Cygwin Windows SSHD

Okay, I have gotten bit so many times trying to setup an sshd service on multiple Windows 7 machines using cygwin that I thought I would post the procedure that I use. There are several web pages that discuss some of the topics that I include in this article, but none of them cover all of the issues that I ran into. I will cover cygwin and openssh installation, how to configure the sshd service, and what to do if you loose user rights like I do every time I restart my machine.

Installing Cygwin and OpenSSH

Download setup-x84.exe (for 32-bit Windows OS) or setup-x86_64.exe (for 64-bit Windows OS) from the cygwin home page.  It is useful to save setup.exe in a directory where you can easily find it again.  You will be using it again sometime in the future.  I place setup.exe in the same directory that I am going to install cygwin, usually c:cygwin.  Then run setup.exe.  This will open a window as shown below:

Click next and you will be presented with a bulleted selection list as shown in Figure2. I usually only install using an Internet connection. This means that the software will be downloaded and installed similar to Ubuntu apt-get function except we are using a simple windows GUI. You can also download the files for installation and then install later.  I assume that you would want to install cygwin on a computer that doesn’t have easy access to the Internet.

Next, choose the installation directory.  I always use the default directory c:\cygwin for this purpose.  I don’t have a good reason to use a different path.

After you hit next, you will be presented with the dialog shown below. If you do not use a proxy to connect to the Internet, then selecting Direct Connection will work fine.  However, if you do use a proxy, selecting Use Internet Explorer Proxy Settings will work if your proxy settings are configured in Internet Explorer.  Otherwise, you will have to enter your proxy information manually by selecting Use HTTP/FTP Proxy.

Next you will get a dialog for selecting a download site. This is the site that you will be using to download files needed to install cygwin base and other software packages. I alway use an ftp server over an http server.  It just seems to download a lot faster using ftp.  That may be why that call it file transfer protocol.  🙂

Next you will be presented with a dialog for selecting the software packages you want to install.  This dialog is shown in Figure 4.  To install an sshd service you need to install openssh. You can do this by searching for ssh, as shown, and then selecting to install openssh.  You may also want to install your favorite text editor like emacs or vim. Most of the software packages are configured using configuraton files and you need a text editor to edit the contents of those files.

Be sure that you have everything you want selected, and then hit next.  This will download the files that will be required to install cygwin, openssh, and any other software packages.

Configuring SSHD for the First Time

To configure sshd in Windows 7, you must be an administrator.  To do this you must run cygwin as an administrator.  Find the shortcut to the cygwin terminal, right click it, and select Run as administrator. Of course, you will need administrator access.

When you are given a bash prompt, type ssh-host-config -y. This will run a configuration script that will automatically answer yes to almost every configuration question. You will need to enter a password before the script is complete.

Finally, you must start the sshd daemon. You do this by typing cygrunsrv -S sshd. You should now be able to issue ssh localhost.

Losing User Rights

Okay, here is the thing that bugged me the most and almost had me giving up on using cygwin and an sshd service. I searched everywhere for a solution to this and didn’t find much.

After configuring sshd for the first time, I noticed that after a reboot, I wouldn’t be able to ssh into my new service.  It worked fine up until I rebooted my machine. Even running ssh-host-config again didn’t fix the problem.  After hours of searching the Internet, I finally found the solution. To give credit where credit is due, I found the solution at http://www.kgx.net.nz/2010/03/cygwin-sshd-and-windows-7/.

The problem is that the sshd user, usually cyg_server, will lose the rights required to utilize the sshd service.  The sshd user needs the following rights in order to properly run the sshd service: SeAssignPrimaryTokenPrivilege, SeCreateTokenPrivilege, SeTcbPrivilege, and SeServiceLogonRight.  To list the rights for the cyg_server user type editrights -l -u cyg_server. If the rights that I mention above are not all there, then they need to be added.  To do this use the following commands substituting cyg_server for the sshd user if yours happens to be different:

editrights -a SeAssignPrimaryTokenPrivilege -u cyg_server
editrights -a SeCreateTokenPrivilege -u cyg_server
editrights -a SeTcbPrivilege -u cyg_server
editrights -a SeServiceLogonRight -u cyg_server

Wait! You are not done.  Now you need to stop and restart the sshd server.  To do this use the following commands:

cygrunsrv --stop sshd
cygrunsrv --start sshd

 Now your sshd server should work properly.  Try it by typing ssh localhost.

To keep from having to type these commands each time the machine reboots, I created a bash script containing these commands and some echos telling me what is going on.

Leave a Reply

Close Menu