This is an old revision of the document!

Documentation » Using WinSCP » Guides » Other »

Installing SFTP/SSH Server on Windows using OpenSSH

Recently, Microsoft has released an early version of OpenSSH for Windows. You can use the package to set up an SFTP/SSH server on Windows.

Advertisement

Installing SFTP/SSH Server

  • Download the latest OpenSSH for Windows binaries (package OpenSSH-Win32.zip)
  • Extract the package to a convenient location (we will use C:\openssh in this guide)
  • Generate server keys by running the following commands from the C:\openssh (when asked for a passphrase, just press Enter, as the server keys cannot be protected with a passphrase):
    ssh-keygen.exe -t rsa -f ssh_host_rsa_key
    ssh-keygen.exe -t dsa -f ssh_host_dsa_key
    ssh-keygen.exe -t ecdsa -f ssh_host_ecdsa_key
    ssh-keygen.exe -t ed25519 -f ssh_host_ed25519_key
    
  • Open a port for the SSH server in Windows Firewall:
    • Either run the following PowerShell command (Windows 8 and 2012 or newer only), as the Administrator:
      New-NetFirewallRule -Protocol TCP -LocalPort 22 -Direction Inbound -Action Allow -DisplayName SSH
    • or go to Control Panel > System and Security > Windows Firewall > Advanced Settings > Inbound Rules and add a new rule for port 22.
  • fragment of setup-ssh-lsa.cmd (problem subfolder name (dp0×86) correct is x86 or x64):
    if %PROCESSOR_ARCHITECTURE%==x86 (
       set lsadll=%~dp0x86\ssh-lsa.dll
    )
    if %PROCESSOR_ARCHITECTURE%==AMD64 (
       set lsadll=%~dp0x64\ssh-lsa.dll
    )
    
  • To allow a public key authentication, as an Administrator, run:
    C:\openssh\setup-ssh-lsa.cmd
    please before run setup-ssh-lsa-cmd verify that it is handling your subfolder where you unzip your files, if not please correct path
    where your openssh x86 (32 bits) or x64 (64 bits) and restart the machine
  • In C:\openssh\sshd_config locate a Subsystem sftp directive and change the path to sftp-server to its Windows location:
    Subsystem sftp C:\openssh\sftp-server.exe
  • As the Administrator, install an SSHD service:
    sshd.exe install
  • Start the service and/or configure automatic start:
    • Go to Control Panel > System and Security > Administrative Tools and open Services. Locate SSHD service.
    • If you want the server to start automatically when your machine is started: Go to Action > Properties. In the Properties dialog, change Startup type to Automatic and confirm.
    • Start the SSHD service by clicking the Start the service.

These instructions are partially based on the official deployment instructions.

Advertisement

Setting up SSH public key authentication

Follow a generic guide for Setting up SSH public key authentication in *nix OpenSSH server, with following differences:

  • Create the .ssh folder (for the authorized_keys file) in your Windows account profile folder (typically in C:\Users\username\.ssh).
  • Do not change permissions for the .ssh and the authorized_keys.

Connecting to the server

Before the first connection, find out fingerprint of the server’s RSA key by running ssh-keygen.exe -l -f ssh_host_rsa_key -E md5 from the C:\openssh:

C:\openssh>ssh-keygen.exe -l -f ssh_host_rsa_key -E md5
2048 MD5:94:93:fe:cc:c5:7d:d8:2a:33:21:0e:f3:91:11:8a:d9 martin@example (RSA)

Start WinSCP. Login dialog will appear. On the dialog:

  • Make sure New site node is selected.
  • On New site node, make sure the SFTP protocol is selected.
  • Enter your machine/server IP address (or a hostname) into the Host name box.
  • Enter your Windows account name to the User name box.
  • For a public key authentication:
  • For a password authentication:
    • Enter your Windows account password to the Password box.
    • If you Windows account does not have a password, you cannot authenticate with the password authentication (i.e. with an empty password), you need to use the public key authentication.
  • Save your site settings using the Save button.
  • Login using Login button.
  • Verify the host key by comparing fingerprint with the one collected before (see above).

Further reading

Advertisement

Last modified: by 187.38.122.2