Configuring SSH server on Windows with password-less key file authentication

[ This is my first technical post in my blog. The reasons behind posting this are (1) I have put quite an effort on getting this work (2) Help others who might be looking to get this work & (3) Showing off 🙂 .

This is my first ever experience with Unix/ssh and i am sure there are other ways to overcome the problem defined below. I did not explore much due to time constraints. I welcome any suggestion/comment regarding any other alternative that would have worked well in this case. ]

Problem:

Currently, our app is running on Windows server. As a part of the app, we would invoke batch scripts that in turn call Hyperion Essbase command line utilities to extract plans from the Hyperion Essbase. The proposed architectural change of moving the app to Linux server posed two challenges with respect to this app:

1. Installing Hyperion Essbase Client on the Linux box

2. Converting all the Windows batch script to Linux format.

This was a challenge majorly because of the tight deadlines and very less experience in installing Hyperion Essbase clients on Linux.

Solution:

As a temporary solution, it was decided to let the batch scripts stay in the Windows box (where it is already running fine) and call the batch scripts from the Linux. Please note that setting up Samba directory and then calling the batch script from Linux will not help. Because the batch file will still be invoked on the Linux box that calls the script and not on the Windows where it is present. So the best way to do it is to set up SSH server on Windows that would allow a login from the Linux box and invoke the batch script. This way the batch script will run on the Windows box where it is invoked and not on the Linux box where it is called from.

There are variety of SSH servers available on the internet like OpenSSH, FreeSSHD etc.,. Here I am listing the steps involved in configuring  SSH on Windows using FreeSSHD and setting up of password less key file authentication.

Installation and Configuration Steps for FreeSSHD:

1. Download FreeSSHD software from http://www.freesshd.com/?ctt=download

2. Install the Software on the Windows box (say, Win1) where the batch scripts are running currently. [Please make sure this is installed with Administrator privileges. Else, it will not complain about anything but will fail to work without throwing any error ]

3. In freeSSHd settings, make sure SSH Server is running in the Server Status Tab

4. In freeSSHd settings, go to Users tab and add the windows logon user (eg., anon). This is the user that will be used to logon to this Windows box using SSH and invoke the scripts.

5. Set the Authorization to Public Key (SSH Only)

6. In freeSSHd settings, go to Authentication tab and

a. Set Password Authentication to Disabled

b. Set Public key Authentication to Required

This is for setting up Password less key file authentication

7. Download and run puttygen utility that will generate private-public key pairs.

8. Once the key is generated in the puttygen, go to Conversions -> Export OpenSSH key and export the public key to Openssh format. Copy it to notepad

9. In the windows box (Win1) where freeSSHd is installed, browse to c:\program files(x86)\freesshd\, create a file with the same name as the user (anon) without any extension and paste the public key generated by step 8 above.

10. In the Linux box (say Linux1), cd into $HOME/.ssh folder. If .ssh folder is not there, create the folder using mkdir command

11. Create a file called id_rsa.pub in this $HOME/.ssh folder and copy the key generated by step 8 above.

12.  Save the private key from puttygen and copy it the linux box as $HOME/.ssh/id_rsa . This can be either FTP-ed or the contents of the private key can be copied from the saved file and then pasted to id_rsa file. Note that private key file does not have any extension. And this file should not be shared with anyone else.

13. Set the permission levels to 600 on the .ssh folder by the below command:

chmod –R 600 .ssh

Now it should be possible to login to the Windows box from linux through SSH without having to give any password. Below is the ssh command:

ssh <username>@<Windowsservername>

(eg.)   ssh anon@Win1

A shell script with this command clubbed with the commands to run the batch script can be created and called from any other app to run the batch scripts.

Advertisements

15 thoughts on “Configuring SSH server on Windows with password-less key file authentication

  1. Excellent !! Was looking for specific instructions with FreeSSHd. Works perfectly. Additionally what one could do is from the linux box you could run

    ssh-keygen -t rsa

    and it would generate the public and the private key pairs and put them in their respective folders. All that would be left to do is copy the contents of the public key file and put it on the server in the file with the username as you have mentioned. Again, thanks for sharing your knowledge Sadagopan.

  2. I love excellent information, this is an excellent guide.

    I will review it even more afterwards and email it along to a few of my
    friends that might be interested

  3. “Configuring SSH server on Windows with password-less key file authentication | Casual Cognition” was indeed a terrific blog post.

    However, if it owned much more photographs this
    might be perhaps even more effective. Thanks ,Eleanor

    1. Thanks for the tip Eleanor. Since this was the first (and so far the only) technical post in my blog, I didn’t have an idea. I would post with screenshots for future entries. Thanks!

  4. Nice information. However, Freesshd has a history of several exploitations and even the latest version is easily exploitable. So I would not use freesshd under the production environment.

  5. Didnt work for me unfortunatly, the linux client is asking for a paraphrase for the key. Need to do more googling to understand why. I agree this article desperately needs screenshots to clarify step 7 onwards.

  6. hello there and thank you for your info – I’ve definitely picked up anything new from right here.
    I did however expertise some technical points using thi web site,
    since I experienced to reload the website a lot of
    times previous to I could get it tto load properly.

    I had been wondering if your web host is OK?
    Not that I am complaining, but slow loading instances times
    will sometimes affect your placement in google aand could damage your
    high-quality score if ads and marketing with Adwords.
    Well I am adding this RSS to my e-mail and can look out for a llot more
    of your respective fascinating content.Ensure that you update this again soon.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s