Use the following steps to successfully get OpenSSH working as a server:
Set up your environment for Cygwin. For NT 4 and Windows 2000, this is done by right-clicking on My Computer and choosing Properties. In NT4, it's on the Environment tab. In Windows 2000, it's the Environment Variables on the Advanced tab. Add the following setting to the System Environment:
CYGWIN = ntsec tty
Append the following variable to contain the following:
Path : ;C:Cygwinin
Note that if you are NT/2K on FAT(32), the ntsec option for the CYGWIN variable won't help you much. In these cases, just set CYGWIN to "tty".
Download the Cygwin Setup Program into a temporary folder like C:CygwinInstall.
Run "C:CygwinInstallSetup.exe", choose " Install from Internet ", choose a suitable mirror (I like "ftp://mirrors.rcn.net").
Now choose the packages you want to install. Click on the View button in the upper right corner. Scroll down until you find Cygrunsrv. Click on the word "Skip" until you see the highest numbered version for Cygrunsrv. This will cycle through the list, so you may have to go through it twice or three times, but you basically want the one right before "Skip" in the cycle. Repeat for man, openssh and vim. Feel free to choose other packages you may want (like ncftp, lynx and shutdown), but chances are, if you don't know what it is, you don't need it. Setup automatically chooses other packages that your selections depend on. Continue through the setup program until the installation is complete.
[Optional] After Setup is complete, I like to make a couple of changes to the default installation: - Download and install ftp://ftp.erdelynet.com/mike/cygwin/profile, ftp://ftp.erdelynet.com/mike/cygwin/sh_aliases into /etc. - Change the Cygwin icons so that, instead of pointing to cygwin.bat, they point to "c:cygwininash.exe --login -i" and start in "c:cygwinin"
Since you're going to be running an internet service, you're definitely going to want to clean up your /etc/passwd and /etc/group files. You only want everyone, system, administrators and the users that you want logging into your system defined in your /etc/passwd. If you have guest enabled and guest is defined in your /etc/passwd, people will be able to log onto your system without a password. In addition to removing unwanted users, I also shorten "Administrator" and "Administrators" and make all username fields lowercase. Here are my files:
/etc/passwd:
everyone:*:0:0:,S-1-1-0::/bin/false
system:*:18:18:,S-1-5-18::/bin/false
admins:*:544:544:Administrators,U-SATURNAdministrators
,S-1-5-32-544::/bin/false
admin::500:544:U-TESTADAdministrator
,S-1-5-21-SID-500:/home/admin:/bin/bash
mike::1106:513:Michael Erdely,U-TESTADmike
,S-1-5-21-SID-1106:/home/mike:/bin/bash
(note: the lines for admins, admin and mike are intentially wrapped for readability, but in your /etc/passwd file, they should be on one, continuous line.
/etc/group:
everyone:S-1-1-0:0:
system:S-1-5-18:18:
admins:S-1-5-32-544:544:
users:S-1-5-32-545:545:
guests:S-1-5-32-546:546:
You'll notice in the /etc/group, that I made all group names lowercase, shortened Administrators to admins and deleted unwanted group names. In the /etc/passwd, I shortened Administrators to admins, Administrator to admin (both username field and home directory field), deleted guest and made everyone's, system's and admins' shell "bin/false" and made all usernames lowercase. This example has a domain (TESTAD). If you want to add users in the future, you'd run either "mkpasswd -l | grep newusername >> /etc/passwd" to add from the local machine, "mkpasswd -d | grep newusername >> /etc/passwd" to add a user from the default domain or "mkpasswd -d otherdomain | grep newusername >> /etc/passwd" to add them from OTHERDOMAIN. Please note: newusername and otherdomain are just examples. You'd want to replace them with actual user and domain names.
If you are using NTFS and included NTSEC in your CYGWIN variable (first step of these instructions), you'll want to run my fixperms script (ftp://ftp.erdelynet.com/mike/cygwin/fixperms.sh). Download it to your home directory, then run ". ~/fixperms.sh". Yes, that is a period, space, then the path to the script.
Now, you'll want to configure sshd. This is MUCH simpler than it used to be. Run "ssh-host-config -y" to set it up. When prompted with "CYGWIN=" type what you set CYGWIN to in step 1 (tty ntsec).
Change the permissions of a couple of files:
chown -R 544:544 /var
chown 18:18 /var/log/sshd.log
chown 544:544 /etc/ssh*
chown 18:18 /etc/ssh_host*_key
Now you are ready to start the service: "cygrunsrv -S sshd"
Test the service by running "ssh localhost"
If, at this point, you are unable to connect to your sshd server, join my SSH-L mailing list for extra help.
If your ultimate goal (like mine was) is to connect to the SSH server with a GUI client like Van Dyke's SecureCRT (listed on my downloads page), now try that. At this point, also test connecting to your SSH server from a different machine to ensure network connectivity.
If this is unclear or if you have any questions, join my SSH-L mailing list.
--------------------------------------------------------------------------------