Differences
This shows you the differences between the selected revisions of the page.
| 2016-04-24 | 2016-04-24 | ||
| testing (27.0.168.116) (hidden) | Restored revision 1459450179. Undoing revision 1461507133. (martin) (hidden) | ||
| Line 1: | Line 1: | ||
| - | Test test test | + | ====== Installing SFTP/SSH Server on Windows using OpenSSH ====== |
| + | |||
| + | Recently, [[https://blogs.msdn.com/b/powershell/archive/2015/10/19/openssh-for-windows-update.aspx|Microsoft has released]] an early version of [[https://github.com/PowerShell/Win32-OpenSSH|OpenSSH for Windows]]. You can use the package to set up an SFTP/SSH server on Windows. | ||
| + | |||
| + | ===== Installing SFTP/SSH Server ===== | ||
| + | |||
| + | * Download the latest [[https://github.com/PowerShell/Win32-OpenSSH/releases/|OpenSSH for Windows binaries]] (package ''OpenSSH-Win32.zip'') | ||
| + | * Extract the package to a convenient location (we will use ''C:\openssh'' in this guide) | ||
| + | * Generate server keys by running the following commands from the ''C:\openssh'': <code> | ||
| + | ssh-keygen.exe -A | ||
| + | </code> | ||
| + | * Open a port for the %%SSH%% server in Windows Firewall: | ||
| + | * Either run the following PowerShell command (Windows 8 and 2012 or newer only), &win8 &win2012 as the Administrator: \\ ''New-NetFirewallRule -Protocol %%TCP%% -LocalPort 22 -Direction Inbound -Action Allow -DisplayName %%SSH%%'' | ||
| + | * or go to //Control Panel > System and Security > Windows Firewall > Advanced Settings > Inbound Rules// and add a new rule for port 22. &wincp | ||
| + | * To allow a public key authentication, as an Administrator, from ''C:\openssh'', run: \\ ''powershell.exe .\install-sshlsa.ps1'' \\ and restart the machine | ||
| + | * In ''C:\openssh\sshd_config'' locate a ''Subsystem sftp'' directive and change the path to ''sftp-server'' to its Windows location: \\ ''Subsystem sftp C:\openssh\sftp-server.exe'' | ||
| + | * As the Administrator, install an SSHD service: \\ ''sshd.exe install'' | ||
| + | * Start the service and/or configure automatic start: | ||
| + | * Go to //Control Panel > System and Security > Administrative Tools// and open //Services//. Locate //SSHD// service. &wincp | ||
| + | * If you want the server to start automatically when your machine is started: Go to //Action > Properties//. In the Properties dialog, change //Startup type// to //Automatic// and confirm. | ||
| + | * Start the SSHD service by clicking the //Start the service//. | ||
| + | |||
| + | //These instructions are partially based on [[https://github.com/PowerShell/Win32-OpenSSH/wiki/Install-Win32-OpenSSH|the official deployment instructions]].// | ||
| + | |||
| + | ===== Setting up SSH public key authentication ===== | ||
| + | |||
| + | Follow a generic guide for [[guide_public_key|Setting up SSH public key authentication]] in *nix OpenSSH server, with following differences: | ||
| + | |||
| + | * Create the ''.ssh'' folder (for the ''authorized_keys'' file) in your Windows account profile folder (typically in ''C:\Users\username\.ssh''). &winpath | ||
| + | * Do not change permissions for the ''.ssh'' and the ''authorized_keys''. | ||
| + | |||
| + | ===== Connecting to the server ===== | ||
| + | |||
| + | Before the first connection, find out fingerprint of the server's RSA key by running ''ssh-keygen.exe -l -f ssh_host_rsa_key -E md5'' from the ''C:\openssh'': | ||
| + | |||
| + | <code> | ||
| + | C:\openssh>ssh-keygen.exe -l -f ssh_host_rsa_key -E md5 | ||
| + | 2048 MD5:94:93:fe:cc:c5:7d:d8:2a:33:21:0e:f3:91:11:8a:d9 martin@example (RSA) | ||
| + | </code> | ||
| + | |||
| + | Start WinSCP. [[ui_login|Login dialog]] will appear. On the dialog: | ||
| + | * Make sure //New site// node is selected. | ||
| + | * On //New site node//, make sure the //%%SFTP%%// protocol is selected. | ||
| + | * Enter your machine/server IP address (or a hostname) into the //Host name// box. | ||
| + | * Enter your Windows account name to the //User name// box. | ||
| + | * For a public key authentication: | ||
| + | * Press the //Advanced// button to open [[ui_login_advanced|Advanced site settings dialog]] and go to //[[ui_login_authentication|SSH > Authentication page]]//. | ||
| + | * In //Private key file// box select your private key file. | ||
| + | * Submit Advanced site settings dialog with the //OK// button. | ||
| + | * For a password authentication: | ||
| + | * Enter your Windows account password to the //Password// box. | ||
| + | * If you Windows account does not have a password, you cannot authenticate with the password authentication (i.e. with an empty password), you need to use the public key authentication. | ||
| + | * Save your site settings using the //Save// button. | ||
| + | * Login using //Login// button. | ||
| + | * [[ssh_verifying_the_host_key|Verify the host key]] by comparing fingerprint with the one collected before (see above). | ||
| + | |||
| + | ===== Further reading ===== | ||
| + | * Guide to [[guide_windows_ftps_server|Installing Secure FTP Server on Windows using IIS]]; | ||
| + | * Guide to [[guide_upload|uploading files to SFTP server]]; | ||
| + | * Guide to [[guide_automation|automating operations]] (including upload). | ||