Differences

This shows you the differences between the selected revisions of the page.

2018-02-09 2018-02-09
no summary (172.73.149.44) (hidden) (untrusted) Restored revision 1516272795. Undoing revision 1518210690. (martin) (hidden)
Line 1: Line 1:
====== Installing SFTP/SSH Server on Windows using OpenSSH ====== ====== Installing SFTP/SSH Server on Windows using OpenSSH ======
-Recently, [[https://blogs.msdn.microsoft.com/powershell/2015/10/19/openssh-for-windows-update/|Microsoft has released]] an early version of [[https://github.com/PowerShell/Win32-OpenSSH|OpenSSH or Windows]]. You can use the package to set up an SFTP/SSH server on Windows. +Recently, [[https://blogs.msdn.microsoft.com/powershell/2015/10/19/openssh-for-windows-update/|Microsoft has released]] an early version of [[https://github.com/PowerShell/Win32-OpenSSH|OpenSSH for Windows]]. You can use the package to set up an SFTP/SSH server on Windows. 
-x.+ 
 +===== Installing SFTP/SSH Server ===== 
 + 
 +  * Download the latest [[https://github.com/PowerShell/Win32-OpenSSH/releases|OpenSSH for Windows binaries]] (package ''OpenSSH-Win64.zip'' or ''OpenSSH-Win32.zip'') &win32 &win64 
 +  * Extract the package to ''C:\Program Files\OpenSSH'' 
 +  * As the Administrator, install SSHD and ssh-agent services: \\ ''powershell.exe -ExecutionPolicy Bypass -File install-sshd.ps1'' 
 +  * As the Administrator, generate server keys and restrict an access to them, by running the following commands from the ''C:\Program Files\OpenSSH'' directory: \\ ''.\ssh-keygen.exe -A'' \\ ''%%powershell.exe -ExecutionPolicy Bypass -Command ". .\FixHostFilePermissions.ps1 -Confirm:$false%%"'' 
 +  * Allow incoming connections to %%SSH%% server in Windows Firewall: 
 +    * Either run the following PowerShell command (Windows 8 and 2012 or newer only), &win8 &win2012 as the Administrator: \\ ''%%New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH Server (sshd)' -Service sshd -Enabled True -Direction Inbound -Protocol TCP -Action Allow%%'' 
 +    * or go to //Control Panel > System and Security > Windows Firewall//((//Windows Defender Firewall// on Windows 10.))// > Advanced Settings > Inbound Rules// and add a new rule for ''sshd'' service (or port 22). &wincp 
 +  * Start the service and/or configure automatic start: 
 +    * Go to //Control Panel > System and Security > Administrative Tools// and open //Services//. Locate //SSHD// service. &wincp 
 +    * If you want the server to start automatically when your machine is started: Go to //Action > Properties//. In the Properties dialog, change //Startup type// to //Automatic// and confirm. 
 +    * Start the SSHD service by clicking the //Start the service//. 
 + 
 +//These instructions are partially based on [[https://github.com/PowerShell/Win32-OpenSSH/wiki/Install-Win32-OpenSSH|the official deployment instructions]].// 
 + 
 +===== [[key_authentication]] Setting up SSH public key authentication ===== 
 + 
 +Follow a generic guide for [[guide_public_key|Setting up SSH public key authentication]] in *nix OpenSSH server, with following differences: 
 + 
 +  * Create the ''.ssh'' folder (for the ''authorized_keys'' file) in your Windows account profile folder (typically in ''C:\Users\username\.ssh'').((Windows Explorer does not allow you to create a folder starting with a dot directly. As a workaround, use ''.ssh.'', the trailing dot will allow you to bypass the restriction, but will not be included in the name.))&winpath 
 +  * Grant the %%SSH%% server read permissions to the ''.ssh'' folder. As the Administrator, run: \\ ''%%icacls C:\users\username\.ssh /grant "NT Service\sshd:R" /T%%'' 
 + 
 +===== [[connecting]] Connecting to the server ===== 
 + 
 +Before the first connection, find out fingerprint of the server's ED25519 key by running ''ssh-keygen.exe -l -f ssh_host_ed25519_key -E md5'' from the ''C:\Program Files\OpenSSH'': 
 + 
 +<code> 
 +C:\Program Files\OpenSSH>ssh-keygen.exe -l -f ssh_host_ed25519_key -E md5 
 +256 MD5:0d:df:0a:db:b4:e9:f1:08:d5:59:2b:91:8e:08:1c:78 martin@example (ED25519) 
 +</code> 
 + 
 +Start WinSCP. [[ui_login|Login dialog]] will appear. On the dialog:  
 +  * Make sure //New site// node is selected. 
 +  * On //New site node//, make sure the //%%SFTP%%// protocol is selected. 
 +  * Enter your machine/server IP address (or a hostname) into the //Host name// box. 
 +  * Enter your Windows account name to the //User name// box. It might have to be entered in the format ''user@domain'', if running on a domain. 
 +  * For a public key authentication: 
 +    * Press the //Advanced// button to open [[ui_login_advanced|Advanced site settings dialog]] and go to //[[ui_login_authentication|SSH > Authentication page]]//. 
 +    * In //Private key file// box select your private key file. 
 +    * Submit Advanced site settings dialog with the //OK// button. 
 +  * For a password authentication: 
 +    * Enter your Windows account password to the //Password// box.
    * If you Windows account does not have a password, you cannot authenticate with the password authentication (i.e. with an empty password), you need to use the public key authentication.     * If you Windows account does not have a password, you cannot authenticate with the password authentication (i.e. with an empty password), you need to use the public key authentication.
  * Save your site settings using the //Save// button.   * Save your site settings using the //Save// button.

Last modified: by martin