Configure OpenSSH host in Windows using Cygwin

Install Cygwin in your Windows machine  and be sure to have the following two modules installed:

  1. OpenSSL
  2. OpenSSH

After Cygwin is installed, launch Cygwin default BASH shell in administrator mode. At the command prompt enter command:

$ssh-host-config

Now you will be prompt for a few yes/no type questions as below:

When asked – “should privilege separation be used.” Please enter “YES”. As it is on by default in standard installations of OpenSSH

When asked – “new local account ‘sshd’?” please enter “Yes”

When asked – “Do you want to install sshd as service”- Please enter “Yes”

When asked – “Enter the value of CYGWIN for the daemon” please enter “ntsec”

Finally you will see some output which on the screen and you will be told that cyg_server account will be used with sshd service.

When asked – “Do you want to use a different name”, please enter “no”

Again when asked – “Create new privileged user account ‘cyg_server’?”, please select “no”.

This step will generate an error however that is expected.

When asked – “Do you want to proceed anyway?” please inter “yes”.

This way SSHD server will run as “SYSTEM” privilege user and that is what we expected.

avkashc@OMSHANTIOM ~$ ssh-host-config

*** Info: Creating default /etc/ssh_config file

*** Info: Creating default /etc/sshd_config file

*** Info: Privilege separation is set to yes by default since OpenSSH 3.3.

*** Info: However, this requires a non-privileged account called ‘sshd’.

*** Info: For more info on privilege separation read /usr/share/doc/openssh/README.privsep.

*** Query: Should privilege separation be used? (yes/no) yes

*** Info: Note that creating a new user requires that the current account have

*** Info: Administrator privileges.  Should this script attempt to create a

*** Query: new local account ‘sshd’? (yes/no) yes

*** Info: Updating /etc/sshd_config file

*** Query: Do you want to install sshd as a service?

*** Query: (Say “no” if it is already installed as a service) (yes/no) yes

*** Query: Enter the value of CYGWIN for the daemon: [] ntsec

*** Info: On Windows Server 2003, Windows Vista, and above, the

*** Info: SYSTEM account cannot setuid to other users — a capability

*** Info: sshd requires.  You need to have or to create a privileged

*** Info: account.  This script will help you do so.

*** Info: You appear to be running Windows XP 64bit, Windows 2003 Server,

*** Info: or later.  On these systems, it’s not possible to use the LocalSystem

*** Info: account for services that can change the user id without an

*** Info: explicit password (such as passwordless logins [e.g. public key

*** Info: authentication] via sshd).

*** Info: If you want to enable that functionality, it’s required to create

*** Info: a new account with special privileges (unless a similar account

*** Info: already exists). This account is then used to run these special

*** Info: servers.

*** Info: Note that creating a new user requires that the current account

*** Info: have Administrator privileges itself.

*** Info: No privileged account could be found.

*** Info: This script plans to use ‘cyg_server’.

*** Info: ‘cyg_server’ will only be used by registered services.

*** Query: Do you want to use a different name? (yes/no) no

*** Query: Create new privileged user account ‘cyg_server’? (yes/no) no

*** ERROR: There was a serious problem creating a privileged user.

*** Query: Do you want to proceed anyway? (yes/no) yes

*** Warning: Expected privileged user ‘cyg_server’ does not exist.

*** Warning: Defaulting to ‘SYSTEM’

*** Info: The sshd service has been installed under the LocalSystem

*** Info: account (also known as SYSTEM). To start the service now, call

*** Info: `net start sshd’ or `cygrunsrv -S sshd’.  Otherwise, it

*** Info: will start automatically after the next reboot.

*** Warning: Host configuration exited with 1 errors or warnings!

*** Warning: Make sure that all problems reported are fixed,

*** Warning: then re-run ssh-host-config.

 

Now re-run ssh-host-config and when asked to overwrite configuration file, please enter “yes” and select “no” for privilege separation.

You will a message saying SSHD service is installed in your machine as below:

avkashc@OMSHANTIOM ~$ ssh-host-config

*** Query: Overwrite existing /etc/ssh_config file? (yes/no) yes

*** Info: Creating default /etc/ssh_config file

*** Query: Overwrite existing /etc/sshd_config file? (yes/no) yes

*** Info: Creating default /etc/sshd_config file

*** Info: Privilege separation is set to yes by default since OpenSSH 3.3.

*** Info: However, this requires a non-privileged account called ‘sshd’.

*** Info: For more info on privilege separation read /usr/share/doc/openssh/README.privsep.

*** Query: Should privilege separation be used? (yes/no) no

*** Info: Updating /etc/sshd_config file

*** Info: Sshd service is already installed.

*** Info: Host configuration finished. Have fun!

 

Now go to administrator control panel and launch services. You will see CYGWIN sshd is installed and not running as below:

Now you can go ahead and start the CYGWIN sshd service as usual. While starting CYGWIN sshd service above, be sure you done need to provide any password.

Alternatively you can use the following command to start the SSHD service from Cygwin shell:

$ net start sshd

To finish the remaining steps to generate key please run:

$ssh-keygen

When asked please enter “no” passphrase (two times, just press ENTER):

avkashc@OMSHANTIOM ~$ ssh-keygen

Generating public/private rsa key pair.

Enter file in which to save the key (/home/avkashc/.ssh/id_rsa):

Created directory ‘/home/avkashc/.ssh’.

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /home/avkashc/.ssh/id_rsa.

Your public key has been saved in /home/avkashc/.ssh/id_rsa.pub.

The key fingerprint is:

******************************** avkashc@OMSHANTIOM

The key’s randomart image is:

+–[ RSA 2048]—-+

********************

********************

********************

Finally run the following command to complete the setup:

avkashc@OMSHANTIOM ~

$ cd ~/.ssh

avkashc@OMSHANTIOM ~/.ssh

$ ls -l

total 5

-rw——- 1 avkashc mkgroup 1675 Jan 12 22:18 id_rsa

-rw-r–r– 1 avkashc mkgroup  400 Jan 12 22:18 id_rsa.pub

avkashc@OMSHANTIOM ~/.ssh

$ cat id_rsa.pub >> authorized_keys

avkashc@OMSHANTIOM ~/.ssh

$ ssh localhost

The authenticity of host ‘localhost (::1)’ can’t be established.

ECDSA key fingerprint is ***********************************.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added ‘localhost’ (ECDSA) to the list of known hosts.

avkashc@OMSHANTIOM ~/.ssh

$ ssh localhost

Connection closed by ::1

avkashc@OMSHANTIOM ~/.ssh

$

To perform user configuration for OpenSSH please use:

$ ssh-user-config

Resources:

Advertisements

8 thoughts on “Configure OpenSSH host in Windows using Cygwin

  1. Thank you for the directions. However, I am having a problem connecting to the server. Right at the end, you have a line “Connection closed by ::1”. I am having the same issue and do not know how to connect to the server. Any advice?

    Like

  2. hello,
    I understand that Windows7 has different defaults for SYSTEM account which disallows it to switch users or something similar. So, this means/implies it would not longer work properly for starting sshd service. Is someone using this successfully?

    I hit upon here in a search because my the cyg_server account is getting locked, but if SYSTEM account works on Windows7 for sshd, then I’ll use it. That’s what I used under WindowsXP and it worked great.

    Like

  3. what is basic requirement to install hadoop in window and how can I predict or judge the cygwin install is fully copleted,coz l installed it but some command would not be worked in my PC,so can you direct me
    Chetan Pohkar
    Proactive technical Services

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s