GNU/Linux, Open Source, Cloud Computing, DevOps and more...

How to create a Windows SSH server

No comments

Neither version of Windows, either Windows XP, Windows 7, or 8 or more modern versions such as Windows Server 2008 or Windows 2012, provides an SSH server to use a standard way to access from other machines with different operating system and be able to run console commands, copy files, forward ports or automate logins by using public/private keys. The Microsoft alternative to this is WinRM / Powershell, but many are the chances that we will need to find a standard and compatible way to access to other systems, and what better way to do this than using the widespread and well-known SSH protocol to get into our Windows machines securely.

FreeSSHd, a free SSH server for Windows

Although other alternative SSH softwares for Windows, mostly commercial but also some free ones, freeSSHd is a very simple setup SSH server and gives very good results. It provides strong encryption and username/password or public/private key authentication features, also allowing secure file transfer via FTP/FTPS/SFTP protocols and tunneling connections via port forwarding. That is basically all we can find in OpenSSH.

freeSSHd allowed ciphers: AES, 3DES, Blowfish, CAST128

Installing and configuring freeSSHd

Once downloaded and installed the application in the usual way, run it and find a control panel like that one in the following screenshot. The first step we must take to configure the SSH server is to start it up as a Windows service that runs in the background (SSH server is not running. Click here to start it.).

freeSSHd: start/stop SSH servicefreeSSHd running in the background

Open the port 22 on windows firewall

To reach our new SSH server from outside we need the port 22 (or that one you choose in settings) is open and there is no restriction to establish connections against it. By default, the Windows Firewall blocks such connections, so you must explicitly authorize them:

Windows firewall configuration dialogEdit SSH port 22

Secure file transfer via SFTP

freeSSHd also acts as a secure FTP server, enabling secure file transfers via FTP/FTPS/SFTP protocols. As these protocols use the underlaying SSH connection, we don’t have to do anything special to configure them. Just setting the root directory for our files and using an appropriate client against the recently open port 22, we’ll be able to perform secure file transfers.

SFTP home path

Access by public key

One of the huge advantages of SSH is that it provides automated access to our server with no need to enter username and password every time. Just generating a new pair of private and public keys for our user, or assigning an existing one we can just enter the command console or copy files to our server in one click.

User properties

To achieve this we’ll indicate to freeSSHd which is the directory where the public keys of different users are stored. By default the installation directory will be used. There we’ll copy one file for each user whose name is simply the name of that user without any extension. Each of these files must contain only the public key for that user. Private keys should not be stored in any way on the server, but only in the SSH client we use to connect with.

Public key folder pathUsers public key folder

Port fordwarding

Another interesting freeSSHd feature: it provides tunneling connections from other ports/services that have nothing to do only using the SSH secure access. That is, we could establish a connection to Windows Terminal Server via RDP protocol over port 3389 (non-secure connection) leveraging our SSH access and with no need to open the port 3389 on our firewall. Moreover, although RDP traffic is not encrypted, it will travel safely across the Internet as it is encapsulated into SSH packets that are strongly encrypted. In this way we’ll gain much in safety and simplicity, as we can establish all connections to our server services only opening port 22 on our firewall and can concentrate all our efforts on SSH security and monitoring without having to worry about the different protocols and ports handled by our applications.

User settingsTunneling settings



 

About the author

Daniel López Azaña
Cloud Solutions Architect

Entrepreneur, a generator of ideas and restless mind. Passionate about new technologies, especially Linux systems and Open Source Software. I also like to write about Technology News, Cloud Computing, DevOps, System Security, Web Development and Programming, SEO, Science, Innovation, Entrepreneurship, etc.

DanielHow to create a Windows SSH server

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

 

This site uses Akismet to reduce spam. Learn how your comment data is processed.