_. ---.) |
Qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqf = | (^ -- ^) _.-"'; |
Qqqqqqqqqqq =========================! |) EE (|
Qqqqqqqqqq | (_. _. _)/|
Qqqqqqqqqq | '--', '|
Qqqqqqqqqq ~ "Jjj __, | jgs) _ | -- ') _ |
Qqqqqqqqqq "jjjjjjjj ___ |" "'"' |
Qqqqqqqqqq ~ Jjjjjjjjjjjjjjjjjjj _ |
Qqqqqqqqqq _ jjjjjjjjjjjjj /~~~~ | The hippo says: Welcome to |
Qqqqqqqqqq. {jjjjjj /~~~~~ | _ |
Qqqqqqqqqq .{/~~~~ '| ____ _ (_) ____ |
Qqqqqqqqqq |/___) |/_ | _/|
Qqqqqqqqqq | (___ | _ | (_ |
Qqqqqqqqqqql _______________, |/____)/_ |/___/| _ |
Qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqql ___ | (___/(____ |
4qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq ___ |
(= Qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq ======|-.-.--- ...... |
(Qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqf = | __________________________________ |

Root @ 8a0dbeec9a074e1 ~