Differences
This shows you the differences between the selected revisions of the page.
| 2018-02-09 | 2018-02-09 | ||
| no summary (172.73.149.44) (hidden) (untrusted) | Restored revision 1516272795. Undoing revision 1518210690. (martin) (hidden) | ||
| Line 1: | Line 1: | ||
| ====== Installing SFTP/SSH Server on Windows using OpenSSH ====== | ====== Installing SFTP/SSH Server on Windows using OpenSSH ====== | ||
| - | Recently, [[https://blogs.msdn.microsoft.com/powershell/2015/10/19/openssh-for-windows-update/|Microsoft has released]] an early version of [[https://github.com/PowerShell/Win32-OpenSSH|OpenSSH or Windows]]. You can use the package to set up an SFTP/SSH server on Windows. | + | Recently, [[https://blogs.msdn.microsoft.com/powershell/2015/10/19/openssh-for-windows-update/|Microsoft has released]] an early version of [[https://github.com/PowerShell/Win32-OpenSSH|OpenSSH for Windows]]. You can use the package to set up an SFTP/SSH server on Windows. |
| - | x. | + | |
| + | ===== Installing SFTP/SSH Server ===== | ||
| + | |||
| + | * Download the latest [[https://github.com/PowerShell/Win32-OpenSSH/releases|OpenSSH for Windows binaries]] (package ''OpenSSH-Win64.zip'' or ''OpenSSH-Win32.zip'') &win32 &win64 | ||
| + | * Extract the package to ''C:\Program Files\OpenSSH'' | ||
| + | * As the Administrator, install SSHD and ssh-agent services: \\ ''powershell.exe -ExecutionPolicy Bypass -File install-sshd.ps1'' | ||
| + | * As the Administrator, generate server keys and restrict an access to them, by running the following commands from the ''C:\Program Files\OpenSSH'' directory: \\ ''.\ssh-keygen.exe -A'' \\ ''%%powershell.exe -ExecutionPolicy Bypass -Command ". .\FixHostFilePermissions.ps1 -Confirm:$false%%"'' | ||
| + | * Allow incoming connections to %%SSH%% server in Windows Firewall: | ||
| + | * Either run the following PowerShell command (Windows 8 and 2012 or newer only), &win8 &win2012 as the Administrator: \\ ''%%New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH Server (sshd)' -Service sshd -Enabled True -Direction Inbound -Protocol TCP -Action Allow%%'' | ||
| + | * or go to //Control Panel > System and Security > Windows Firewall//((//Windows Defender Firewall// on Windows 10.))// > Advanced Settings > Inbound Rules// and add a new rule for ''sshd'' service (or port 22). &wincp | ||
| + | * Start the service and/or configure automatic start: | ||
| + | * Go to //Control Panel > System and Security > Administrative Tools// and open //Services//. Locate //SSHD// service. &wincp | ||
| + | * If you want the server to start automatically when your machine is started: Go to //Action > Properties//. In the Properties dialog, change //Startup type// to //Automatic// and confirm. | ||
| + | * Start the SSHD service by clicking the //Start the service//. | ||
| + | |||
| + | //These instructions are partially based on [[https://github.com/PowerShell/Win32-OpenSSH/wiki/Install-Win32-OpenSSH|the official deployment instructions]].// | ||
| + | |||
| + | ===== [[key_authentication]] Setting up SSH public key authentication ===== | ||
| + | |||
| + | Follow a generic guide for [[guide_public_key|Setting up SSH public key authentication]] in *nix OpenSSH server, with following differences: | ||
| + | |||
| + | * Create the ''.ssh'' folder (for the ''authorized_keys'' file) in your Windows account profile folder (typically in ''C:\Users\username\.ssh'').((Windows Explorer does not allow you to create a folder starting with a dot directly. As a workaround, use ''.ssh.'', the trailing dot will allow you to bypass the restriction, but will not be included in the name.))&winpath | ||
| + | * Grant the %%SSH%% server read permissions to the ''.ssh'' folder. As the Administrator, run: \\ ''%%icacls C:\users\username\.ssh /grant "NT Service\sshd:R" /T%%'' | ||
| + | |||
| + | ===== [[connecting]] Connecting to the server ===== | ||
| + | |||
| + | Before the first connection, find out fingerprint of the server's ED25519 key by running ''ssh-keygen.exe -l -f ssh_host_ed25519_key -E md5'' from the ''C:\Program Files\OpenSSH'': | ||
| + | |||
| + | <code> | ||
| + | C:\Program Files\OpenSSH>ssh-keygen.exe -l -f ssh_host_ed25519_key -E md5 | ||
| + | 256 MD5:0d:df:0a:db:b4:e9:f1:08:d5:59:2b:91:8e:08:1c:78 martin@example (ED25519) | ||
| + | </code> | ||
| + | |||
| + | Start WinSCP. [[ui_login|Login dialog]] will appear. On the dialog: | ||
| + | * Make sure //New site// node is selected. | ||
| + | * On //New site node//, make sure the //%%SFTP%%// protocol is selected. | ||
| + | * Enter your machine/server IP address (or a hostname) into the //Host name// box. | ||
| + | * Enter your Windows account name to the //User name// box. It might have to be entered in the format ''user@domain'', if running on a domain. | ||
| + | * For a public key authentication: | ||
| + | * Press the //Advanced// button to open [[ui_login_advanced|Advanced site settings dialog]] and go to //[[ui_login_authentication|SSH > Authentication page]]//. | ||
| + | * In //Private key file// box select your private key file. | ||
| + | * Submit Advanced site settings dialog with the //OK// button. | ||
| + | * For a password authentication: | ||
| + | * Enter your Windows account password to the //Password// box. | ||
| * If you Windows account does not have a password, you cannot authenticate with the password authentication (i.e. with an empty password), you need to use the public key authentication. | * If you Windows account does not have a password, you cannot authenticate with the password authentication (i.e. with an empty password), you need to use the public key authentication. | ||
| * Save your site settings using the //Save// button. | * Save your site settings using the //Save// button. | ||