The quick way to SSH and SSHD on a NT box...

by David Primmer

| Overview | The Distribution | Installation | Notes |

I wrote this because I wanted to streamline the techniques already available on the net to install SSHD on NT. There are still issues to work out. I haven't tested the security of the SSHD yet. I consider this unfinished until I know it is moderately close to what is available on Unix. I assume you've used SSH as a user on Unix. You can probably finish the install if you've only used a windows SSH client but you won't understand what you're doing to your system. Not a good thing.

I want to quote my sources up front. This is just a documentation rewrite of the work they did:

Sergey Okhapkin http://www.lexa.ru/sos/ -- where I got the Ssh-1.2.26 binaries and other links. Go there for a source diff.

Chuck Bogorad who's work to get SSH to work without all the Cygwin crud was the major springboard for me.

An anonymous author for SSHD on NT. Some very helpful setup instructions

Another good resource is "Caspian's Homepage".

Also, keep an eye out for Dan Barrett's book from O'Reilly on this subject.

Requirements

• ssh-1_2_26-cygwinb20_lite.zip
• The Windows NT Reskit. (Specifically instsrv.exe and srvany.exe but probably the whole thing)

Overview

SSH has been ported to the windows platform by using the Cygwin Win32 GNU libraries. Normally, setup procedures for SSH on windows require the complete Cygwin environment. I'm not really sure all the stuff that's included in Cygwin but basically you get a minimal Unix-like environment (/etc, /usr/local/) on a windows box. This includes the Bash shell and some utilities. I skip this mostly for simplicity's sake. I don't need Unix command line tools on NT boxes. With the Reskit and Windows Scripting Host I can do just about anything I want.

In order to get SSH to work in my minimal installation, you'll need provide some basic stuff that the Cygwin environment provides: a cygwin1.dll (dynamic link library) and a /etc folder with a password file. Copy the SSH binaries folder and you got SSH! By the way, this software installs like a piece of Unix software. You have to copy files and make system modifications. Surprise.

You can skip to the install instructions.

The Distribution

The files that you have to get off the internet are tarred and feathered with some stuff that's pretty arcane to the average windows computer. Most PC's have zip programs. I dare you to show me a PC that can unpack a .bz2 file. Hey, Unix porters: thanks for the effort but lets try to be a little user-friendly! On my first attempt at a SSH install, I spent half my time making it work and half dealing with bullshit Unix compression.

This ssh-1_2_26-cygwinb20_lite.zip distribution has 3 folders: etc, .ssh, and ssh

/etc

This folder contains some files that will be generated when you run ssh and...

passwd - a basic password file. you need to modify this for your computer. Change my default entry and add any users that need ssh and point to their home directories and shells. Fields 1, 6 and 7 are the important ones. In my example, I've used my NT profile directory for a home directory and pointed to the shell to run. Other instructions say you don't need a shell variable but my testing shows you do. The home directory value should point to a folder that will hold the folder .ssh (your ssh settings). Here's an example passwd file line. Replace the username with your username.

username:x:1:10:full name:/winnt/profiles/username/:/winnt/system32/cmd.exe

User passwords will always be checked against the domain and authenticated in exactly the same manner as would be done if they logged in locally to the Windows NT machine cygwin32 is installed on.

.ssh

This is empty but I included it because the windows explorer (for some stupid reason?) doesn't let you create a folder that starts with a period. I made this folder from the command line. Copy it to you home directory.

ssh

This folder can go into c:\program files\ if you want. I put in the root. Wherever you put it, add the location to your system path environment variable.

It contains cygwin1.dll from ftp://www.lexa.ru/pub/domestic/sos/coolview.tar.gz. This DLL will be called by the ssh binaries. It is important for you to know that this DLL is a shared memory DLL and each program that uses is shares memory. This makes it a easy point of attack. This is one reason why I don't install the whole Cygwin distribution. The only programs that use this DLL in this distribution are:

• ssh.exe
• sshd.exe
• ssh_keygen.exe
• scp.exe

These files were initially called filename1.exe in the tarfile ftp://www.lexa.ru/pub/domestic/sos/ports/ssh-1_2_26-cygwinb20_tar.bz2 I unpacked, renamed and got rid of the Unix directory structure.

Install Procedure

1. Unzip the files and be sure to keep the directory structure intact.
2. Copy "etc" to the root of c:
3. Modify your c:\etc\passwd file with your username and make sure it points to the correct places. Here's more info.
4. Copy ".ssh" (notice the dot) to your home dir as specified in #3.
5. Copy "ssh" to the place you want the binaries to live (I put it in the root also. This may not be "clean and neat" but I want to have an easy way to check if it's there on machines use it on.)
6. Add extra *system* environment variables: (use NT's system control panel)
   To tell other Unix computers what kind of term you're running, add this: term=vt100
   To allow you to run ssh from anywhere add the location you copied the ssh folder "c:\program files\ssh" to your system PATH variable.
7. I like to modify the NT console window to support scroll back. I use 'buffer size 9999x80'. This way you get scroll back for some 10,000 lines.
8. Create your SSH host key. Use ssh_keygen the same way you use it in Unix. Here's a successful output:
   
   C:\>ssh-keygen -f /etc/ssh_host_key -N "" -C ""
   Initializing random number generator...
   execv /bin/sh failed: No such file or directory
   execv /bin/sh failed: No such file or directory
   execv /bin/sh failed: No such file or directory
   execv /bin/sh failed: No such file or directory
   execv /bin/sh failed: No such file or directory
   execv /bin/sh failed: No such file or directory
   execv /bin/sh failed: No such file or directory
   Generating p: ..++ (distance 10)
   Generating q: ........++ (distance 120)
   Computing the keys...
   Testing the keys...
   Key generation complete.
   Your identification has been saved in /etc/ssh_host_key.
   Your public key is:
   1024 35 130370905131056338236544038178563067885072560637107164544881444107206982
   69593457420439251389571610896697165505056978451159357984648431314982442684425881
   33434001399332923948533510698251871360294350193735419311049770480607871194305098
   87906106544404184904290396991607735475534999742840907741218451855990216799321
   Your public key has been saved in /etc/ssh_host_key.pub
   
   Don't worry about the /bin/sh errors. That's not necessary.
   If you get an error about "cannot create /etc/ssh_host_key", then you probably don't have /etc on the same drive as your windows system. It may complain about permissions but that is usually not the problem. (you're logged in as an admin right?)
   
9. Now try to run the daemon. Open a new windows and type "sshd -d". Here's the successful output:
   
   C:\>sshd -d
   /etc/sshd_config: No such file or directory
   debug: sshd version 1.2.26 [i586-pc-cygwin32]
   debug: Initializing random number generator; seed file /etc/ssh_random_seed
   fatal: execv /bin/sh failed: No such file or directory
   fatal: execv /bin/sh failed: No such file or directory
   fatal: execv /bin/sh failed: No such file or directory
   fatal: execv /bin/sh failed: No such file or directory
   fatal: execv /bin/sh failed: No such file or directory
   fatal: execv /bin/sh failed: No such file or directory
   fatal: execv /bin/sh failed: No such file or directory
   log: Server listening on port 22.
   log: Generating 768 bit RSA key.
   Generating p: ................++ (distance 330)
   Generating q: .....................++ (distance 396)
   Computing the keys...
   Testing the keys...
   Key generation complete.
   log: RSA key generation complete.
   
   This is the sshd waiting for a connection.
10. Open a new windows and type "ssh -v localhost" (verbose mode) Here's the output from that.
    
    F:\>ssh -v localhost
    SSH Version 1.2.26 [i586-pc-cygwin32], protocol version 1.5.
    Standard version. Does not use RSAREF.
    DAVEPWIN2K: ssh_connect: getuid 1 geteuid 1 anon 1
    DAVEPWIN2K: Connecting to 127.0.0.1 port 22.
    DAVEPWIN2K: Connection established.
    setsockopt IPTOS_LOWDELAY: Invalid argument
    DAVEPWIN2K: Remote protocol version 1.5, remote software version 1.2.26
    DAVEPWIN2K: Waiting for server public key.
    DAVEPWIN2K: Received server public key (768 bits) and host key (1024 bits).
    DAVEPWIN2K: Forcing accepting of host key for localhost.
    DAVEPWIN2K: Host '127.0.0.1' is known and matches the host key.
    DAVEPWIN2K: Initializing random; seed file /home//.ssh/random_seed
    DAVEPWIN2K: Encryption type: idea
    DAVEPWIN2K: Sent encrypted session key.
    DAVEPWIN2K: Installing crc compensation attack detector.
    DAVEPWIN2K: Received encrypted confirmation.
    DAVEPWIN2K: No agent.
    DAVEPWIN2K: Doing password authentication.
    primmer@127.0.0.1's password:
    
    Note that it attempted to write to your homedir/.ssh/ so if this isn't setup right the thing will barf. Check the home setting in /etc/passwd if you have problems.
    
    In the daemon windows, you'll get some more spewage:
    
    debug: Server will not fork when running in debugging mode.
    error: setsockopt IPTOS_LOWDELAY: Invalid argument
    log: Connection from 127.0.0.1 port 1423
    log: Address 127.0.0.1 maps to davepwin2k, but this does not map back to the add
    ress - POSSIBLE BREAKIN ATTEMPT!
    debug: Client protocol version 1.5; client software version 1.2.26
    debug: Sent 768 bit public key and 1024 bit host key.
    debug: Encryption type: idea
    debug: Received session key; encryption turned on.
    debug: Installing crc compensation attack detector.
    debug: Attempting authentication for primmer.
    
    Type in your password in the client window and it will fail:
    
    Permission denied.
    C:\>
    
    This is expected. I get the IPTOS_LOWDELAY I *think* because this was a Win2K box. It didn't happen on NT4. Also, you should have a dead process in the daemon window:
    
    debug: Password authentication for primmer failed.
    fatal: Connection closed by remote host.
    debug: Calling cleanup 0x410784(0x0)
    c:\>
    
    This failed because the account that the daemon was running under, your account, doesn't have sufficient rights in the system to log you in and spawn a command shell. We fix that next.
11. Install sshd as a service. (This is where you need the Reskit)
    
    • Run this command line and replace the path to your install of the reskit.
      1. c:\ntreskit\instsrv SecureShellDaemon "c:\ntreskit\srvany.exe"
         
         The service was successfully added!
         
      2. Run regedit and edit HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecureShellDaemon
         Add the key Parameters under this.
      3. Add a string value Application of "c:\my app path\sshd.exe" under Parameters. Use the location from step #2.
    • Start the service

      C:\>net start SecureShellDaemon
      
      The SecureShellDaemon service was started successfully

12. You should see sshd.exe and srvany.exe in your process list and be able to log in and out. If something doesn't work, run the client in -v verbose mode and/or run the daemon in -d debug mode with "Allow Service to Interact with the Desktop" in the services control panel turned on..
13. As a final clean up measure, stop the service and kill any left over sshd.exe processes. I use kill.exe from the reskit. I found that sshd.exe wasn't dying properly if the program terminated abnormally.
14. You can type "set" at the command line to find out what your environment variables are. These are the things that get messed up easiest when bouncing from NT box to Unix box.

Random Notes

• Service Control Manager doesn't kill the sshd process when you stop it and if you start it again, it makes another sshd.exe daemon. I use kill.exe from the reskit to kill sshd. (If you want to close the door behind you until the next reboot, killing sshd while you're ssh'd in cuts you off from the machine.)
• Use tlist.exe from the reskit or open up Task Manager and watch your sshd.exe processes. I'm still trying to figure out why a login starts 2 new sshd.exe processes. Must be forks. A logout seems to clean up these 2 extra sshd's however.
• I couldn't get program to work if I had the service run as a user account like "root". I found that the server can only spawn a cmd.exe shell if it runs as "LocalSystem" .
  If I set it to run as "root" with rights of "Act as part of the operating system"; "Increase Quotas"; "Log on as a service" and "Replace a process level token" as it suggests at http://www.onlinemagic.com/~bgould/sshd.html I got a permissions error when trying to launch cmd.exe. I know there were no file perms problem. I haven't figured out a fix.
• These instructions assume you have your OS installed on C: If you have it on another drive, use that one for /etc and your home dir  because the cygwin stuff considers its root partition your windows system drive.
• I couldn't get the ssh_2_27 binaries to work with the cygwinb20.
• I couldn't figure out how to do a control-c to break a program running in the ssh client.
• I haven't tested sending X windows through the client but it does do term programs like vi, elm and mutt.
• If you want to see the windows on the desktop that you user is creating (and unable to see from their command prompt), you can open the service in the control panel and choose "Allow service to interact with desktop". You're gonna have to do more process management no matter what.
• I haven't tested the server with RSA keys yet. Client-side RSA works.
• I had mixed results when I added this environment variable: CYGWIN32=tty (not sure if this is necessary)
• Without a good keymap, the ssh client term environment leaves something to be desired.