How to install cygwin ssh server and ensure auto login (using RSA public key)(based on http://techtorials.me/cygwin/sshd-configuration/)
- In case you want to uninstall a previously installed CYGWIN ssh server:
(based on http://superuser.com/questions/110726/how-to-uninstall-reinstall-cygwin-to-use-the-sshd)
In a Cygwin terminal, type the following:
# Remove sshd service
cygrunsrv --stop sshd
cygrunsrv --remove sshd
# Delete any sshd or related users (such as cyg_server) from /etc/passwd
# (use your favorite editor)
# Delete any sshd or relaged users (such as cyg_server) from the system
net user sshd /delete
net user cyg_server /delete
- Make sure your windows has a administrator login. Example used is "ylam".
- Install CYGWIN or reinstall CYGWIN to have openssh and rsync.
- Run Cygwin Terminal
- Change the account settings of "ylam" for CYGWIN:
chmod +r /etc/passwd
chmod u+w /etc/passwd
chmod +r /etc/group
chmod u+w /etc/group
chmod 755 /var
chmod 664 /var/log/sshd.log
editrights -l -u ylam
editrights -a SeAssignPrimaryTokenPrivilege -u ylam
editrights -a SeCreateTokenPrivilege -u ylam
editrights -a SeTcbPrivilege -u ylam
editrights -a SeServiceLogonRight -u ylam
editrights -l -u ylam
- Run ssh-host-config. Type the parts in red below.
*** Info: Generating missing SSH host keys
*** Info: Creating default /etc/ssh_config file
*** Info: Creating default /etc/sshd_config file
*** Info: StrictModes is set to 'yes' by default.
*** Info: This is the recommended setting, but it requires that the POSIX
*** Info: permissions of the user's home directory, the user's .ssh
*** Info: directory, and the user's ssh key files are tight so that
*** Info: only the user has write permissions.
*** Info: On the other hand, StrictModes don't work well with default
*** Info: Windows permissions of a home directory mounted with the
*** Info: 'noacl' option, and they don't work at all if the home
*** Info: directory is on a FAT or FAT32 partition.
*** Query: Should StrictModes be used? (yes/no) yes
*** Info: Privilege separation is set to 'sandbox' by default since
*** Info: OpenSSH 6.1. This is unsupported by Cygwin and has to be set
*** Info: to 'yes' or 'no'.
*** Info: However, using privilege separation requires a non-privileged account
*** Info: called 'sshd'.
*** Info: For more info on privilege separation read /usr/share/doc/openssh/READ
*** Query: Should privilege separation be used? (yes/no) yes
*** Info: Updating /etc/sshd_config file
*** Query: Do you want to install sshd as a service?
*** Query: (Say "no" if it is already installed as a service) (yes/no) yes
*** Query: Enter the value of CYGWIN for the daemon:  (Press Enter)
*** Info: On Windows Server 2003, Windows Vista, and above, the
*** Info: SYSTEM account cannot setuid to other users -- a capability
*** Info: sshd requires. You need to have or to create a privileged
*** Info: account. This script will help you do so.
*** Info: It's not possible to use the LocalSystem account for services
*** Info: that can change the user id without an explicit password
*** Info: (such as passwordless logins [e.g. public key authentication]
*** Info: via sshd) when having to create the user token from scratch.
*** Info: For more information on this requirement, see
*** Info: https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-nopasswd1
*** Info: If you want to enable that functionality, it's required to create
*** Info: a new account with special privileges (unless such an account
*** Info: already exists). This account is then used to run these special
*** Info: servers.
*** Info: Note that creating a new user requires that the current account
*** Info: have Administrator privileges itself.
*** Info: No privileged account could be found.
*** Info: This script plans to use 'cyg_server'.
*** Info: 'cyg_server' will only be used by registered services.
*** Query: Do you want to use a different name? (yes/no) yes
*** Query: Enter the new user name: ylam
*** Query: Reenter: ylam
*** Query: Please enter the password for user 'ylam': ylam's Window's password
*** Query: Reenter: renter
*** Info: The sshd service has been installed under the 'sshd'
*** Info: account. To start the service now, call `net start sshd' or
*** Info: `cygrunsrv -S sshd'. Otherwise, it will start automatically
*** Info: after the next reboot.
*** Info: Host configuration finished. Have fun!
- Start the ssh server by:
net start sshd
- Modify Windows firewall to allow port 22 traffic.
Control Panel -> Windows Firewall -> Advanced settings -> Inbound Rules (right click) -> New rule
... Select TCP and enter 22 ....
- Test the connection:
ssh -v ylam@localhost
(Note: "ylam" should be replaced with your login. And a password is prompted)
- For login without password, at the remote site (For testing, use local site should also be fine), type:
a) ssh-keygen -t rsa (press enter for everything)
b) ssh-copy-id -i ~/.ssh/id_rsa.pub abc@localhost
c) try login again: ssh abc@localhost. You will not need any password.