Jun
7
Installing OpenSSH on Windows 7
June 7, 2011 | 67 Comments
Today, I was tempted to take control of a Windows machine remotely in console mode as I’m trying to script the launch and use of VLC. A quick Google search reveleaed the existence of the sshwindows project which is a more lightweight solution than a full cygwin installation.
Here are the installation steps :
Download and run the sshwindows installer.
As the setup will tell you, some simple commands will be needed to complete the installation. Launch the windows command line tool (windows key -> type cmd -> press enter) and head to the directory in which you installed open ssh.
1 2 3 | cd \ cd "Program Files (x86)" cd OpenSSH |
The steps needed to complete the installation are detailed in the docs folder in two files : quickstart.txt will quickly sum up the steps while the readme.txt is a more detailed setup and troubleshooting guide.
Below is a step by step process on what I had to do to get the server running :
1 2 3 4 5 6 7 8 9 10 11 12 | # go to the bin directory of the OpenSSH folder cd bin # create the default groups mkgroup -l >> ..\etc\group #create the default users mkpasswd -l >> ..\etc\passwd # Note: for neither of the above commands did I bother with the domain version documented in the quickstart # Now, if you look in ..\etc\passwd, you will see entries (one per line) for all your Windows users. # Start the server in debug mode cd ..\usr\sbin sshd -d -d -d |
According to the quickstart guide, everything should work at this point but that was not the case for me.
I had permission errors with the rsa and das key files
Below is the message I saw :
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | debug1: sshd version OpenSSH_3.8.1p1 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: UNPROTECTED PRIVATE KEY FILE! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Permissions 0644 for '/etc/ssh_host_rsa_key' are too open. It is recommended that your private key files are NOT accessible by others. This private key will be ignored. bad permissions: ignore key: /etc/ssh_host_rsa_key Could not load host key: /etc/ssh_host_rsa_key @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: UNPROTECTED PRIVATE KEY FILE! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Permissions 0644 for '/etc/ssh_host_dsa_key' are too open. It is recommended that your private key files are NOT accessible by others. This private key will be ignored. bad permissions: ignore key: /etc/ssh_host_dsa_key Could not load host key: /etc/ssh_host_dsa_key Disabling protocol version 2. Could not load host key sshd: no hostkeys available -- exiting. |
I solved that problem by using chown and chmod available in the bin folder to change the persmission on these files. As I found out trying to run chown, I needed a cygintl-2.dll file which I didn’t have on that computer. I ended up copying it from another computer running an up to date install of cygwin. In this up to date version, cygintl-2 was called cygintl-8, I renamed it. If you need to, download cygintl-2.dll and cygwin1.dll and place them in your OpenSSH\bin directory. Note that you will need to replace the existing cygwin1.dll.
1 2 3 4 5 6 7 8 | cd ..\..\etc ..\bin\chown <username> * ..\bin\chmod 600 * # ls -lsa to confirm that the permissions were changed # run the server in debug mode again... cd .. usr\sbin\sshd -d -d -d # If prompted, allow the service to accept incoming connections... |
That’s it, at this point, the server starts. You can kill it (CTRL+C) and start it as a Windows service by running
1 | net start opensshd |
Time to test our SSH server with a client. On a different computer, run a SSH client (if the other computer is running Windows, you can use putty).
1 2 3 4 | ssh <username>@<ip_windows_machine> # You will be prompted to accept the authenticity of host, type yes # You will be prompted for a password # Enter your windows password |
At this point, it worked for me ! Now I can connect to a Windows 7 using SSH and that makes Windows a lot cooler ! Thanks to the developer, Michael Johnson.
Going further, the public key authentication
Since my goal, with all this, was to script the use of VLC from a Unix machine on the Windows one, I could use the public key authentication to bypass the interactive authentication.
The SSH public key authentication system is based on the private and public keys which are expected in the user’s home folder (in a folder called .ssh). So the first step will be to define the user’s home folder on windows.
Since I’m not using cygwin but open ssh for windows, it’s only the declaration of the home folder in openssh that I care for. I edited the file in c:\Program Files (x86)\OpenSSH\etc\passwd and changed the value before last (each value is separated by a ;). I changed the home folder for my user to /cygdrive/c/Users/<username>. Now I can go in my c:\Users\<username> folder and create a folder called .ssh. I recommend creating this folder using the command window as I don’t think it is possible with the graphical interface.
1 2 | cd c:\Users\<username> mkdir .ssh |
At this point, you need a public key which you should generate with the command
1 | ssh-keygen -t rsa |
Now, the idea is to place my user’s public key in this folder in a file called authorized_keys. Since I’ve already setup my public key, I simply add to place it in that folder and do :
1 2 3 4 5 6 7 | cd c:\Users\<username> cp id_dsa.pub authorized_keys remove id_dsa.pub # The public key authentication will not work if the permissions are not set right on this file so "c:\Program Files (x86)\OpenSSH\bin\chown.exe" -R <username> . "c:\Program Files (x86)\OpenSSH\bin\chmod.exe" -R 700 .ssh "c:\Program Files (x86)\OpenSSH\bin\chmod.exe" 600 authorized_keys |
Edit your ssh server configuration file and make sure the Public Key authorization is not commented (it was okay for me by default)
From your client computer, connect again using ssh <username>@<windows_ip> and you shouldn’t be prompted for a password anymore.
Now, I can simply launch commands on the windows machine by doing
1 | ssh <username>@<ip_windows> <cmd> |
Finally, moving on with my project which I’ll describe in this blog upon completion. ’till then, hope this tip helps
Tagged with: console, cygwin, openssh, ssh, terminal, vlc, Windows 7
Liked this page?
Subscribe to the RSS feed or sign up for the newsletter now.
Thanks a lot.
Chmod on windows is new for me 🙂
Chmod is only available because it is included in either cygwin or windowsssh.
Glad you liked the post.
Very detailed explanation, Thank you! For me, it is the first time I hear this possibility with windows 7.
Thanks, this guide helped me with the Windows 7 permissions issues. I downloaded cygintl-2 from the current cygwin install but it didn’t work. It stopped thrwoing the “You need cygintl-2.dll” error message when running ls, chown and chmod but the commands didn’t actually do anything. Replacing my .dlls with yours fixed it.
[…] Install openssh server on windows A list of ssh client on windows This entry was posted in Computer Tips and tagged mingw, ssh, ssh client by admin. Bookmark the permalink. […]
Hi
Good explanation. It works for me, but i have a questions.
1. I followed your steps to generate the public key but i am seeing id_dsa.pub file in \Users\\.ssh
2. cp command failed – cp id_das.pub authorized_keys
Please advice.
Thank you in Advance.
If you don’t have any unix tools such as cp installed, try using copy instead of cp. Good luck with your setup
follow guide step by step was able to log on in debug mode but when i tried
net start opensshd
got error 5 access denied
please advice
thanks in advance
I had the same problems.
Please help
I solved this problem by start the CMD as administrator or start the service directly in services.msc
Thanks for posting the solution here !
Is there a way to install ssh-keygen and openssh on windows 7 that someone maintains? openssh on windows seems un-maintained for windows.
Thank so very much! This is one solution that worked perfectly for me!
Most of it worked for me, but when i got to the part about testing it from a 2nd pc with username@ip_of_pc i accept the connection then i type my windows password it does not accept it. Any ideas why?
I get the same exact error as Shugo.
username@ipaddress gives the following error:
User Sandy not allowed because shell /bin/switch is not executable
input_userauth_request: illegal user sandy
I’m assuming there is a permission error of some kind? thanks.
To fix the login\password issue I changed the 600 value to 700 in the chmod command and it worked. No more “not allowed because shell /bin/switch is not executable” in debug (sshd -d -d -d)
..\bin\chown *
..\bin\chmod 700 *
I´m having the same problem as Shugo, the windows password is not working.
Could you help us?
Thanks.
This guide was perfect
thanks. rlly usefull.
You are a god among men.
No for real.
Seriously, fucking fantastic guide.
C:\Program Files (x86)\OpenSSH\usr\sbin\net start opensshd
The OpenSSH Server service is starting.
The OpenSSH Server service could not be started.
A system error has occurred.
System error 1067 has occurred.
The process terminated unexpectedly.
Any Solution for this error?
Thanks in advance
Hi,
this guide is great so far, but I keep getting stuck at the part where you type “..\bin\chown *”
Is the username my Windows username? Or do I somehow have to register an OpenSSH account?
Thanks.
Leave your windows username…i had something similar happen but i typed Admin or Administrator (case sensitive) and that did it.
Hope this helps!
Hey this is great! works perfectly!! Thanks for great post!
Awesome, thanks for the help!
Thanks a lot….I had the same problem on Windows 2008 server…and it worked like a charm…
Thanks a lot.
But I have a problem with the publickey authentication. I’ve generated the id_rsa.pub on my client. I’ve copied the id_rsa.pub to the server and moved this file to /.ssh/authorized_keys. I’ve changed the permissions of files and folders. I’ve configured the sshd_config to:
StrictModes no
RSAAuthentication no
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
But I can’t login on server. I receive the following messages:
debug3: channel 0: status: The following connections are open:
#0 client-session (t4 r0 i3/0 o3/0 fd -1/-1 cfd -1)
debug3: channel 0: close_fds r -1 w -1 e 6 c -1
Connection to 192.168.20.69 closed.
debug1: Transferred: stdin 0, stdout 0, stderr 37 bytes in 4.7 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 7.8
debug1: Exit status 255
Last login: Fri Aug 3 11:57:39 2012 from 192.168.20.63
Connection to 192.168.20.69 closed.
Any ideas why?
Thank you very much!!!
Regards
What are you doing writing blog posts at 5:30 in the morning? Or was your computer clock off when you took those screenshots? :V
Peter emailed me with a question about Open SSH and I share it here as someone else might have the solution :
“I recently followed your guide on how to set up a ssh server using OpenSSH (http://www.worldgoneweb.com/2011/installing-openssh-on-windows-7/), and I got it working. However i ran into a bit of a snag: If i wanted to transfer files using a DD command, where would these files be stored? I´m planning on dumping my entire iPhone disk image onto my computer, but I´m not that tech-savvy and using SSH is somewhat confusing to me. I tried to follow another guide that would let you do this (which you can find here), but as i started to transfer the disk image, i realized that i had no idea where this file were being stored. If you could help me with my problem i would very much appreciate it. — Peter”
Mukesh also emailed me with a question on this matter :
“Your guide to install openssh on windows 7 helped me a lot, it gave me a detailed explanation, thank you so much. Now I have one small issue, I have installed Opennssh on my windows 7 machine, when I try to run it in debug mode using this command “sshd –ddd” it’s working fine, Problem is when I try to run it as a sshd service using this command “net start sshd” it’s running but it’s not at all responding to the client requests like when I run it in debug mode. Please suggest me the solution for this. –Mukkesh”
I hope he can find the solution in this thread.
I have the exact same problem.
verbose logging from ssh client gives one of two issues:
Received disconnect from 10.74.50.103: 2: fork failed: Resource temporarily unavailable
–OR–
ssh_exchange_identification: Connection closed by remote host
I’ve seen some suggestions about doing a rebaseall but it seems to only pertain to the dll’s in the cygwin folders.
Hi so I installed OpenSSH for Windows and there are no readme.txt or quickstart.txt files. what do i do…
Same as Hovhannes above – I followed your link to SourceForge and downloaded the installer, which is now different than the picture you have above. Installer (msi file) was red and there were no readme.txt or quickstart.txt files. However, when I clicked on the setupssh.exe file that was now in the zip file, I am finally getting the pictures you are showing above – the yellow install wizard and am getting the message about editing the passwd file – which did not come up with the red installer. I will continue and see if your instructions now work.
I’ve gotten as far as the “Start the server in debug mode”, but when I put in
sshd -d -d -d
I get “The program can’t start because cygcrypto-0.9.7.dll is missing from your computer. Try reinstalling the program to fix this problem.” I could see very clearly that the mentioned file was in my Program Files (x86)\OpenSSH\bin directory, but I reinstalled it anyway. And cygcrypto-0.9.7.dll is once again in that same location, but I’m still getting the same message. That dll is from 2004. Is there a newer version of said file I may need?
Thank you
I did a complete uninstall and ran the setup.exe once again, this time without seeing the msi installer file that popped up the very first time. Am getting much further now. Will let you know how it proceeds.
Thank you
FINISHED! The uninstall/reinstall seemed to do the trick. Only other issue I ran into was having to turn off the Firewall in Windows 7 for private networks, but THANK YOU! Now I just need to install it on another machine and see if I can start using SSH between the two!
Hi Eric,
True, I should have mentioned the possible problem of the Firewall though Windows might/should prompt you to accept the incoming connection ! Thanks for pointing this out in the comments here as it might help others.
Enjoy the power of remote SSH control of your machine ! I hope the second computer setup goes well.
How to create a Firewall exception for OpenSSH instead of disabling the firewall completely:
Windows Firewall and Advanced Security
Inbound Rules
New Rule…
Rule Type: Port
Does this rule apply to TCP or UDP: TCP
Specific local ports: 22
What action …? Allow Connection
When does this rule apply? Domain, Private, Public
Name: Accept connections on port 22 for OpenSSH
Running into a strange issue. I have installed the Open SSH on both of the Windows 7 boxes I have. If I try to ssh into one from the other, it logs me in administrator, but as soon as I put in the administrator password, it just goes right back to the c:\ prompt/command line. And even more strange – if the other box I am trying to ssh to has gone to the screensaver (just a blank screen), it never connects. It tries and tries and finally comes back that the connection has timed out. Yet, if I try to connect to one of our remote sites that are all currently Windows XP boxes, I can ssh and log into them as administrator without any problems.
Suggestions?
PS – problem is not just between the Windows 7 box. I tried to ssh into one of the Windows 7 boxes from a Windows XP box and as soon as I put in the password, I get “Connection closed by remote host.” So something is not set correctly with the Windows 7 box (or maybe again has to do with the Firewall?).
Thank you for the nice tutorial.
Have you got any tips or pointers for getting an ssh-agent running?
Hi, If I am trying to login using a public and private key set up..and I am logging into my windows machine from my mac, do i run ssh-keygen or the mac or the windows machine? and if on the windows machine, do I put the id_rsa.pub file into my mac and rename it authorized_keys with no extnesion in my ~/.ssh folder?
This totally worked, I was trying to get Tortoise Hg to use OpenSSH and it was having issues reading the id_rsa because of the permissions even though I had changed it with a different chmod.exe ( installed it with Git Extensions ). After following your recommendations, worked like a charm!
All you have to make sure you do is add the following line to your mercurial.ini
[ui]
ssh = “ssh”
Assuming that you have ssh in the path, putting the entire path caused it to hang for me.
Is there any feasibility to check the sshd -ddd (debug mode) is running or not?
Not by typing in command prompt directly shhd -ddd what I mean is there any way to check it programmatically and if it is not listening then we have to throw the command sshd -ddd to make it listen.
I am having an issue using the authorized_keys. If I start the server with sshd -d -d -d and test using the key files, my login works without the password. If I then stop the sshd process and start the service, I can no longer connect and the log in /var/log shows a “Status_Access Violation”.
Any help would be appreciated.
to answer my own question (or anybody else), make sure the Windows Openssh service is running as the user that you permissioned with the 600 access in the etc directory. By default the service will run as Local User and the permissioning above denies access to that.
Thx!! You really help me!!
Have used your instructions to install SSH on several Windows 7 PCs. Working fine now. Ran into a problem with a new PC when I get to the 2nd to last command – right after I’ve run the chown and chmod changes. When I then put in usr\sbin\sshd -d -d -d, the system runs several debug lines and then stops completely at:
“Server listening on 0.0.0.0 port 22.”
I tried an uninstall and ran it again, but it’s stopping in the same place. Any ideas/suggestions?
Thank you
Interestingly, I have found that SSH is working on said PC – even though it never went beyond that message so I could run the final “net start opensshd” command. Any ideas here?
Sorry – I take that back. I can SSH out from either of these PCs where it stopped at previously mentioned point, but I cannot SSH into either of those PCs from which my previous SSH install worked. I get this message when I try to SSH to them:
ssh: connect to host port 22: Connection refused
Not sure why the install is failing – especially since it worked previously on one of the PCs.
PROBLEM SOLVED – sorry for all the posts, but I’d missed the
“That’s it, at this point, the server starts. You can kill it (CTRL+C) and start it as a Windows service by running…”
in your instructions. Must pay attention to the little details!
Anyone tried this in 64bit machine? sshd just crashes when ran.
yep I have it running on a Win 7 x64….it’s not the best but it works most of the time
[…] http://www.worldgoneweb.com/2011/installing-openssh-on-windows-7/ […]
thanks for the explanation, i would change one thing that stopped me:
instead of ” Launch the windows command line tool ”
Launch the windows command line tool (As administrator)
because the
..\bin\chown Administrator *
and
net start opensshd
won’t work in a normal stock standard install of windows 7
Phantastic how-to. Saved my day. Thanks a lot!
Hello, this is a GOOD article thanks to You.
I have try it and run sshd -d-d-d eeverything fine, but when I try to connect from other PC using Putty, they ask username and Password, BUT they keep telling access denied as if wrong password. I used the same username that I make from mkpasswd (domain username), I can login to those PC win7 using those username+password. and I try connect putty to my AccessPoint everything normal.
Any help ? Thnaks
Was of great help. Thanks a lot!
For all those that are having problems with login with Permission denied, please try again.
open a command prompt and cd to your openssh\bin and run
..\usr\sbin\sshd -d -d -d
try to log in and look at the debugging information if you see this line
“User not allowed because shell /bin/switch is not executable”
cancel with control-c
In the same command prompt window enter the command
chmon +x switch.exe
Muito obrigado !
Muchas gracias !
Thanks !
Mercy !
You save my day with this post 🙂
I am still getting ‘Login with Permission denied, please try again.’ I closely checked the debug information but didnot get ““User not allowed because shell /bin/switch is not executable””. Even then I run the command “chmod +x switch.exe” (chmon is not recognized as a command on my pc). But did get my problem solved. Please please help…
Can i install openssh silently and by pass the prompt while installing
To get the pubkey authentication to work on Windows Server 2012, I had to change the path in etc/passwd to:
/cygdrive/c/Users/Administrator
(or whichever user you prefer…)
Note that ‘Users’ absolutely must have a capital ‘U’, or else the server will give some weird error and die.
I have this running on Win 7 x86 but I get many connections refused and many failed to fork messages from sshd.
Sometimes I get in on the first try and other times it takes many tries.
Anyone have a solution for this?
I meant x64 …the app itself installs in “program files (x86)”
C:\OpenSSH\Bin\chmod +x *.* fixed my pemissions denied issue.