Setup an SSH Server and Client on Windows or Linux

SSH (secure shell) allows you secure shell access to a server from a client across any network (local or Internet) with the comfort in knowing that your information is secure (even your password used to log in). Everything that travels across a SSH connection is encrypted. Typically you'd use SSH for executing terminal commands at the server (restarting HTTP servers or managing your MySQL server for example) but it also supports port forwarding, tunneling and even file transfers. In this post I'll go over how to establish the connection: set up your server and set up your client and connect. In the next post I'll get into the fun bits of tunneling and file transfers. With SSH tunneling and port forwarding you can do quite a bit of interesting stuff - and very handy stuff.

First you need a server. Setting up an SSH server on a Linux machine is a snap while setting one up on a Windows machine is less of a snap - but still not too hard.

SETUP SSH SERVER IN (UBUNTU) LINUX

Install the openssh-server package. In Ubuntu all you need to do is this:

$ sudo apt-get install openssh-server

By default the current user accounts are allowed access - and at this point you can connect to your server by pulling up a terminal and executing:

$ ssh username@localhost

where you'd of course replace 'username' with your system user name (duh!).

SETUP SSH SERVER IN WINDOWS

Here you've got two options. If you're a Linux dweeb like myself you might like to have Cygwin on your windows system (and maybe you already do) so you might like to install that (making sure to install the openssh and cygrunsrv packages during the install process) and use it as your SSH server.

Another great option is to download OpenSSH which will install some parts of Cygwin into windows allowing you to do SSH stuff from the windows command line (instead of from the Cygwin prompt if you go that route).

Cygwin Route

Once you have downloaded and installed Cygwin (with the openssh and cygrunsrv packages) you must configure it for running the SSH server. From a regular Windows command prompt navigate to the directory where you installed Cygwin (normally c:\cygwin) and edit the file cygwin.bat. Add the following line to that file just after @echo off:

set CYGWIN=binmode tty ntsec 

Next you have to open a Cygwin terminal and run ssh-host-config. Answer 'yes' to the key generation question, don't use privilege separation and answer 'yes' to install as a service.

Just in case, I'd make a copy of the /etc/passwd file

$ cp /etc/passwd /etc/passwd.original

And then run the following to add all of your system's users to the server (thus allowing any Windows account to log in via SSH)

$ mkpasswd -l > /etc/passwd

Finally, start the service from the Cygwin terminal

$ cygrunsrv -S sshd

You can also stop the service

$ cygrunsrv -E sshd

I've found that the service isn't persistent and I have to fire up a Cygwin terminal and manually start it - could just be a glitch on my system as I've read that at this point the sshd service should show up in your Windows Services panel thus allowing you to configure how it starts and stops there (but it didn't on mine)

OpenSSH Route

This route is easier for sure than the Cygwin route and I know for sure that this install sets up the sshd service in the Windows Services panel. If you get this setup and at a later time install Cygwin your SSH server will likely be destroyed. At least that's what happened to me. So if you plan to install Cygwin you should setup your SSH server with it as well.

Now then, once you have downloaded and installed OpenSSH you have to configure it - and this is quick. Open a windows command prompt and work your way to where OpenSSH is installed and then into the 'bin' folder. If you chose the default folder to install then you can use the paths in my example

c:
cd "c:\program files\openssh\bin"
mkgroup -l >> ..\etc\group
mkpasswd -l >> ..\etc\passwd

Now the SSH server is configured to use the local windows accounts for login. You can start the service like this (though it will start automatically when Windows boots)

net start opensshd

SSH CLIENTS

Now that you have your server setup you can access it from any computer on your local network using your server's local IP address (192.168.something.something) like this:

ssh user@[server name or ip]

However, before you can do that, you'll need an SSH client. If you're using a Linux system you're already set - just open a terminal and go to work. If you're using Windows you'll need either Cygwin or OpenSSH installed. When installing OpenSSH you can deselect the server option so that all you get is the client which is all you need on your client computer. Once that is installed you can run SSH commands from the windows command line using the syntax in that last example. If you choose to use Cygwin you'll still need that openssh package so make sure it is set to install on the package selection screen during the install process.

PORT 22

If you want to access your server from the outside world, which is the whole point, you're going to have to open up port 22 on your network's router. Most routers make this really easy, just look for the Port Forwarding settings area in the router's administration dialogs. Setup a forward of port 22 to the ip address of your server, save it and you're done. Note that it would be helpful if your server always had the same IP. You can establish this from the router (on some routers). Look for a setting pane that allows you to set reserved IP addresses by MAC address. You can get the MAC address of your server from the router page that shows all connected devices. You can also set your server to have a static IP address, but I'm not going to get into that in this post.

Now you should be able to use the public IP address of your internet connection to access your server via SSH. If you aren't sure of your IP you can find it here.

So that's it. Now you can log into your server from away and do things at the command line of your server machine. This, of course, is just the tip of the iceberg. Next time I'll write about the real good stuff...tunneling, port forwarding, file copying. Oh yeah.