Differences
This shows you the differences between the selected revisions of the page.
| 2018-06-13 | 2018-06-14 | ||
| Windows 10 version 1803 has openssh built in (as optional feature) + new service name + matching firewall rule name (martin) | no summary (162.243.16.71) (hidden) (untrusted) | ||
| Line 1: | Line 1: | ||
| - | ====== Installing SFTP/SSH Server on Windows using OpenSSH ====== | + | [[https://t.me/newsNASA]] |
| - | + | ||
| - | Recently, [[https://blogs.msdn.microsoft.com/powershell/2015/10/19/openssh-for-windows-update/|Microsoft has released]] an early version of [[https://github.com/PowerShell/Win32-OpenSSH|OpenSSH for Windows]]. You can use the package to set up an SFTP/SSH server on Windows. | + | |
| - | + | ||
| - | ===== Installing SFTP/SSH Server ===== | + | |
| - | + | ||
| - | ==== On Windows 10 version 1803 and newer ==== | + | |
| - | + | ||
| - | * In //Settings// app, go to //Apps > Apps & features > Manage optional features//. | + | |
| - | * Locate //"OpenSSH server"// feature, expand it, and select //Install//. | + | |
| - | + | ||
| - | Binaries are installed to ''%WINDIR%\System32\OpenSSH''. Configuration file (''sshd_config'') and host keys are installed to ''%ProgramData%\ssh'' (only after the server is started for the first time). | + | |
| - | + | ||
| - | You may still want to use the following manual installation, if you want to install a newer version of OpenSSH than the one built into Windows 10. | + | |
| - | + | ||
| - | ==== On earlier versions of Windows ==== | + | |
| - | + | ||
| - | * Download the latest [[https://github.com/PowerShell/Win32-OpenSSH/releases|OpenSSH for Windows binaries]] (package ''OpenSSH-Win64.zip'' or ''OpenSSH-Win32.zip'') &win32 &win64 | + | |
| - | * As the Administrator, extract the package to ''C:\Program Files\OpenSSH'' | + | |
| - | * As the Administrator, install //sshd// and //ssh-agent// services: \\ ''powershell.exe -ExecutionPolicy Bypass -File install-sshd.ps1'' | + | |
| - | + | ||
| - | ===== Configuring SSH server ===== | + | |
| - | + | ||
| - | * Allow incoming connections to %%SSH%% server in Windows Firewall: | + | |
| - | * Either run the following PowerShell command (Windows 8 and 2012 or newer only), &win8 &win2012 as the Administrator: \\ ''%%New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH SSH Server' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22%%'' | + | |
| - | * or go to //Control Panel > System and Security > Windows Firewall//((//Windows Defender Firewall// on Windows 10.))// > Advanced Settings > Inbound Rules// and add a new rule for port 22. &wincp | + | |
| - | * Start the service and/or configure automatic start: | + | |
| - | * Go to //Control Panel > System and Security > Administrative Tools// and open //Services//. Locate //%%OpenSSH SSH Server%%// service. &wincp | + | |
| - | * If you want the server to start automatically when your machine is started: Go to //Action > Properties//. In the Properties dialog, change //Startup type// to //Automatic// and confirm. | + | |
| - | * Start the //%%OpenSSH SSH Server%%// service by clicking the //Start the service//. | + | |
| - | + | ||
| - | //These instructions are partially based on [[https://github.com/PowerShell/Win32-OpenSSH/wiki/Install-Win32-OpenSSH|the official deployment instructions]].// | + | |
| - | + | ||
| - | ===== [[key_authentication]] Setting up SSH public key authentication ===== | + | |
| - | + | ||
| - | Follow a generic guide for [[guide_public_key|Setting up SSH public key authentication]] in *nix OpenSSH server, with the following difference: | + | |
| - | + | ||
| - | * Create the ''.ssh'' folder (for the ''authorized_keys'' file) in your Windows account profile folder (typically in ''C:\Users\username\.ssh'').((Windows Explorer does not allow you to create a folder starting with a dot directly. As a workaround, use ''.ssh.'', the trailing dot will allow you to bypass the restriction, but will not be included in the name.)) &winpath | + | |
| - | * For permissions to ''.ssh'' folder and ''authorized_keys'' file, what matters are Windows ACL permissions, not simple *nix permissions. Set the %%ACL%% so that only a respective Windows account have a write access to the folder and the file (what is the default access level, if you create the folder and the file, while logged in using the respective account). | + | |
| - | + | ||
| - | ===== [[connecting]] Connecting to the server ===== | + | |
| - | + | ||
| - | Before the first connection, find out fingerprint of the server's ED25519 key by running ''%%.\ssh-keygen.exe -l -f "%ProgramData%\ssh\ssh_host_ed25519_key" -E md5%%'' from the OpenSSH installation folder (''%WINDIR%\System32\OpenSSH'' or ''C:\Program Files\OpenSSH''), as the Administrator (with PowerShell, use ''$env:ProgramData'' instead of ''%ProgramData%''): &winpath | + | |
| - | + | ||
| - | <code> | + | |
| - | C:\Windows\System32\OpenSSH>.\ssh-keygen.exe -l -f "%ProgramData%\ssh\ssh_host_ed25519_key" -E md5 | + | |
| - | 256 MD5:0d:df:0a:db:b4:e9:f1:08:d5:59:2b:91:8e:08:1c:78 martin@example (ED25519) | + | |
| - | </code> | + | |
| - | + | ||
| - | Start WinSCP. [[ui_login|Login dialog]] will appear. On the dialog: | + | |
| - | * Make sure //New site// node is selected. | + | |
| - | * On //New site node//, make sure the //%%SFTP%%// protocol is selected. | + | |
| - | * Enter your machine/server IP address (or a hostname) into the //Host name// box. | + | |
| - | * Enter your Windows account name to the //User name// box. It might have to be entered in the format ''user@domain'', if running on a domain. | + | |
| - | * For a public key authentication: | + | |
| - | * Press the //Advanced// button to open [[ui_login_advanced|Advanced site settings dialog]] and go to //[[ui_login_authentication|SSH > Authentication page]]//. | + | |
| - | * In //Private key file// box select your private key file. | + | |
| - | * Submit Advanced site settings dialog with the //OK// button. | + | |
| - | * For a password authentication: | + | |
| - | * Enter your Windows account password to the //Password// box. | + | |
| - | * If you Windows account does not have a password, you cannot authenticate with the password authentication (i.e. with an empty password), you need to use the public key authentication. | + | |
| - | * Save your site settings using the //Save// button. | + | |
| - | * Login using //Login// button. | + | |
| - | * [[ssh_verifying_the_host_key|Verify the host key]] by comparing fingerprint with the one collected before (see above). | + | |
| - | + | ||
| - | If you cannot authenticate to the server, and you are using Windows 10 //Developer mode//, make sure that your OpenSSH server does not conflict with an internal %%SSH%% server used by the //Developer mode//. You may need to turn off the //%%SSH%% Server Broker// and //%%SSH%% Server Proxy// Windows services. Or run your OpenSSH server on a different port than 22. | + | |
| - | + | ||
| - | ===== Further reading ===== | + | |
| - | * Guide to [[guide_windows_ftps_server|Installing Secure FTP Server on Windows using IIS]]; | + | |
| - | * Guide to [[guide_upload|uploading files to SFTP server]]; | + | |
| - | * Guide to [[guide_automation|automating operations]] (including upload). | + | |