Windows下通过cygwin架设sshd服务

sshd服务是一种安全连接，它能让你访问服务器上的命令行界面。Windows本身没有提供该服务，所以我们可以通过cygwin来进行安装。

安装 cygwin

首先安装 cygwin。安装时间为 2006-10-8，Cygwin DLL版本为 1.5.21-1。除了默认的软件包之外，又增加了以下软件包。

∙Admin

o cron-3.0.1-19

o cygrunsrv-1.17-1

o shutdown-1.7-1

o syslog-ng-1.6.11-1

∙Archive

o unzip-5.50-5

o zip-2.3-6

∙Devel

o subversion-1.3.2-1

∙Editors:

o vim-7.0.076-1

∙Interpreters

o gawk-3.1.5-4

o perl-5.8.7-5

o expat-1.95.8-1

∙Libs

∙Net

o lftp-3.5.1-1

o openssh-4.4p1-1

o openssl-0.98d-1

o openssl097-0.9.7l-1

o ping-1.0-1

o netcat-1.10-2

∙Shells

o ash-20040127-3

o bsah-3.1-9

o bash-completion-20060301-1

o mc-4.6.1-2

∙Utils

o patch-2.5.8-8

o time-1.7-1

∙Web

o wget-1.10.2-1

安装

用管理员用户登录，启动 cygwin 命令行，执行以下命令。

$ ssh-host-config

Generating /etc/ssh_host_key

Generating /etc/ssh_host_rsa_key

Generating /etc/ssh_host_dsa_key

Generating /etc/ssh_config file

Privilege separation is set to yes by default since OpenSSH 3.3. However, this requires a non-privileged account called 'sshd'.

For more info on privilege separation read

/usr/doc/openssh/README.privsep.

Shall privilege separation be used? (yes/no) yes

Warning: The following function requires administrator privileges! Shall this script create a local user 'sshd' on this machine? (yes/no) yes

Generating /etc/sshd_config file

Added ssh to /cygdrive/c/WINDOWS/system32/drivers/etc/services

Do you want to install sshd as service?

(Say "no" if it's already installed as service) (yes/no) yes

Which value should the environment variable CYGWIN have when

sshd starts? It's recommended to set at least "ntsec" to be

able to change user context without password.

Default is "ntsec". CYGWIN=binmode ntsec tty

The service has been installed under LocalSystem account.

To start the service, call `net start sshd' or `cygrunsrc -S ssdh'. Host configuration finished. Have fun!

配置 sshd

在 cygwin 的命令行中输入以下命令：

$ cd /etc

$ chmod 666 sshd_config

$ vi sshd_config

修改 sshd_config 的以下配置。

PermitRootLogin no # 禁止root登录

StrictModes yes # CYGWIN=ntsec时的安全配置RhostsRSAAuthentication no # 禁止 rhosts 认证

IgnoreRhosts yes # 禁止 rhosts 认证

PasswordAuthentication no # 禁止密码认证ChallengeResponseAuthentication no # 禁止密码认证PermitEmptyPasswords no # 禁止空密码用户登录

最后将 sshd_config 的权限修改回 644。

$ chmod 644 sshd_config

启动 sshd 服务器。

$ cygrunsrv -S sshd

生成公钥和密钥

由于我们上面的设置仅允许密钥方式认证，所以要为我们的用户生成一对公钥和密钥。

在 cygwin 的控制台中执行以下命令，生成 ssh1 的公钥和密钥。

$ ssh-keygen -t rsa1

Generating public/private rsa1 key pair.

Enter file in which to save the key (/home/charlee/.ssh/identity): Enterpassphrase (empty for no passphrase): 输入密码

Enter same passphrase again: 再次输入密码

Your identification has been sabed in /home/charlee/.ssh/identity Your public key has been saved in /home/charlee/.ssh/identity.pub

类似的方法，使用下面的命令生成 ssh2 的公钥和密钥。

$ ssh-keygen -t rsa

$ ssh-keygen -t dsa

将公钥导入到认证公钥中：

$ cd .ssh

$ cat identity.pub >> authorized_keys

$ cat id_rsa.pub >> authorized_keys

$ cat id_dsa.pub >> authorized_keys

因为我们在 /etc/sshd_config 的配置中使用了 StrictModes yes 的设置，所以要修改目录权限，命令如下。