Install and configure SSH on Windows

23. February 2011 · 4 comments · Categories: Networking · Tags:

This guide explains how to install and configure a SSH server for a Windows XP home computer. SSH (Secure Shell) is a secure communications networking protocol based on the client-server model. It’s used to log into and execute commands between remote computers or devices and is widely used as a secure replacement for the insecure telnet and rlogin protocols. SSH encrypts all of the data, including the authentication data, allowing secure communications over unsecured networks, such as the Internet. Connections are made using public-key cryptography or password authentication while the data itself is encrypted using one of several included encryption algorithms. It supports tunneling, port forwarding and transferring files with the associated protocols SFTP (Secure File Transfer Protocol) and SCP (Secure Copy Protocol), which are part of the standard SSH package. Typically used on Linux and UNIX systems, SSH runs on Windows systems using Linux-like environments such as Cygwin.

Benefits of SSH

  • Enhanced Security – user and host authentication, data encryption and integrity
  • Remotely connect computers (running Windows or Linux) and execute commands
  • Use applications such as Filezilla or WinSCP for file management operations on the same computer or from a remote computer
  • TCP/IP and X11 connection tunneling (a slightly more complex topic not explained in this guide)

The OpenSSH package

This guide uses the free and precomplied version of the OpenSSH suite, a stand alone version of SSH using a stripped down version of Gygwin. This allows for a quicker and smaller installation than if OpenSSH is installed as part of a regular Cygwin installation. The OpenSSH suite consists of the SSH program, SCP, SFTP and it also includes several supporting utilities (see http://openssh.org). The Windows version of OpenSSH hasn’t been updated for sometime, so the latest pre-compiled version available for Windows is v3.8.1p1-1 (July 2004), which still works well. See http://sshwindows.sourceforge.net/ for more information. For this guide, the SSH server is setup for password authentication.
______________________________________________________________________________

Step 1: Install OpenSSH

  1. Download OpenSSH for Windows v3.8.1p1-1. This is the direct download link
  2. Unzip the archive and then run the installer setupssh.exe
  3. Change the installation location to “C:\OpenSSH” instead of program files to avoid spaces in directory names
  4. Use the default settings as shown on the screen-shot below
  5. Done with the installation. However, the SSH server’s passwd file must be configured before use.
openssh install screen

OpenSSH installation options

Step2: Configure OpenSSH

  1. On your computer, click Start–> Run–> Type in “cmd” (without quotes), and then hit the OK button.
  2. In the command window, cd to the “OpenSSH\bin” folder.
  3. (Optional step) OpenSSH uses port 22 by default. If for some reason you need to use another port, you can change the port assignment for OpenSSH to prevent port conflicts. In the command window, cd to “OpenSSH\etc\sshd_config” and change the following line (approx line 13 in the file – a text editor can also be used):

    Port 22
    to:
    Port 5704

    (note that “#” needs to be removed to change the port assignment. Any other unused port other than 5704 is also OK)
    Save the file
  4. Enter the following in the command window. In the following commands, -l indicates local and -d indicates domain. Press Enter after each line; don’t include quotes:
    1. “mkgroup -l >> ..\etc\group”
      1. Creates a group file for local user accounts
    2. “mkgroup -d >> ..\etc\group” (skip – not normally required)
      1. Creates a group file for domain users. Returns [2453] if there is no PDC – primary domain controller
      2. Most instructions state to run both of the above commands. However, the “OpenSSH\readme.txt” file in “OpenSSH\doc” states: “If you use both mkgroup commands, the group file will contain duplicates. You will need to remove these by hand in a text editor.” Kind of confusing, but when both are executed I got the [2453] error for -d, but it didn’t change anything in the group file.
    3. “mkpasswd -l -u username >> ..\etc\passwd”
      1. Adds a local authorized user to passwd file for local user accounts. NOTE: Omitting the username switch adds ALL users from the machine or domain, including service accounts and the Guest account.
    4. “mkpasswd -d -u >> ..\etc\passwd” (skip – not normally required)
      1. Adds passwd file for all domain user accounts. Returns [2453] if there is no domain controller
      2. Again, if you get the [2453] error with the -d switch above, it doesn’t apply and won’t change anything in the passwd file.
  5. Enter net start opensshd to start the SSH server. It’s installed as a service, so in the future, the server will automatically start each time the computer boots.
  6. The SSH server is now configured with password authentication (the default configuration). If you want to use public key authentication, you need to generate public and private keys using the supplied executable and change the sshd_config file.  Note that the “OpenSSH\keyauthentication.txt” file in the “OpenSSH\docs” directory states: “This document is outdated. You can use this as a reference, but please don’t expect it to be accurate. I will update this soon.” In any case, it shouldn’t be too difficult to accomplish public key authentication using the “OpenSSH\keyauthentication.txt” and with some other references. Some sources explaining how to setup public-key authentication for OpenSSH are below:

    OpenSSH RSA Authentication for Windows and Linux

    ssh-keygen Tutorial – Generating RSA and DSA keys

    OpenSSH for Windows
  7. Done with configuration. Next, testing the SSH server.

    configure ssh in command window

    SSH server configuration

Test the installation on the SSH server (from the same machine)

  1. Enter ipconfig in the command window to find your ip address.
  2. Enter ssh yourusername@192.168.x.xxx or ssh yourusername@servername (servername = computername) into the command window to login using SSH. You can also use any of the login options listed at the end of this page for logging in using a command window on the PC with the SSH server.

    Note: You may get a usage warning screen as shown below. If so, ignore it and sign in with your password. Also note that if you are logging in to the server for the first time, depending on the application being used to connect, you may also get another warning similar to: “The server’s host key was not found in the cache. You have no guarantee …blah blah… rsa2 key fingerprint is: ssh-rsa 1024 95:3c:9e:2b:23:df:bd:57:b4:ad:f1:5f:4c:2f:9c:ba     “. This warning can also be safely ignored if you know the SSH server is the correct one you intended to log into. The warning is an anti-spoofing technique where each server is given a unique host key to prevent it from imitating another server. The technique is explained in detail on the WinSCP web site.
  3. It’s working if you get the screen below. Next, some optional tweaking for changing the home directory.
ssh logon warning screen

SSH login warning screen

Optional Tweaking

Changing the Home Directory within Documents and Settings for user(s):
By default all user home directories are set to (/home/username) in the passwd file in the “OpenSSH\etc” directory, where (/home) corresponds to “C:\Documents and Settings” for Windows XP. This is somewhat inconvenient since most users may want to start in “My Documents”. To change it, open the passwd file in a text editor and change the second to last entry from “/home/username” to “/home/username/My Documents” and save. Entries are separated by a colon “:”  for each user and are located just before the “/bin/switch” entry (switch stands for switch.exe, which enables both scp/sftp and the SSH standard command prompt to be available by switching between them).

Changing Home to outside the default directory on the SSH Server
To place users outside the default directory for their Windows profile, you need to change the directory that (/home) corresponds to by editing the value of the “native” key in the registry under (HKEY_LOCAL_MACHINE\SOFTWARE\Cygnus Solutions\Cygwin\mounts v2\/home). The value of “native” corresponds to the (/home) directory in the passwd file. For instance, if the “native” entry is changed to C:\Users, then all users will be placed under separate folders in that directory — e.g., C:\Users\username1, C:\Users\username2, etc. If you then change each user (/home/username) in the passwd file to just (/home), this puts those users under C:\Users. If you have a subdirectory such as “C:\Users\OpenSSH”, you can place users there by changing the entries in the passwd file to (/home/OpenSSH).

Note that changing the home directory using this method works only for logins (Passwd), and doesn’t work for for SCP or SFTP. Instead, use Cygdrive Notation to change the directory for using Passwd, SCP, and SFTP (explained in next paragraph).

Registry entry to change default directory

HKEY_LOCAL_MACHINESOFTWARECygnus SolutionsCygwinmounts v2/home

Changing the Drive of the Home Directory when using Passwd, SCP, and SFTP (Cygdrive Notation)
To access any folder on any drive letter outside the installation root (/home), a special notation called Cygdrive is required when using SCP, SFTP and for the home directory entries in passwd. Cygdrive notation changes the mapping of drive letters by mapping them into a UNIX-style file-system. Cygdrive notation overrides all other settings in the registry.

To use, add “/cygdrive/driveletter” to the start of the folder path in the user passwd file and/or when using the SCP or SFTP commands. For instance, to change to the “C:\windows\system” directory in a command window use: “cd /cygdrive/c/windows/system. To transfer file example.txt to d:\test using SCP, the command would be “scp example.txt  user@localhost:/cygdrive/d/test/“.

You can even change the prefix of cygdrive notation by adding two entries to the registry. Open HKEY_LOCAL_MACHINE\SOFTWARE\Cygnus Solutions\Cygwin\mounts v2, and add a REG_DWORD called “Cygdrive flags” and set it to 2a hex. Then add a REG_SZ called “Cygdrive prefix” and set its value to the new prefix. For instance, if you set it to “/” then the C: drive becomes accessible using Cygdrive notation “/c”, the D: drive with “/d”, or the F:\test folder with “/f/test” and so forth. If it’s set to “/foo”, then the C: drive becomes accessible using Cygdrive notation “/foo/c”, the D: drive with “/foo/d”, or the F:\test folder with “/foo/f/test” and so on. This behavior can be tested in a command window using the command “mount –change-cygdrive-prefix /foo” before permanently changing the registry.

______________________________________________________________________________

Remote connections from the network

To connect to the SSH server from a remote computer on the network, a SSH compliant client is needed. SSH is usually installed by default on Linux systems, and clients such as Putty are often included as well. If the remote computer will be a Windows machine, it needs to have at least the Cygwin or OpenSSH client installed in order to connect with the SSH server from a command window, while Putty is a stand-alone application. The client portion for OpenSSH can be installed separately during the OpenSSH installation process. The installation process sets the path variable for the OpenSSH client and/or Server, so that SSH commands are available from any command window on that machine. Even with an OpenSSH or Cygwin client installed, it’s a good idea to have a client like Putty also installed, because it makes connecting much simpler.

Connecting from the outside world

To connect to the SSH server from the outside world, you need to port forward port 22 (or the port set during the OpenSSH installation) to the router. Port forwarding can be setup with a program like SimplePortForwarding or by following instructions in the router user’s manual. This sets up the router to forward any connection to port 22 to the SSH server. Then, all that’s needed to connect is to use a client like Putty from any computer connected to the Internet and the public IP address for your router.

Using Filezilla, WinSCP and Putty

Client utilities such as Filezilla, WinSCP, and Putty can be used on the computer with the SSH server, from remote computers on the LAN, and from the outside world to connect to the SSH server. When using any of these utilities on the SSH server machine, you can use 127.0.0.1, computername, or localhost as the IP along with the user and password info used to login to that account. Use the SFTP protocol for Filezilla, the SCP or SFTP for WinSCP, and SSH for Putty. The beauty of using WinSCP or Filezilla on a SSH server machine is that file tasks like changing permissions with CHMOD are possible for any files, such as local installations of your web sites. In other words, unlike natively installed servers, such as a FTP server, the SSH server and applications using the server can run on the same machine without any loss of functionality since the SSH server runs in a separate environment (Cygwin) using the loopback interface.

filezilla setup screen

Localhost login with Filezilla

putty config screen

Putty config screen (hostname can also be localhost or 127.0.0.1)

winscp config screen

Localhost login with WinSCP

List of connecting options from command window and applications:

Using a Command Window:

Password will be the same as the user password for that machine (commands are case sensitive)

  • On the SSH server:
    • ssh yourusername@192.168.x.xxx
    • ssh yourusername@127.0.0.1
    • ssh yourusername@localhost
    • ssh yourusername@servername
  • Remote computer on the network with SSH client installed:
    • ssh yourusername@192.168.x.xxx
    • ssh yourusername@servername
  • Remote computer from outside world with SSH client installed:
    • ssh yourusername@xxx.xxx.x.xxx:port (remote ip address for your router set with port forwarding)

Using client applications such as Putty, WinSCP or Filezilla

User Name and Password will be the same as the user login credentials for that machine

  • On the SSH server:
    • IP Address: 127.0.0.1, localhost, servername, or 192.168.x.xxx
  • Remote computer on the network:
    • IP Address: servername or 192.168.x.xxx
  • Remote computer from outside world:
    • IP Address: xxx.xxx.x.xxx (remote ip address for your router set with port forwarding)

______________________________________________________________________________

Using SSH commands other than for connecting is another topic and not covered in this guide; however, a few are explained at the following:

The Geek Stuff5 Basic Linux SSH Client Commands

GAMEXE.NETA Beginner’s Guide to SSH

Leonard Austin –  SSH Commands

 

Share

Test Bootable USBs with a Virtual Machine

18. August 2010 · 2 comments · Categories: Multiboot USB · Tags:

This guide shows how to use the open source Virtual Machine (VM) emulator manager, QEMU Manager, to test bootable USB drives in Windows without restarting your computer. QEMU Manager is a free, simple and fairly fast GUI for the QEMU Emulator that makes creation of Virtual Machines a breeze with easy-to-use wizards. Its performance is very good in comparison to other emulators and it comes in installable and portable versions. QEMU Manager can be downloaded from here. QEMU Manager version 7.0 was used for this guide.

QEMU Window

Installation

For the installable version of QEMU Manager, enable KQEMU accelerator support for faster performance during the install process. For the portable version, enable it from the tools menu. For both the installable and portable versions, once QEMU Manager is installed and running, select “Stop KQEMU accelerator driver when QEMU Manager closes” from Tools->QEMU Manager Options (see below).

qemu options

Creating a Virtual Machine

After installation, click on the “+”  (plus) button to create a new VM (Virtual Machine). The wizard will appear.  Fill in a name for the VM (BootUSB used in this case) and use None for the operating system. Use the defaults for the other options and click next.

Create VM

For Virtual Machine Settings, select Do not use a Virtual Disk Image. Use the defaults for the other settings.  Click next.

VM Wiz Memory and Virtual Drive

For the advanced settings, use the default setting (Qemu Manager). Click Finish. The new VM (BootUSB) will now be visible in the left panel. If not already plugged in, insert your bootable USB drive. To reduce chances of selecting the wrong USB drive, make sure you have only one external drive connected to your computer.

Advanced Settings

With the new VM (BootUSB in this case) selected in the left panel, click the Drives tab on the right panel. If the Select Path dialog doesn’t appear, then double-click Hard Disk 0 in the right panel window to make it appear. In the Select Path dialog, click the Use Physical Disk button. After the Use Physical Disk dialog opens, select the Open Disk Management button. Identify your USB drive in the Disk Management window. In most cases, this will be Disk 1 (Disk 0 is the hard drive).

Close Disk Management and select your USB drive identified in Disk Management in Use Physical Drive. Click OK to close the Use Physical Drive dialog. Your USB will now appear in the Select Path dialog, most likely as \\.PhysicalDrive1 if you have only one hard disk in your PC and one USB drive connected to it. Click OK to close the Select Path dialog.

Select Drive Screens

Caution: Never attach the Primary hard disk (usually Disk 0) to a Virtual Machine and Boot it!

Setting the boot order for your new Virtual Machine:
Back at the main Qemu window and with new VM (BootUSB in this case) selected in the left panel, click the Drives tab in the right panel. Double-click the Boot Order icon in the right panel column to open the Boot Options dialog. Use the up/down button to move the hard drive to the first position and then click OK to close the dialog. The setup is complete. QEMU Manager is now ready to start booting USBs.

Boot Order

Booting USBs in a VM with Qemu Manager

Using Qemu Manager makes testing bootable USBs fast and easy. To boot a USB drive in the virtual machine, just select the virtual machine to boot in the left panel and click the green arrow on the menu. To close the VM, click the red button.  To toggle control (mouse, keyboard, etc) between the VM window and the computer, press the keyboard’s Control and Alt buttons. The running application shown in the VM can be manipulated just as if the USB was cold booted from your computer. See the documentation for further information or just play around with the buttons on the main menu. Note that a secondary menu will also appear just above the VM’s window after it’s launched.

Boot Screen

Share

Recovering from an Accidental Partial Format of an External USB Drive

19. December 2009 · 1 comment · Categories: Linux, Windows · Tags: ,

If you ever accidentally formatted an external drive on a PC with several plugged-in USB devices, you probably remember seeing them listed in the formatting tool’s selection box. The (C:) and (D:) drives may be listed, which are usually the boot drive and the backup drive. If an (E:) is displayed, it’s probably the optical drive. However, distinguishing between the other drives or devices may not be as apparent, especially when information beyond the drive letter assignment isn’t shown. This is particularly true for drives or other USB  devices that don’t have identifying information on them. Under these conditions, it’s easy to become careless or impatient and select the wrong drive; especially if its letter assignment appears to be correct. If you are unlucky, you may notice a flashing light on the device confirming that the wrong drive is being formatted.

mystica_USB_Flash_Drive (public domain clip art www.clker.com)

I did this recently when in a hurry and chose the wrong drive letter. Instead of formatting the flash drive, the external 250GB backup drive was formatting. Panicking, I immediately realized the error and stopped the formatting process – but it was too late. Checking the hard drive, I found it couldn’t be accessed. The drive letter was still visible in Windows, but no files or folders were displayed and nothing could be written to or read from the drive.

Fearful of losing the data, I tried several file recovery tools with no success until using TestDisk. TestDisk is a free (open source) data recovery tool available from CGSecurity. With TestDisk, I was able to successfully restore the drive’s partition and it worked normally.

Luckily, all of the data was still intact. That’s because during a high-level format (quick format), only the external drive’s partition table information or boot sector are erased. According to Windows Help Central, even a full format can be recovered pretty easily as long as the original files are not overwritten with new data. That’s because the spaces containing file information on the disk drive are not really wiped clean, but instead, the areas where files are stored are marked as available for new data. As long as no new data is written to the drive, chances are excellent that the data is 100% recoverable using simple freeware data recovery tools. That’s because if you hosed the partition table or MBR (Master Boot Record) during the format process, the drive isn’t likely to be writable anyway.

TestDisk is a utility that can be used to restore corrupted and missing MBRs, partition tables, and data. TestDisk works on most operating systems including Windows, Linux, BSD, SunOS, and Mac OSX and it’s included with many Linux LiveCD distros such as PartedMagic and many others. It’s a very useful and sophisticated tool in the hands of experienced users. Unfortunately, because data recovery can be a complex issue, inexperienced users may find it “user unfriendly”. However, documentation for the program is thorough and one can find many examples, technical notes, and step by step instructions in the documentation section on TestDisk’s Wiki. Also, the TestDisk Step by Step guide contains plenty of screen-shots which greatly helps in the data recovery process.

The following screen-shots show what to expect after starting TestDisk for recovering a deleted partition (note: the screens below show the results for a working hard drive that doesn’t have any problems).


Above is the first screen. For most cases,  select the default option – Create a new log file.


Next, select your media device with the problem. In the screen above, the main hard drive is selected.


Select Intel if using a Windows or Linux machine.


In most cases “analyse” should be selected.

FYI, “Advanced” provides options to restore the boot sector or to images for partitions.

analyse
Analyses displays a preliminary list of the current partitions for the drive selected. Next, select Quick Search to continue searching for additional partitions.

quicksearch
“Yes” should be selected for most situations.

selectpartition
TestDisk displays the structure analysis results and displays the partitions. Healthy partitions will be highlighted in green. Here, you can use the up/down arrow keys to select a partition to further analyze or recover, then hit ENTER. 

Pressing “P” will list the files in the partition, which can provide some assurance that the data is still intact. Do not use the left/right keys – they are used to change the partition’s characteristics!

deepersearch

If the partition you want to restore is listed, select “Write” and then Enter to restore it and that should be it. If TestDisk didn’t find your partition, you have the option to perform a deeper search by selecting “Deeper Search”. In the screenshot above, the results show that no problems were found (the screenshots are for a working hard drive).

For more information, the TestDisk Wiki’s Step by Step instructions explain the recovery procedure well enough so that even novices shouldn’t have a problem.

—————————————————————————————————————————————————————————

Other TestDisk how-tos:

The How-to-Geek explains recovering partitions with TestDisk using an Ubuntu LiveCD (ver 9.10):

Recover Data Like a Forensics Expert Using an Ubuntu Live CD

A MakeTechEasier how-to for data and partition recovery using TestDisk:

How to Recover Data and Partitions for Free with TestDisk

Other Data Recovery Utilities

If the drive is still accessible or if only a few files are missing, you may want to try one of the easier-to-use file recovery programs listed below before trying TestDisk. Some that I’ve successfully used in the past to recover lost data are:

Recover Files

Recuva

Restoration

PhotoRec

Install or Recover MBR or Boot Sector

If you know the problem is a damaged or missing MBR (Master Boot Record), a number of tools can be used to repair or restore it – including TestDisk.

MBR Recovery:

Write a new MBR with TestDisk:
  1. Start TestDisk
  2. Create a new logfile
  3. Select a media
  4. Select partition table type (Intel, Mac, Sun, etc)
  5. MBR code (this writes a new MBR)

Below are are other tools and resources that can be used to install, repair or restore the MBR. Note that some of the tools listed require that a backup of the MBR was previously saved:

Bootice (restores a saved MBR only)

How to fix MBR in Windows XP and Vista

MBR Tools, Disk Repair and Disk Recovery Freeware

5 Free Tools to Backup and Restore Master Boot Record (MBR)

MBR, Partition Table and Boot Record Tools

Boot Sector Recovery:

A Sourceforge article described the procedure for recovering a Boot sector using TestDisk which was successfully used to fix a dual-boot PC (WinXP & Ubuntu) that wouldn’t boot. The procedure is as follows:

Boot Problems:Boot Sector (follow the steps in the either case section for TestDisk as shown below)

  • 1st screen: select No Log and then press ENTER
  • 2nd screen: select the drive to restore and select Proceed
  • 3rd screen: select Intel
  • 4th screen: select Advanced
  • 5th screen: select the partition and select Boot
  • 6th screen: select Rebuild BS
  • 7th screen: type “Y” to confirm

If using the Grub bootloader for a dual-boot system, make sure to update Grub (it may be necessary to use a LiveCD of your Linux distribution to do this).

Summary

If the easier-to-use tools above don’t work for whatever reason, give TestDisk a try to recover the partition, MBR or boot sector, but follow the directions carefully. Although fairly simple, it’s still possible to mess things up so thoroughly that the only way to recover the data would be to send the drive to a very expensive professional data recovery service.

Remember, if you accidentally format or erase files from your external USB drive, don’t panic. Get to work on recovering your data because chances are that it can be accomplished more easily than you think.

 

Share
Private
Newer articles »

Bad Behavior has blocked 436 access attempts in the last 7 days.