ssh/sftp for Windows 2008 Server using CopSSH

by Mikeal Email

Somehow Microsoft missed the boat again. SSH/SFTP is still not included in Windows Server 2008. Only FTP is included with the same functionality that existed in 2003.

CopSSH allows us to add this much needed functionality to a Windows server, or workstation. These instructions assume you are familiar with vim.

On the server we will use:
CopSSH http://www.itefix.no/i2/download
Runas (built in) http://technet.microsoft.com/en-us/library/cc781769.aspx
gVim for Windows http://www.vim.org/download.php#pc

On the client to test:
Putty http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
WinSCP http://winscp.net/eng/download.php

1) Install gvim
2) Install CopSSH using all the defaults.
It will install to "c:\Program Files\copSSH\" There you will find an etc directory that should look familiar if your a BSD/linux user.
3) Open a command prompt (start run > cmd)
4) Use the runas command to launch gvim as an administrator.
runas /user:domain\username "c:\program files\vim\vim72\gvim.exe"

5) In gvim open the sshd_config file located in "c:\program files\copssh\etc"
6) uncomment and configure the following:
Port 22
Protocol 2,1
AddressFamily any
ListenAddress 10.10.11.60
PidFile /var/run/sshd.pid

Save the file.

7) Restart the Openssh SSHD service ( start > run services.msc )


8) Configure the Windows Firewall to allow internal connections on port 22.
Right click on inbound rules, select new rule, Port, TCP, 22, Allow the connection, Domain Private and Public. Give it a proper name and description.

Now everything is setup to work, but you have no users configured. Users should be created locally on the server, and then activated using Start > Programs > COPSSH > Activate a user. This writes a line to the etc/passwd file. You can edit this using runas and gvim. If you want to give the user access to files that exist outside of the copssh folder, use /cygdrive/Drive letter/path . As an example the D:\webs folder would be written as /cygdrive/d/webs .

Make sure you grant the user NTFS permissions to the folder. Use NTFS permissions to permit or deny them movement around the file system.

You can test SSH using putty, and sftp using WinSCP.

Categories: IIS7
Permalink08/21/08 09:52:37 am, 5 comments »

5 comments

Comment from: Syed Sadat Ali [Visitor] Email
This is excellent doc and it works for Windows 2008.

06/17/09 @ 12:39
Comment from: Andy [Visitor] Email
Hi - thanks for the great tutorial - little unsure however how to provide access "outside the copssh folder"

Would you be able to add in the command/instructions how to do this ?

Thx
09/28/09 @ 07:29
Comment from: Kellog's Rice Crispies [Visitor] Email
Yep, the part about how to access the files outside the copSSH folder was very confusing to me too.

I first understood that I should edit /etc/passwd and somehow enable the access there, so I changed the user's home directory to /cygdisk/c/, which DID NOT WORK.

The way I got it working was just realising that it already worked out of the box. If you want to access C:\ you just SSH to the machine and
cd /cygdisk/c/
All your drives are accessible through the /cygdisk/ path.

Thanks for the tutorial by the way :)
01/25/10 @ 12:09
Comment from: thefnx [Visitor] Email
Hi, thanks for the information , i tested on Windows 2008 64 and it works fine, however i tried to use folders outside of COPSSH directory and it did not worked, can you please explain more about this?.

Thanks
02/01/10 @ 14:41
Comment from: RobertRE [Visitor] Email
if i add more than one user, and let the wizzard generate private keys, why can another user read my private key in the home dir?
how do i change the default settings for ntfs permissions in home folder for new users?
02/11/10 @ 02:28

Leave a comment


Your email address will not be revealed on this site.

Your URL will be displayed.
(Line breaks become <br />)
(Name, email & website)
(Allow users to contact you through a message form (your email will not be revealed.)