home | O'Reilly's CD bookshelfs | FreeBSD | Linux | Cisco | Cisco Exam  

Book HomeSSH, The Secure ShellSearch this book
PreviousNext

14.3. Obtaining and Installing the Server

Okhapkin's SSH1 server, sshd, can run under Windows NT installed as a service. It supports most server configuration features from Chapter 5, "Serverwide Configuration" with the notable exception of public-key authentication. NT login authentication requires an NT username and password, and SSH can't get around this barrier to provide authentication by public key.

Like the clients, the server requires tricky installation. We'll assume you have already installed the Cygwin library and the SSH1 clients.

14.3.1. Obtain sshd

Sergey Okhapkin makes sshd 1.2.26 available on his site in two forms: as a precompiled executable or as source code diffs. We used the executable. Additionally, some other folks have created packages containing Sergey's executable and other support files. One of our favorites is:

http://www.gnac.com/techinfo/ssh_on_nt/

14.3.2. Obtain the NT Resource Kit

To run sshd as an NT service, you need three programs from the NT Resource Kit: instsrv.exe, srvany.exe, and kill.exe. The first two are utilities for turning ordinary programs into NT services. The third is for killing processes that can't be killed by the NT Task Manager.

14.3.3. Create an Administrative User

sshd will be invoked as an NT service running under an administrative user's account, so now let's create that administrative user. Run User Manager and do the following:

  1. Create a local user called (say) root.

  2. Make root a member of the Administrators group.

  3. Under "Options/User Rights", check the checkbox "Show Advanced User Rights".

Now grant root the following rights:

  • Act as part of the operating system

  • Increase quotas

  • Log on as a service

  • Replace a process level token

Close the application, and you're ready to continue.

14.3.4. Install the Server

First copy the server program, sshd.exe, to a folder of your choice, say, C:\Bin. To complete the installation, you must convert sshd to an NT service run by your new administrative user and create some registry entries:

  1. To install the server as an NT service, run the following command, assuming your administrative user is root, your NT Resource Kit programs are in C:\reskit, and your computer's name is mypc. (This is one command on a single line.)

    C:\> C:\reskit\instsrv.exe SecureShellDaemon
C:\reskit\srvany.exe -a mypc\root -p root
  2. Create the following registry entries. HKLM means HKEY_LOCAL_MACHINE:

    • In HKLM\SYSTEM\CurrentControlSet\Services\SecureShellDaemon, create a string value called "ObjectName" with the value "LocalSystem".

    • In HKLM\SYSTEM\CurrentControlSet\Services\SecureShellDaemon\Para-meters, create a string value "Application" with the value "C:\\Bin\\sshd.exe", and a string value "AppParameters" with value "-f /etc/sshd_config".

14.3.5. Generate Host Key

Your server needs a host key to identify it uniquely to SSH clients. [Section 5.4.1.1, "Host key files"] Use the ssh-keygen1 program to generate it and store the key pair in C:\etc:

C:\> ssh-keygen1 -f /etc/ssh_host_key -N "" -C ""

14.3.6. Edit sshd_config

Your server is almost ready to run. Now it's time to create a server-wide configuration file so sshd behaves according to your system's security policy. [Section 5.3.1, "Server Configuration Files"] On NT this file resides in C:\etc\sshd_config. For our recommended settings, see Chapter 10, "A Recommended Setup".

Be sure to indicate the correct locations of files, such as the host key. In Cygwin, "/" stands for the root of your boot drive. For example:

HostKey /etc/ssh_host_key
PidFile /etc/sshd.pid
RandomSeed /etc/ssh_random_seed
WARNING: If you make changes in sshd_config while the SSH server is running, you must terminate and restart sshd for those changes to take effect. [Section 14.3.9, "Terminate the Server"] Stopping and restarting the service with the Services control panel isn't sufficient.

14.3.7. Run the Server

To run sshd, open the Services control panel and look for the service SecureShellDaemon. Select it, and click the Start button. That's it! In the NT Task Manager, the process shows up as sshd.exe.

14.3.8. Test the Server

If you've installed both sshd and ssh1 on your local PC, try connecting to yourself:

C:\> ssh1 localhost
smith@127.0.0.1's password: ********
Otherwise, try connecting from another site:

$ ssh1 -l smith mypc.mydomain.org
smith@mypc.mydomain.org's password: ********
If the connection doesn't work, use ssh1 -v to print diagnostic output and figure out the problem.

14.3.9. Terminate the Server

To terminate an NT service, one normally uses the Stop button on the Services control panel. Unfortunately, this doesn't work for sshd under NT, even though the service appear to have stopped in the control panel. You need to kill the process manually. This can be done with the program kill.exe from the NT Resource Kit. Get the pid of sshd.exe from the NT Task Manager (suppose it is 392), and then type:

C:\> kill 392
PreviousHomeNext
14.2. Client UseBook Index14.4. Troubleshooting
Library Navigation Links

Copyright © 2002 O'Reilly & Associates. All rights reserved.