Differences
This shows you the differences between the selected revisions of the page.
| 2016-03-31 | 2016-04-24 | ||
| updating link to official instructions (martin) | testing (27.0.168.116) (hidden) | ||
| Line 1: | Line 1: | ||
| - | ====== Installing SFTP/SSH Server on Windows using OpenSSH ====== | + | Test test test |
| - | + | ||
| - | Recently, [[https://blogs.msdn.com/b/powershell/archive/2015/10/19/openssh-for-windows-update.aspx|Microsoft has released]] an early version of [[https://github.com/PowerShell/Win32-OpenSSH|OpenSSH for Windows]]. You can use the package to set up an SFTP/SSH server on Windows. | + | |
| - | + | ||
| - | ===== Installing SFTP/SSH Server ===== | + | |
| - | + | ||
| - | * Download the latest [[https://github.com/PowerShell/Win32-OpenSSH/releases/|OpenSSH for Windows binaries]] (package ''OpenSSH-Win32.zip'') | + | |
| - | * Extract the package to a convenient location (we will use ''C:\openssh'' in this guide) | + | |
| - | * Generate server keys by running the following commands from the ''C:\openssh'': <code> | + | |
| - | ssh-keygen.exe -A | + | |
| - | </code> | + | |
| - | * Open a port for the %%SSH%% server in Windows Firewall: | + | |
| - | * Either run the following PowerShell command (Windows 8 and 2012 or newer only), &win8 &win2012 as the Administrator: \\ ''New-NetFirewallRule -Protocol %%TCP%% -LocalPort 22 -Direction Inbound -Action Allow -DisplayName %%SSH%%'' | + | |
| - | * or go to //Control Panel > System and Security > Windows Firewall > Advanced Settings > Inbound Rules// and add a new rule for port 22. &wincp | + | |
| - | * To allow a public key authentication, as an Administrator, from ''C:\openssh'', run: \\ ''powershell.exe .\install-sshlsa.ps1'' \\ and restart the machine | + | |
| - | * In ''C:\openssh\sshd_config'' locate a ''Subsystem sftp'' directive and change the path to ''sftp-server'' to its Windows location: \\ ''Subsystem sftp C:\openssh\sftp-server.exe'' | + | |
| - | * As the Administrator, install an SSHD service: \\ ''sshd.exe install'' | + | |
| - | * Start the service and/or configure automatic start: | + | |
| - | * Go to //Control Panel > System and Security > Administrative Tools// and open //Services//. Locate //SSHD// service. &wincp | + | |
| - | * If you want the server to start automatically when your machine is started: Go to //Action > Properties//. In the Properties dialog, change //Startup type// to //Automatic// and confirm. | + | |
| - | * Start the SSHD service by clicking the //Start the service//. | + | |
| - | + | ||
| - | //These instructions are partially based on [[https://github.com/PowerShell/Win32-OpenSSH/wiki/Install-Win32-OpenSSH|the official deployment instructions]].// | + | |
| - | + | ||
| - | ===== Setting up SSH public key authentication ===== | + | |
| - | + | ||
| - | Follow a generic guide for [[guide_public_key|Setting up SSH public key authentication]] in *nix OpenSSH server, with following differences: | + | |
| - | + | ||
| - | * Create the ''.ssh'' folder (for the ''authorized_keys'' file) in your Windows account profile folder (typically in ''C:\Users\username\.ssh''). &winpath | + | |
| - | * Do not change permissions for the ''.ssh'' and the ''authorized_keys''. | + | |
| - | + | ||
| - | ===== Connecting to the server ===== | + | |
| - | + | ||
| - | Before the first connection, find out fingerprint of the server's RSA key by running ''ssh-keygen.exe -l -f ssh_host_rsa_key -E md5'' from the ''C:\openssh'': | + | |
| - | + | ||
| - | <code> | + | |
| - | C:\openssh>ssh-keygen.exe -l -f ssh_host_rsa_key -E md5 | + | |
| - | 2048 MD5:94:93:fe:cc:c5:7d:d8:2a:33:21:0e:f3:91:11:8a:d9 martin@example (RSA) | + | |
| - | </code> | + | |
| - | + | ||
| - | Start WinSCP. [[ui_login|Login dialog]] will appear. On the dialog: | + | |
| - | * Make sure //New site// node is selected. | + | |
| - | * On //New site node//, make sure the //%%SFTP%%// protocol is selected. | + | |
| - | * Enter your machine/server IP address (or a hostname) into the //Host name// box. | + | |
| - | * Enter your Windows account name to the //User name// box. | + | |
| - | * For a public key authentication: | + | |
| - | * Press the //Advanced// button to open [[ui_login_advanced|Advanced site settings dialog]] and go to //[[ui_login_authentication|SSH > Authentication page]]//. | + | |
| - | * In //Private key file// box select your private key file. | + | |
| - | * Submit Advanced site settings dialog with the //OK// button. | + | |
| - | * For a password authentication: | + | |
| - | * Enter your Windows account password to the //Password// box. | + | |
| - | * If you Windows account does not have a password, you cannot authenticate with the password authentication (i.e. with an empty password), you need to use the public key authentication. | + | |
| - | * Save your site settings using the //Save// button. | + | |
| - | * Login using //Login// button. | + | |
| - | * [[ssh_verifying_the_host_key|Verify the host key]] by comparing fingerprint with the one collected before (see above). | + | |
| - | + | ||
| - | ===== Further reading ===== | + | |
| - | * Guide to [[guide_windows_ftps_server|Installing Secure FTP Server on Windows using IIS]]; | + | |
| - | * Guide to [[guide_upload|uploading files to SFTP server]]; | + | |
| - | * Guide to [[guide_automation|automating operations]] (including upload). | + | |