I had to setup this for a friend of mine and cheap was on his mind. We needed to secure his ftp server. I thought, hey SSH. But on Windows. That was the easy part.
I have this running on a IIS 6 server on Windows 2003 std. I use filezilla for the ftp client. A free client that supports SSH connections.
Not sure if we have clients that would use IMAP or POP or SSH. But if there is a need, we have a way. This would work with these protcols as well.
Below are the instructions I used. Works like charm.
All this was done my be at no cost. Can’t beat open source.
___________________________________________________________________
How to install a ssh server (called sshd, from OpenSSH) on a Windows 2000, XP or Windows Server 2003
How to install a sftp server on a Windows 2000, XP or Windows Server 2003
The ssh server is an emulation of the UNIX environment and OpenSSH to Windows, by Redhat, called Cygwin
(1a) Login as Administrator (Windows XP – login as a user with Administrator privilege).
(1b) Create a folder c:cygwin
(2) Download cygwin’s setup.exe from http://www.cygwin.com/ and save setup.exe in c:cygwin
Click Start…Run…and type c:cygwinsetup.exe
When it asks for "Local Package Directory", type c:cygwin
When a selection screen comes up, click the little View button for "Full" view ,
find the line "OpenSSH", click on the word "skip" so that an appears in Column B,
see this illustration.
Click to start installing cygwin and ssh.
Size of the basic cygwin system is about 40 Meg, this may take a while if you have a slow connection.
Take a coffee break.
(3) Right click My Computer, Properties, Advanced, Environment Variables
See this illustration (red dots).
Click the "New" button to add a new entry to system variables:
variable name is CYGWIN
variable value is ntsec tty
(4) Right click My Computer, Properties, Advanced, Environment Variables
See this illustration (green dots).
Select the Path variable and click the "Edit" button:
append ;c:cygwinbin to the end of the existing variable string.
(5) Open a cygwin window (by double clicking the icon), a black screen pops open, type
ssh-host-config
When the script asks you about "privilege separation", answer yes.
When the script asks about "local user", answer yes.
When the script asks you about "install sshd as a service", answer yes
When the script asks you for "CYGWIN=",
your answer should be ntsec tty
(6) While you are still in the (black) cygwin screen, start the sshd service :
net start sshd
or
cygrunsrv –start sshd
To stop the sshd service, pop open a cygwin window, type
net stop sshd
or
cygrunsrv –stop sshd
Test to see if ssh server is working: (below command is case sensitive)
ssh "$USERNAME@127.0.0.1"
or
ssh localhost
If you get a prompt without error messages, type ls -h /cygdrive/c
and you should see a directory listing. If so, it is working .
(type exit to end the ssh session)
(thanks to Jared Kilgour for above $USERNAME variable substitution)
(thanks to Justin Kerk for the quotes around $USERNAME to allow for spaces in username)
If you still have troubles, try
ssh-user-config
********* below has not been tested extensively, use caution **********
********* contribution by Orion Elenzil ***********************
make a backup
$ cp /etc/passwd /etc/passwd.bak
$ passwd
[enter your current correct windows password exactly and carefully]
– word of warning, this may screw up the Windows password, be sure to enter the right thing!
Other users on the internal network (sometimes call a LAN) can type
ssh usersname@your_internal_ip_address (e.g. ssh john@192.168.0.100)
Other users from the outside network can type: (assuming you have an IP address that is accessible from the outside world)
ssh username@your_external_ip_address (e.g. ssh john@128.64.64.100)
For Windows XP SP2, you have to tweak the "Windows Firewall" to allow TCP 22
Click Start…Control Panel….Security Centre….Windows Firewall….Exceptions….Add
(Thanks to Stefano of Sardegna, Italy for his Windows XP Firewall reminder).
If you currently have Windows XP SP1 and upgrade to SP2 after you install sshd service,
Windows SP2 upgrade disables the sshd service and deletes the environment variables you have created above !
You also have to tweak the "Windows Firewall" to allow TCP 22
Click Start…Control Panel….Security Centre….Windows Firewall….Exceptions….Add
(Thanks to Chris Davitt of New Zealand for this tip).
If you have a NAT firewall, port forward (D-link calls it Virtual Server) TCP port 22 to the IP address
of the box with the sshd server.
As a bonus, sshd installs sftp and sftp-server on your Windows box.
These two programs replace the unsafe unencrypted ftp-client and ftp-server.
For example, from a remote box, you can
sftp username@ip_address (e.g. sftp john@32.97.166.74 )
sftp username@hostname (e.g. sftp john@supercompuer.ibm.com )
to remotely send and receive files under the strong encryption of ssh.
The encryption used by ssh can be either AES-128, AES-192, AES-256, 3DES, Blowfish or CAST
Once you establish a ssh or sftp connection into the Windows box,
if you want to change directory to c:my document
cd "/cygdrive/c/documents and settings/$USERNAME/my documents"
Similarly, to change directory to d: drive
cd /cygdrive/d
Where else can you find a sftp client ?
(1) Putty has psftp.exe, it runs from a command console.
(2) Commercial software vendors such as VanDyke Software.
(3) Filezilla, a free, GNU (GPL) licensed, ftp and sftp client.If you prefer to use a graphical client to do sftp file transfers,
purchase a high quality commercial software called SecureFX
from VanDyke Software in Albuquerque, New Mexico, USA
or use Filezilla, a free, GNU (GPL) licensed, ftp and sftp client,
or use WinSCP, a free, GNU (GPL) licensed sftp and scp client.
Also, ftp.ssh.com in their /pub/ssh directory, there is a Windows version of ssh and sftp client for non-commercial use,
thanks to Stephan of Rutgers State University of New JerseyOther very, very useful things you can do with ssh is to tunnel (wrap) any pure tcp applications under the
ssh protocol, giving them strong cryptographic protection while traveling on the public network.
The encryption used by ssh can be either AES-128, AES-192, AES-256, 3DES, Blowfish, CAST
Below are some popular plain text, pure tcp protocols that can benefit from the protection (encryption) of a ssh tunnel:
POP3 (tcp port 110),
SMTP (tcp port 25),
IMAP (tcp port 143)
TELNET (tcp port 21)
VNC (tcp port 5900)
Print server (tcp port 9100)
See this page on how to tunnel VNC traffic under ssh.
See this page on how to tunnel tcp applications under ssh.
How to install a ssh client (called ssh)
Click here for a tutorial on how to setup a ssh client on Windows 2000 or Windows XP
How to install a smtp server [exim] on a Windows machine
Click here for a tutorial on how to setup exim, a mail transfer agent
on Windows 2000 or Windows XP as a learning exercise.
Thanks to Mike Skallas for his tips on "privilege separation" during the setup script.
Thanks to Jan Haul of Hamburg, Germany for his WinSCP link.
Thanks to Brad Erdman, Institute for Advanced Computer Studies, University of Maryland, USA
for his confirmation of cygwin-sshd working on Windows Server 2003
You can also use sshwindows from Sourceforge to install ssh and sshd on Windows without the full cygwin package.
http://www.lns.cornell.edu/public/COMP/cygwin/cyg_inst_net.html is the link to install Cygwin with Xfree86. Thanks to Richard Ward fo this link.
