14.3. Obtaining and Installing the ServerOkhapkin's SSH1 server, sshd, can run under Windows NT installed as a service. It supports most server configuration features from Chapter 5, "Serverwide Configuration" with the notable exception of public-key authentication. NT login authentication requires an NT username and password, and SSH can't get around this barrier to provide authentication by public key. Like the clients, the server requires tricky installation. We'll assume you have already installed the Cygwin library and the SSH1 clients.
14.3.1. Obtain sshdSergey Okhapkin makes sshd 1.2.26 available on his site in two forms: as a precompiled executable or as source code diffs. We used the executable. Additionally, some other folks have created packages containing Sergey's executable and other support files. One of our favorites is:
14.3.2. Obtain the NT Resource KitTo run sshd as an NT service, you need three programs from the NT Resource Kit: instsrv.exe, srvany.exe, and kill.exe. The first two are utilities for turning ordinary programs into NT services. The third is for killing processes that can't be killed by the NT Task Manager.
14.3.3. Create an Administrative Usersshd will be invoked as an NT service running under an administrative user's account, so now let's create that administrative user. Run User Manager and do the following:
14.3.4. Install the ServerFirst copy the server program, sshd.exe, to a folder of your choice, say, C:\Bin. To complete the installation, you must convert sshd to an NT service run by your new administrative user and create some registry entries:
14.3.5. Generate Host KeyYour server needs a host key to identify it uniquely to SSH clients. [Section 188.8.131.52, "Host key files"] Use the ssh-keygen1 program to generate it and store the key pair in C:\etc:
C:\> ssh-keygen1 -f /etc/ssh_host_key -N "" -C ""
14.3.6. Edit sshd_configYour server is almost ready to run. Now it's time to create a server-wide configuration file so sshd behaves according to your system's security policy. [Section 5.3.1, "Server Configuration Files"] On NT this file resides in C:\etc\sshd_config. For our recommended settings, see Chapter 10, "A Recommended Setup". Be sure to indicate the correct locations of files, such as the host key. In Cygwin, "/" stands for the root of your boot drive. For example:
HostKey /etc/ssh_host_key PidFile /etc/sshd.pid RandomSeed /etc/ssh_random_seed
WARNING: If you make changes in sshd_config while the SSH server is running, you must terminate and restart sshd for those changes to take effect. [Section 14.3.9, "Terminate the Server"] Stopping and restarting the service with the Services control panel isn't sufficient.
14.3.7. Run the ServerTo run sshd, open the Services control panel and look for the service SecureShellDaemon. Select it, and click the Start button. That's it! In the NT Task Manager, the process shows up as sshd.exe.
14.3.8. Test the ServerIf you've installed both sshd and ssh1 on your local PC, try connecting to yourself:
Otherwise, try connecting from another site:C:\> ssh1 localhost firstname.lastname@example.org's password: ********
If the connection doesn't work, use ssh1 -v to print diagnostic output and figure out the problem.$ ssh1 -l smith mypc.mydomain.org email@example.com's password: ********
14.3.9. Terminate the ServerTo terminate an NT service, one normally uses the Stop button on the Services control panel. Unfortunately, this doesn't work for sshd under NT, even though the service appear to have stopped in the control panel. You need to kill the process manually. This can be done with the program kill.exe from the NT Resource Kit. Get the pid of sshd.exe from the NT Task Manager (suppose it is 392), and then type:
C:\> kill 392
Copyright © 2002 O'Reilly & Associates. All rights reserved.