Optional, Advanced

Disclaimer

How to install a ssh server (called sshd, from OpenSSH) on a Windows 2000, XP or Windows Server 2003
How to install a sftp server on a Windows 2000,  XP or Windows Server 2003 

The ssh server is an emulation of the UNIX environment and OpenSSH to Windows, by Redhat, called Cygwin

(1a) Login as Administrator (Windows XP - login as a user with Administrator privilege).

(1b) Create a folder c:\cygwin

(2) Download cygwin's setup.exe from http://www.cygwin.com/ and save setup.exe in c:\cygwin
Click Start...Run...and type c:\cygwin\setup.exe

When it asks for "Local Package Directory", type c:\cygwin
When a selection screen comes up, click the little View button for "Full" view  g,
find the line "OpenSSH", click on the word "skip" so that an appears in Column B,
see this illustration.

Click g to start installing cygwin and ssh.
Size of the basic cygwin system is about 40 Meg, this may take a while if you have a slow connection.

Take a coffee break.

(3) Right click My Computer, Properties, Advanced, Environment Variables
See this illustration (red dots).
Click the "New" button to add a new entry to system variables:
variable name is CYGWIN
variable value is ntsec tty

(4) Right click My Computer, Properties, Advanced, Environment Variables
See this illustration (green dots).
Select the Path variable and click the "Edit" button:
append  ;c:\cygwin\bin   to the end of the existing variable string.

(5) Open a cygwin window (by double clicking theg icon), a black screen pops open, type
ssh-host-config
When the script asks you about "privilege separation", answer yes.
When the script asks about "local user", answer yes.
When the script asks you about "install sshd as a service", answer yes
When the script asks you for "CYGWIN=",
your answer should be ntsec tty

(6) While you are still in the (black) cygwin screen, start the sshd service g:
net start sshd
or
cygrunsrv  --start  sshd

To stop the sshd service, pop open a g cygwin window, type
net stop sshd
or
cygrunsrv  --stop  sshd

Test to see if ssh server is working: (below command is case sensitive)

ssh    $USERNAME@127.0.0.1

If you get a prompt without error messages, type ls  -h  /cygdrive/c
and you should see a directory listing. If so, it is working g .
(type exit to end the ssh session)
(thanks to Jared Kizlgour for above $USERNAME variable substitution)

If you still have troubles, try
ssh-user-config

g *********  below has not been tested extensively, use caution **********
*********  contribution by Orion Elenzil   ***********************

make a backup
$ cp    /etc/passwd       /etc/passwd.bak

$ passwd
[enter your current correct windows password exactly and carefully]
- word of warning, this may screw up the Windows password, be sure to enter the right thing!

Other users on the internal network (sometimes call a LAN) can type
ssh  usersname@your_internal_ip_address   (e.g. ssh   john@192.168.0.100)

Other users from the outside network can type: (assuming you have an IP address that is accessible from the outside world)
ssh  username@your_external_ip_address   (e.g. ssh   john@128.64.64.100)

For Windows XP SP2, you have to tweak the "Windows Firewall" to allow TCP 22
Click Start...Control Panel....Security Centre....Windows Firewall....Exceptions....Add
(Thanks to Stefano of Sardegna, Italy for his Windows XP Firewall reminder).

g If you currently have Windows XP SP1 and upgrade to SP2 after you install sshd service,
Windows SP2 upgrade disables the sshd service and deletes the environment variables you have created above !
You also have to tweak the "Windows Firewall" to allow TCP 22
Click Start...Control Panel....Security Centre....Windows Firewall....Exceptions....Add
(Thanks to Chris Davitt of New Zealand   for this tip).

If you have a NAT firewall, port forward (D-link calls it Virtual Server) TCP port 22 to the IP address
of the box with the sshd server.

g

As a bonus, sshd installs sftp and sftp-server on your Windows box.
These two programs replace the unsafe unencrypted ftp-client and ftp-server.

For example, from a remote box, you can
sftp   username@ip_address   (e.g.  sftp  john@32.97.166.74 )
sftp   username@hostname   (e.g. sftp  john@supercompuer.ibm.com )
to remotely send and receive files under the strong encryption of ssh.
The encryption used by ssh can be either AES-128, AES-192, AES-256, 3DES, Blowfish, cast-128

Once you establish a ssh or sftp connection into the Windows box,
if you want to change directory to c:\my document

cd    "/cygdrive/c/documents and settings/$USERNAME/my documents"

Similarly, to change directory to d: drive
cd    /cygdrive/d

Where else can you find a sftp client ?
(1) Putty has psftp.exe, it runs from a command console.
(2) Commercial software vendors such as VanDyke Software.
(3) Filezilla, a free, GNU (GPL) licensed, ftp and sftp client.

If you prefer to use a graphical client to do sftp file transfers,
purchase a high quality commercial software called SecureFX
from VanDyke Software in Albuquerque, New Mexico, USA
or use Filezilla, a free, GNU (GPL) licensed, ftp and sftp client,
or use WinSCP, a free, GNU (GPL) licensed sftp and scp client.


Other very, very useful things you can do with ssh is to tunnel (wrap) any pure tcp applications under the
ssh protocol, giving them strong cryptographic protection while traveling on the public network.

The encryption used by ssh can be either AES-128, AES-192, AES-256, 3DES, Blowfish, cast-128

Below are some popular plain text, pure tcp protocols that can benefit from the protection (encryption) of a ssh tunnel:
POP3 (tcp port 110),
SMTP (tcp port 25),
IMAP (tcp port 143)
TELNET (tcp port 21)
VNC (tcp port 5900)
Print server (tcp port 9100)

See this page on how to tunnel VNC traffic under ssh.

See this page on how to tunnel tcp applications under ssh.

How to install a ssh client (called ssh)
Click here for a tutorial on how to setup a ssh client on Windows 2000 or Windows XP g

How to install a smtp server [exim] on a Windows machine
Click here for a tutorial on how to setup exim, a mail transfer agent
on Windows 2000 or Windows XP g as a learning exercise.

Thanks to Mike Skallas for his tips on "privilege separation" during the setup script.
Thanks to Jan Haul of Hamburg, Germany g for his WinSCP link.
Thanks to Brad Erdman, Institute for Advanced Computer Studies, University of Maryland, USA g
for his confirmation of cygwin-sshd working on Windows Server 2003

You can also use sshwindows from Sourceforge to install ssh and sshd on Windows without the full cygwin package.

http://www.lns.cornell.edu/public/COMP/cygwin/cyg_inst_net.html is the link to install Cygwin with Xfree86. Thanks to Richard Ward fo this link.

Disclaimer

© 2003-2005 Nicholas Fong

Last revised:  September 25, 2005