Get REAL SSH functionality with Windows 2K

Having a remote Windows 2K server and needing access to it, I began weighing my options for a remote access solution. Terminal services wasn’t an option because of several firewall and packet shaper considerations wouldn’t allow it. I considered enabling telnet server but clear text is the devil. Needing a secure, low bandwidth solution I turned to SSH. I downloaded a demo of SSH server for Windows from ssh.com and thought I had found my solution. But, although it did give access via a command prompt and SFTP access, it didn’t allow for editing of files (think VI!). This simply wouldn’t work. After searching for while for a better option, I found an open source SSH server package by Network Simplicity based o­n openssh. Much better. But, although it did give more functionality, it still didn’t really allow for real file editing, so I found myself SFTP’ing down files, editing them locally, and SFTP’ing them back. It was just too clunky to live. Back to google. I found the holy grail of SSH server for Windows! It was Cygwin, a UNIX emulator based o­n Redhat, to run open ssh server. I’d been using it for years for various *nix based applications and never realized that it could be used in this capacity. It might as well be a Redhat box that you’re SSH’ing into with REAL file editing with VI! Woo Hoo! I found this tutorial, which made it very simple to enable Cygwin as a SSH server. Many kudos to the author!
This tutorial was obtained from http://tech.erdelynet.com/cygwin-sshd.html and is mirrored here as a convenience.

Use the following steps to successfully get OpenSSH working as a server:

  1. Set up your environment for Cygwin. For NT 4 and Windows 2000, this is done by right-clicking o­n My Computer and choosing Properties. In NT4, it’s o­n the Environment tab. In Windows 2000, it’s the Environment Variables o­n the Advanced tab. Add the following setting to the System Environment:
    • CYGWIN = ntsec tty

    Append the following variable to contain the following:

    • Path : ;C:\Cygwin\bin

    Note that if you are NT/2K o­n FAT(32), the ntsec option for the CYGWIN variable won’t help you much. In these cases, just set CYGWIN to “tty”. (Note: Through email, I’ve been notified that having CYGWIN=ntsec actually does made a difference o­n FAT(32) systems. Geoffrey Hoo)

  2. Download the Cygwin Setup Program into a temporary folder like C:\CygwinInstall.
  3. Run “C:\CygwinInstall\Setup.exe“, choose ” Install from Internet “, choose a suitable mirror (I like “ftp://mirrors.rcn.net”).
  4. Now choose the packages you want to install. Click o­n the “+” next to “Admin” to expand it. Click o­n the word “Skip” next to the word cygrunsrv to install the NT/Win2k/XP Cygwin Service Initiator. Install cygwin-doc from “Doc”, nano and/or vim from “Editors” and openssh from “Net”.
  5. [Optional] After Setup is complete, I like to make a couple of changes to the default installation: – Download and install ftp://ftp.erdelynet.com/mike/cygwin/profile, ftp://ftp.erdelynet.com/mike/cygwin/sh_aliases into /etc. – Change the Cygwin icons so that, instead of pointing to cygwin.bat, they point to “c:\cygwin\bin\bash.exe –login -i” and start in “c:\cygwin\bin”NOTE: Unless specified otherwise, run the following commands within the Cygwin Bash Shell installed in your Start Menu.
  6. Now, you’ll want to configure sshd. This is MUCH simpler than it used to be.
    Run “ssh-host-config -y” to set it up. This step will create necessary configuration files, a priviledge separation user and necessary directories. When prompted with “CYGWIN=” type what you set CYGWIN to in step 1 (tty ntsec).
  7. You will probably want to change permissions and ownership o­n some files:
    • cd /; chmod -R og-w .
    • chmod og+w /tmp
    • touch /var/log/sshd.log
    • chown system:system /var/log/sshd.log /var/empty /etc/ssh_h*
    • chmod 755 /var/empty
  8. Now you are ready to start the service: “cygrunsrv -S sshd
  9. Test the service by running “ssh localhost

Please note that previously, I had instructions that included running a custom fix permissions script. I have not tested the script with newer versions of OpenSSH and therefore have left that information out of the instructions above. If you have any questions, please direct them to the mailing list

If, at this point, you are unable to connect to your sshd server, join my SSH-L mailing list for extra help.

If your ultimate goal (like mine was) is to connect to the SSH server with a GUI client like Putty or Van Dyke’s SecureCRT, now try that. At this point, also test connecting to your SSH server from a different machine to ensure network connectivity.

If this is unclear or if you have any questions, join my SSH-L mailing list.