Configuring SSH server on Windows with password-less key file authentication

[ This is my first technical post in my blog. The reasons behind posting this are (1) I have put quite an effort on getting this work (2) Help others who might be looking to get this work & (3) Showing off 🙂 .

This is my first ever experience with Unix/ssh and i am sure there are other ways to overcome the problem defined below. I did not explore much due to time constraints. I welcome any suggestion/comment regarding any other alternative that would have worked well in this case. ]

Problem:

Currently, our app is running on Windows server. As a part of the app, we would invoke batch scripts that in turn call Hyperion Essbase command line utilities to extract plans from the Hyperion Essbase. The proposed architectural change of moving the app to Linux server posed two challenges with respect to this app:

1. Installing Hyperion Essbase Client on the Linux box

2. Converting all the Windows batch script to Linux format.

This was a challenge majorly because of the tight deadlines and very less experience in installing Hyperion Essbase clients on Linux.

Solution:

As a temporary solution, it was decided to let the batch scripts stay in the Windows box (where it is already running fine) and call the batch scripts from the Linux. Please note that setting up Samba directory and then calling the batch script from Linux will not help. Because the batch file will still be invoked on the Linux box that calls the script and not on the Windows where it is present. So the best way to do it is to set up SSH server on Windows that would allow a login from the Linux box and invoke the batch script. This way the batch script will run on the Windows box where it is invoked and not on the Linux box where it is called from.

There are variety of SSH servers available on the internet like OpenSSH, FreeSSHD etc.,. Here I am listing the steps involved in configuring  SSH on Windows using FreeSSHD and setting up of password less key file authentication.

Installation and Configuration Steps for FreeSSHD:

1. Download FreeSSHD software from http://www.freesshd.com/?ctt=download

2. Install the Software on the Windows box (say, Win1) where the batch scripts are running currently. [Please make sure this is installed with Administrator privileges. Else, it will not complain about anything but will fail to work without throwing any error ]

3. In freeSSHd settings, make sure SSH Server is running in the Server Status Tab

4. In freeSSHd settings, go to Users tab and add the windows logon user (eg., anon). This is the user that will be used to logon to this Windows box using SSH and invoke the scripts.

5. Set the Authorization to Public Key (SSH Only)

6. In freeSSHd settings, go to Authentication tab and

a. Set Password Authentication to Disabled

b. Set Public key Authentication to Required

This is for setting up Password less key file authentication

7. Download and run puttygen utility that will generate private-public key pairs.

8. Once the key is generated in the puttygen, go to Conversions -> Export OpenSSH key and export the public key to Openssh format. Copy it to notepad

9. In the windows box (Win1) where freeSSHd is installed, browse to c:\program files(x86)\freesshd\, create a file with the same name as the user (anon) without any extension and paste the public key generated by step 8 above.

10. In the Linux box (say Linux1), cd into $HOME/.ssh folder. If .ssh folder is not there, create the folder using mkdir command

11. Create a file called id_rsa.pub in this $HOME/.ssh folder and copy the key generated by step 8 above.

12.  Save the private key from puttygen and copy it the linux box as $HOME/.ssh/id_rsa . This can be either FTP-ed or the contents of the private key can be copied from the saved file and then pasted to id_rsa file. Note that private key file does not have any extension. And this file should not be shared with anyone else.

13. Set the permission levels to 600 on the .ssh folder by the below command:

chmod –R 600 .ssh

Now it should be possible to login to the Windows box from linux through SSH without having to give any password. Below is the ssh command:

ssh <username>@<Windowsservername>

(eg.)   ssh anon@Win1

A shell script with this command clubbed with the commands to run the batch script can be created and called from any other app to run the batch scripts.

Advertisements