Installing OpenSSH for Windows to support WiSSH Clients
OpenSSH for Windows is a free package that installs a minimal OpenSSH server and client utilities in the Cygwin package without needing the full Cygwin installation.OpenSSH for Windows can be downloaded from this website: http://sshwindows.webheat.co.uk/
This how-to will quickly get your system installed and will show you the fastest way to get your remote access solution in production.
Install your server hardware and Windows operating system. This server should be fully patched and secured. SSH tunneling requires very little system horsepower, and it is usually acceptable to run on older hardware.
You must secure this system from the Internet! If you leave the system unprotected, you will be compromised. The only requirement is that you leave the SSH port (22 tcp) open to the internet, and the RDP (3389 tcp) and DNS (53 udp) ports open to the internal network. If you have a DMZ, this is optimal. However, even software based local firewalls will help. Please see our technology documents for more information as to what requirements for your firewalls. Depending on if you want to allow domain or Active Directory authentication, you may need to allow additional ports to your internal network, usually NetBIOS (137 tcp).
First, download the current release of OpenSSH for Windows. Run the installation on the server.As you complete the install, you will see a prompt about editing the passwd file. Click OK. After the install is finished, on your Start Menu is links to the Quickstart and the Readme. Please view these files. Follow all the steps in the Quickstart. This will create the group and passwd files. Add your users as shown in the Quickstart. To quickly add all domain users, enter this command from the bin directory:
- mkpasswd -d >> ..\etc\passwd
Start the SSH Server Service by entering:
- net start opensshd
Ensure that any firewall rules and other requirements are met, so that users from the internet are able to connect to this server on port 22. You should be able to test the server at this point by using a tool such as PuTTY to connect and log in to the system.
Private/Public Keys and OpenSSH for Windows
You can also add public key authentication to OpenSSH. The settings for the OpenSSH server are the same as the standard version of OpenSSH. To add a key, follow these directions:
Use an SSH key generator to generate a public a public and private key pair for your client. Create an SSH2 style key with a password. Give the private key to the user with the WiSSH install. Save the public key in the user's home directory. If you are using domain accounts, use their network home directory, if local, use the C:\Documents and Settings location. The public key must be in an .ssh subfolder, and named authorized_keys. An example would be: c:\Documents and Settings\username\.ssh\authorized_keys file
A command line version of the key generator is included with OpenSSH for Windows. A sample command line to generate a keypair is:
- ssh-keygen.exe -t rsa -N password
OpenSSH for Windows must be configured then to accept the keys. In the C:\Program Files\OpenSSH\etc\sshd_config file, you need to turn on PubkeyAuthentication by uncommenting it (removing the #) and optionally turning off PasswordAuthentication by setting it to no.
WiSSH Connection
WiSSH should now connect successfully to the server. If you have issues, please view both the WiSSH client log and the event log on the server. You may need to verify that the necessary ports are available on the server, and that the server can resolve the client hostnames. Remember, the Hostname entered in WiSSH is from the point of view of the SSH server.
For more information on the OpenSSH for Windows package, please view their Support Page. It should answer many of your questions about the software and help you to further configure it to meet your needs.
