dslreports logo
site
spacer

spacer
 
    All FAQs Site FAQ DSL FAQ Cable Tech About DSL Distance DSL Hurdles »»
spc

spacer




how-to block ads




3. Software Setup

This is a step by step instruction on install OpenSSH for Windows. I used version 3.8.1p1 for the screenshots. You can download the install file from here and save it to the desktop.


Once it is on the desktop you will need to extract the exe installation file. After extracting, double click on the exe file to run the installer.


The first two screens of the installer are normal screens. The first giving you general information about the installation with the simple "Next" or "Cancel" buttons. The next screenshots shows the License Agreement, read it or don't read it that's up to you. But, you have to agree to the terms to install the software.



The components screen you want to select everything (Shortcuts are up to you) and press the next key.


The installation will put the default path of "c:\Program Files\OpenSSH" in to the Install Location textbox. If you want to install somewhere else select "Browse" and pick the location. And then press "Next." The next screen is just the Start Menu folder location and name. Change as needed and press "Install"



This message window will appear during the installation process to edit the password file so that you can login to the SSH server. That process will be discussed later in this step by step. And then finally press the finish button to exit installtion program.



The next screenshot is the two commands you need to execute to setup the groups and password files so that you can login into your SSH server. First go to Start->Run->cmd In the command prompt window type the two following commands:

mkgroup -l >> ..\etc\group
mkpasswd -l >> ..\etc\passwd

those two commands will create the two files with the current users and groups on the windows machine. Additional usage info for mkpasswd:
Usage: mkpasswd [OPTION]... [domain]...
Print /etc/passwd file to stdout

Options:
-l,--local print local user accounts
-c,--current print current account, if a domain account
-d,--domain print domain accounts (from current domain
if no domains specified)
-o,--id-offset offset change the default offset (10000) added to uids
in domain accounts.
-g,--local-groups print local group information too
if no domain specified
-m,--no-mount don't use mount points for home dir
-s,--no-sids don't print SIDs in GCOS field
(this affects ntsec)
-p,--path-to-home path use specified path and not user account home dir or / home
-u,--username username only return information for the specified user
-h,--help displays this message
-v,--version version information and exit

One of `-l', `-d' or `-g' must be given.



The install should have installed the OpenSSH server as a service for windows to automatically start on boot. To start the service now type:
net start opensshd

Or go to the Start->Run->services.msc and find the "opensshd" service and right click and press start.


If the service starts then try to login to the server using putty if successful then the installation is complete.



Feedback received on this FAQ entry:
  • The installation worked, but it seems the installation I did (OpenSSH 3.8.1p1) has overwritten my path instead of appended it. Now it's only C:\Program Files (x86)\OpenSSH\bin, nothing else.

    2014-10-24 02:13:05

  • How about if we want to silently install this installer? For example using a command prompt without any gui?

    2013-07-14 03:17:04

  • This does not say how to create the domain users. When i use the -d switch, i get access denied when trying to connect.

    2012-02-03 16:59:54

  • I followed the instructions and the readme and tried to change the path the client logs into to other than C:\Program Files\OpenSSH, but I fail to do so. I get error 1067 or get the same login path.

    2010-01-31 09:39:19

  • Now we have installed OpenSSH, perhaps could you show a connection between linux and windows.

    2009-03-03 08:33:21



by dpierce See Profile
last modified: 2013-10-17 16:50:16

How to install a cygwin (ssh server) on a Windows 2000, WindowsXP, or Windows Server 2003. The ssh server is an emulation of the UNIX environment and OpenSSH toWindows, by Redhat, called Cygwin.

(1) Login as a user with Administrator privilege.

(2) Download cygwin's setup.exe from http://www.cygwin.com/. Once completly downloaded run the setup.exe file.

There will be some basic installation information to begin. You will be selecting a server where it will download the selected files from. Select one of the locations and press next, continue till you get to the screen below.

When a selection screen comes up, click the little View button for "Full" view g,find the line "OpenSSH", click on the word "skip" so that an appears in Column B,

Find the line "cygrunsrv",click on the word "skip" so that an appears in Column B,

Click g to start installing cygwin and ssh.
Size of the basic cygwin system is about 40 Meg, this may take a whileif you have a slow connection.

(3) Right click My Computer,Properties, Advanced, Environment Variables

Click the "New" button to add a new entry to system variables:
variable name is CYGWIN
variable value is ntsec tty

(4) Right click My Computer, Properties, Advanced,Environment Variables

Select the Path variable and click the "Edit" button:
append ;c:\cygwin\bin to the end of the existingvariable string.

(5) Open a cygwin window (by double clicking theg icon), a black screen pops open, type
ssh-host-config
When the script asks you about "privilege separation beused", answer yes.
When the script asks you about "install sshd as a service", answer yes
When the script asks you for "CYGWIN=",
your answer should be ntsec tty

(6) While you are still in the (black) cygwin screen, startthe sshd service:
cygrunsrv --start sshd
or
net start sshd

To stop the sshd service, pop open a g cygwin window, type
cygrunsrv --stop sshd
or
net stop sshd



by dpierce See Profile
last modified: 2005-03-18 04:46:29

There are multiple versions of VNC out there on the web. I am going to show you examples of UltraVNC which I particularly like. You can download UltraVNC from »ultravnc.sourceforge.net/download.htm after running the normal installation exe file one of the last screens in the install will look like this:

You want to select the "Register Ultr@VNC Server as a system service" and the "Start or restart Ultr@VNC service." The options for icon locations is entirely up to you. Press the "Next >" button and finish up with the install.

After the installation finished. Right click on the Ultr@VNC icon in the tray and select properties. If the icon isn't there than go to your Start Menu -> Programs -> UltraVNC -> Ultr@VNC Server -> Run Service Helper.

When the properties window comes up you want to do the following:

•Check the Accept Socket Connections and put a password in the textbox (VERY IMPORTANT!!)

•Select the "AUTO" radio button so that the server will pick the 5900 port.

•Check the "Allow Loopback Connections" checkbox.

•Check the "Remove Desktop Wallpaper" checkbox.

Press Apply and then OK. Try to connect to the server. If actually on the server when trying to connect, the screen will go into a loop and and keep displaying the same thing over and over again like two mirros looking at each other. If everything works this step is complete.




by dpierce See Profile
last modified: 2013-10-17 16:58:25

Enable Your Computer as the Host

You must first enable the Remote Desktop feature on your office computer so that you can control it remotely from another computer. You must be logged on as an administrator or a member of the Administrators group to enable Remote Desktop on your Windows XP Professional-based computer.

1. Open the System folder in Control Panel. Click Start, point to Settings, click Control Panel, and then double-click the System icon.

2. On the Remote tab, select the Allow users to connect remotely to this computer check box, as shown below.

3. Ensure that you have the proper permissions to connect to your computer remotely, and click OK.

Enable Remote Desktop

Setting Encryption Levels (from Microsoft.com)

Data encryption can protect your data by encrypting it on the communications link between the client and the Windows XP Professionalbased computer. Encryption protects against the risk of unauthorized interception of transmitted data. By default, Remote Desktop sessions are encrypted at the highest level of security available (128-bit). However, some older versions of Terminal Services client software do not support this high level of encryption. If your network contains such "legacy" clients, you can set the encryption level of the connection to send and receive data at the highest encryption level supported by the client.

There are two levels of encryption available.

High. The High level encrypts data sent from client to remote computer and from remote computer to client, by using strong 128-bit encryption. Use this level only if you are sure that your client computer supports 128-bit encryption (for example, if it is running Windows XP Professional). Clients that do not support this level of encryption will not be able to connect.

Client Compatible. The Client Compatible level encrypts data sent between the client and the remote computer at the maximum key strength supported by the client. Use this level if your client computer does not support 128-bit encryption.

You can set the encryption level of the connection between the client and the remote computer by enabling the Set client connection encryption level Properties Terminal Services Group Policy setting.

To edit this encryption setting in the Group Policy

1) Goto the Start Menu and click run. In the dialog type gpedit.msc and then press ok.

2) In the Group Policy window, on the left side, goto Computer Configuration -> Administrative Templates -> Windows Components -> Terminal Services -> Encryption and Security and then on the right hand side click on Set client connection encryption level.

3) When the dialog comes up. Click enable and select the type of encryption you want. And then press enter and exit out of the Group Policy.



by dpierce See Profile
last modified: 2013-10-17 16:52:45

Setup SSL-Explorer - Please bear with as I am going to take more screenshots of some things I have used this portal system for and will need to add more text.

SSL-Explorer is a very nice little tool that I notice being talked about recently in the Networking forum and decided I would take a look at it. I liked it so much I added the install info to this FAQ for everyone to read.

To get started if you want more information click here.

And off we are .... cheesy theme music start now ... ok enough of that.

To start download the latest version of SSL-Explorer from here. I used version 0.1.12 for the screenshots.

The install is a pretty basic install uptill it finishes copying files so we will go through this really quickly. And I will try to go into more detail in the later steps. Basically the install will start out checking your java on your machine. The program has a required version of 1.5.0 of the Java Runtime and if you don't have it on your computer it will download it for you with your permission. I pressed the download and it was away. I forced the setup closed to see what would happen. The third screenshot is the result of terminating the install during the middle of the java download/install. I think its self explanatory.

Moving on we are going through the standard install screenshots. Its all the basics. This is an open source program so you need to agree to the terms of the GNU. Then select destination directory and what you wanted to install. I just installed the Program I DIDN'T install the Source. Its up to you. Then it starts the fun file copying and registering services and fun stuff like that.

This next screenshot starts the actual initial setup of everything. You just need to click on launch server and it will start the service in setup mode and launch a web browser going to the default location. To login the default username password are the same (admin).

This is the first screen that will come up after it launches the webserver and browser. It is where you need to setup you password for you key. Basically SSL-Explorer runs a secure encrypted web server and uses java for VPN. You need to create a key and certificate for the https protocol. You type your password in (twice) and then click on set and select create new key store and click update and then click on the create button.

This page will then be displayed. You can put anything in the alias spot its for your reference. in the hostname make sure you put the specific hostname you will use to access the page externally. Either IP address or Domain name. (note www.yourdomain.com is different from yourdomain.com) If they are not the same you will get a message when you connect saying that the certificate is setup for site www.yourdomain.com and you are accessing it from yourdomain.com. Certificate aren't set in stone you can always edit later if you want. Organizational Unit and Company are your creative message again. Then click on generate. The other two boxes are used for actually buying all out real certificates that are certified and owned. If you want to go through that extra expense go right ahead. I didn't so I won't be able to give you any info on that process. The process though seems pretty straight forward.

This is just the screenshot when I remembered the install was still open. It hides under the web browser when you launch the server. Just click Finish.

If you click on the Admin at the top of the screen you will get a drop down menu and then with sub menus. The following screenshots are from those menus and I will add text for each screenshot when I get a chance.

Once you go through all the settings and change what you want and do what you want and cry if you want because its your party. You want to go back to the Admin menu and select Shutdown server. After confirming shutdown wait about 15 seconds and go in the services dialog. You can get there by going Start->Run->services.msc and pressing ok. Fin the SSL-Explorer and start the server. I did find sometime it takes two times if you try to start it too soon after shutting it down from setup mode. Then just browse to the »www.yourdomain.com and put in your username and password that you setup and start exploring.




Feedback received on this FAQ entry:
  • This article is a little outdated. sslexplorer has not been maintained for some time, I found another tool that is worth looking at, hypersocket (http://sourceforge.net/projects/hypersocket-vpn/). Its not browser based but provides network access over an SSL connection.

    2014-06-17 17:44:28



by dpierce See Profile
last modified: 2013-10-17 16:58:32