An SSH server for windows, it's the kind of thing only a Linux/OSX user would ask for. The current defacto standard is Cygwin but if you fancy something a bit more native, something a bit backed by Microsoft then take a look at PowerShell/Win32-OpenSSH on github.
Installation is quite straight forward:
- Download the latest release make sure you correctly select 32bit or 64bit
- Create a folder,
C:\Program Files\OpenSSH-Win32and extract the contents there.
- Start Powershell as Administrator -
cd 'C:\Program Files\OpenSSH-Win32'
- Setup SSH host keys (this will generate all the 'host' keys that sshd expects when its starts) -
- Enable key-based auth -
- Reboot (well it is windows!)
- Start Powershell as Administrator again -
cd 'C:\Program Files\OpenSSH-Win32'
- Install and run daemon as NT Service running as Local System -
- Start the service -
- Make the service start on boot -
Set-Service sshd -StartupType Automatic
If you have a problem running step 5 you might need to run
Set-ExecutionPolicy Unrestricted; if you do disable this security, switch it back on when you're finished
Set-ExecutionPolicy RemoteSigned (or whatever).
Also, don't forget to allow
tcp/22 through any firewalls, either network or host based.
You'll probably want to enable SFTP, the server that is.
C:\Program Files\OpenSSH-Win32\sshd_config in your favorite text editor and replace this:
# override default of no subsystems #Subsystem sftp /usr/libexec/sftp-server Subsystem sftp /win32openssh/bin/sftp-server.exe Subsystem scp /win32openssh/bin/scp.exe
# override default of no subsystems #Subsystem sftp /usr/libexec/sftp-server #Subsystem sftp /win32openssh/bin/sftp-server.exe Subsystem sftp c:\PROGRA~1\OPENSS~1\sftp-server.exe #Subsystem scp /win32openssh/bin/scp.exe
Notice for program files and openssh-win32 I'm using the short path, you can find those using
cmd.exe and using
Your first login, from a Linux/OSX/nix machine
Ok, so this is where it gets a little odd. For your username you need
SamAccountName@fqdndomain, as there is an
@ in there you need to use the
-l switch on
ssh. Which means you have to do something like
ssh -l email@example.com mypc.company.local with a little luck that'll give you this...
linickx:~ $ ssh -l firstname.lastname@example.org mypc.company.local ssh -l email@example.com@mypc.company.local's password: Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. All rights reserved. firstname.lastname@example.org@MYPC C:\Users\nick.bettison\Documents>
If your PC is standalone (workgroup) you can use normal ssh syntax, either
ssh email@example.com or
ssh -l user pc.local.
Connecting with SFTP
On a domain PC, SFTP probably won't work because there is no -l, as a workaround on my nix machine I added the following to my ~/.ssh/config file:
Host mypc Hostname mypc.company.local User firstname.lastname@example.org
Which should work like this...
linickx:~ $ sftp mypc email@example.com@mypc.company.local's password: Connected to mypc. sftp> pwd Remote working directory: /C:/Users/nick.bettison/Documents sftp>
To enable public key authentication
C:\Program Files\OpenSSH-Win32\sshd_config in your favorite text editor (again) and replace this...
#RSAAuthentication yes #PubkeyAuthentication yes
RSAAuthentication yes PubkeyAuthentication yes
NOTE: Public key auth doesn't seem to work with domain PCs.
I tested on a standalone (non-domain) windows7 PC and it worked fine, but on a domain PC at work it fails with the following server side error message.
Cannot logon using LSA package (err = 1300, ntStat = c0000041).
Github Issue 87 seems to imply that this is group policy related, if it is, as yet I haven't figured out which one. The other reason this might not work is username interpretation, local users are "username" where as domains are "username@domain" so I wonder if the LSA .DLL is looking in the wrong place; I will update here if I find a solution.