Installing an SSH/SFTP Server on Windows
Fuente: http://www.noah.org/wiki/Sshd_on_Windows (errores del procedimiento anterior)
Here’s the scenario: you’ve just started a meeting with your IT security chief and, as you’re describing how the big client wants you to set up an FTP server so they can upload a bunch of confidential files for your project, you notice that the chief’s face is turning an interesting shade of red. In the calm, measured voice that lets you know you’ve just stepped into a minefield, she suggests that you might want to find a file transfer mechanism that is ever-so-slightly more secure than FTP. Or else.
Since you are, of course, a strong advocate of open source solutions, you do some research and discover OpenSSH and the SSH File Transfer Protocol (also know as SFTP). SFTP looks like it’s just the ticket and puts a smile on the security chief’s face. The only problem is that your server room runs on Windows and OpenSSH doesn’t. After a little more research, you find that OpenSSH does run on Windows — it just needs a little help from the Cygwin project. Now if you could just find some instructions on how to get started. This is where we come in.
Before You Start
This is a bare bones guide to getting an OpenSSH Secure Shell (SSH) and SFTP (Secure File Transfer Protocol) server running under Windows. You will need a copy of the Cygwin installer, Internet access, and an Administrator account on your Windows server. You can download the Cygwin installer (setup.exe) from cygwin.com. At the time this tutorial was published, the Cygwin installer was at version 1.5.25-15.
Please note that the basic instructions covered in this tutorial should work on most versions of Windows and have been thoroughly tested on Windows XP and Vista. We have included version-specific notes where the instructions diverged.
Meat & Potatoes
Because OpenSSH is available as an optional component of Cygwin, the easiest way to get OpenSSH running under Windows is to employ a custom Cygwin install.
- Login to Windows using an administrator account.
- Copy the Cygwin installer somewhere convenient (like c:\, for example).
- Run setup.exe. Cygwin installation type
- Choose “Install from Internet”.
- Select a directory for the installed Cygwin files (the “Root Directory”). The default c:\cygwin will work fine. Make sure “Install For” is set to “All Users” and “Default Text File Type” is set to “Unix/binary”. Cygwin install location
- Select a directory for the downloaded installation files (the “Local Package Directory”). It’s better if this is not the same as the Root Directory. Something like c:\cygwin_packages works well. Cygwin packages location
- For the Internet connection, “Direct Connection” will probably work. If not, check with your network administrator to see what’s most appropriate. Cygwin connection type
- The download sites are mirrors of the central Cygwin package repository and should have essentially identical content. Choosing a site in your region will likely result in speedier downloads. Cygwin download site
- Once the installer has downloaded and displayed the list of packages available on the repository, click on the “View” button until the text to the right of the button says “Full”. In the list of packages, scroll down until you see a package called “openssh: The OpenSSH server and client programs” in the Package column. Under the New column, click on the word “Skip”. This should display a version number for the installable OpenSSH package. Note that this may change the status on other packages, from “Skip” to a version. Don’t change those entries! They’re packages upon which OpenSSH depends. Cygwin OpenSSH package selection
- The next screen will begin the installation process. Installation will take some time and may be a good opportunity to take a coffee break (or two).
- Once the installation is complete, you can choose whether or not to add Cygwin shortcuts to the Start menu or Desktop.
- Now launch the Cygwin shell (this is similar to a DOS/command window) by clicking on a shortcut (if you created one during the installation), or by running c:\cygwin\Cygwin.bat.
Vista vs. XP Note: on Windows XP you can simply run the Cygwin.bat. On Vista, you’ll need to run Cygwin.bat as an administrator.
- On XP: At the prompt, run the following commands:
export CYGWIN='ntsec tty' chmod +rw /etc/group chmod +rw /etc/passwd chmod 0755 /var ssh-host-config -y net start sshd
On Vista: At the prompt, run the following commands:
export CYGWIN='ntsec tty' chmod +rw /etc/group chmod +rw /etc/passwd chmod 0755 /var ssh-host-configAnswer yes to each question except “Do you want to use a different name?” and “Create new privileged user account ‘cyg_server’?” The answer to both of these is no.
net start sshd
This will configure, install and start the SSH/SFTP server as a Windows service.
- Synchronize Cygwin user information with your Windows users by running:
mkpasswd -cl > /etc/password mkgroup --local > /etc/group
- You can test the server by connecting from another system using an SFTP client such as FileZilla or an SSH client such as PuTTY.
Note: The default configuration we’ve gone through uses port 22 for SSH connections. You will need to open this port in your firewall in order for the SSH server to work.
Configuring A User’s Home Directory
For most Windows users and administrators, a user’s home directory is c:\Documents and Settings\[user name]. However, under Cygwin and OpenSSH, when remote users log in they may be surprised to find their (Cygwin) home is under c:\cygwin\home\[user name]. Fortunately, changing the Cygwin/OpenSSH behavior to match Windows standard behavior more closely is pretty straightforward, provided you understand the differences in the path conventions for Windows and Cygwin.
Translating Paths From Cygwin to Windows and Back
Since Cygwin is a Linux/Unix emulation that runs on top of Windows, the Cygwin shell does some things quite differently from Windows or a DOS command shell. Most notably, the paths in Cygwin follow a different, Linux-like convention.
Under Linux (and Cygwin), the file system has a single top level called the root and written “/”. The path delimiters are slashes, so, for example, the path to a directory called user inside a directory called home would be “/home/user”.
Windows, of course, supports multiple top levels on the file system: c:\, d:\, e:\ etc. The path delimiters are back-slashes and a similar path on the c drive would be “c:\home\user”.
In order for Cygwin to let Linux applications understand path information, Cygwin paths follow the Linux convention. However, the root directory in Cygwin points to the Windows directory in which Cygwin was installed.
To shoehorn the Windows path information in under the Linux convention, Cygwin puts the drive letters under a “cygdrive” directory. So, the path to the file “c:\home\user\myfile.txt” (Windows-speak) in Cygwin is “/cygdrive/c/home/user/myfile.txt”. The Cygwin path for something on, say, the g:\ drive, would be “/cygdrive/g/…”
Some general path examples for Windows:
|Windows Path||Cygwin Path|
|c:\Program Files\MyApp||/cygdrive/c/Program\ Files/MyApp|
Note the escaped space in the Cygwin path for the fourth example.
Default Directory for Users
Here’s why we need all this path information: when using the mkpasswd command to create Cygwin user accounts from local Windows user accounts, the user’s (Cygwin) home directory will default to “/home/[username]” (Cygwin path).
When that user logs in remotely through SFTP, he or she will start in that home directory; so in order to change the starting point for an SFTP session, the home directory setting for the user will need to be updated.
To change this, open the file /etc/passwd in a text editor that understands how to read Unix line endings.
Warning: Notepad doesn’t read Unix files correctly. Wordpad does, but if you use Wordpad, be very careful to save the passwd file in a text format. Saving in any non-text format will break the file which will have unfortunate effects on Cygwin.
Each line in the file corresponds to the Cygwin settings for a particular user. The entries are separated by colons, “:”. There are seven entries for each user:
- Password: actually a placeholder.
- User ID (UID): a unique number assigned to each users.
- Group ID (GID): the unique number assigned to the user’s primary group.
- User ID Information: A comment field, normally used for human readable information about a user.
- Home Directory: the path of the user’s home directory.
- User’s Default Shell: the path to the shell executable. In Cygwin, this is almost always /bin/bash.
Change the 6th field to the path you’d like as the SFTP entry point for each user. Note that this must be a Cygwin-style path, for example: /cygdrive/c/Documents\ and\ Settings/[user name].
Once the service has been restarted, the new home directories will take effect.
Now that the server is set for secure transfers, the users have the right home directories, and all is right with the world, it might be a good time to mention that your big client is going to need some way of connecting with the new SFTP server. Since FTP and SFTP are entirely different under the hood, the client will need a new client. Fortunately, the open source community can help once again. WinSCP is an excellent, streamlined Windows SFTP client which also supports FTP and SCP file transfers. If you need a cross-platform client, you might also consider FileZilla, an SFTP, FTP, and FTPS client that runs on Windows, Linux, Mac OS X, the BSDs, and other platforms.