Openssh daemon config
From wikinotes
Locations
/etc/ssh
General
sshd_config
Common Options
Port 22 PermitRootLogin no PasswordAuthentication no PermitEmptyPasswords no # if user is authenticated, do not prevent them from accessing # if their ip addr has changed since last time. IgnoreUserKnownHosts yesRestricting Users
# /etc/ssh/sshd_config # members of unix group 'sftpusers' # are restricted to dir '/var/sftpdata/{username}' # and are only allowed to run 'internal-sftp' command Match Group sftpusers ChrootDirectory /var/sftpdata/%u ForceCommand internal-sftphost keys
Generated on SSH install, it's pubkey sent to client so it can encrypt data for host.
A unique host key should be used for every server install.
Cygwin
Autostarting openssh in cygwin on windows:
# Pre Setup Tasks chmod +r /etc/passwd chmod +r /etc/groups chmod 555 /var# From an ADMINISTRATOR cmd, start cygwin ssh-host-config # deal with warnings (YOU DO NOT WANT SEPARATED AUTHENTICATION) ssh-user-config # generate all user keys chmod +rx /bin/bash # bash must be executable cygrunsrv -S sshd # test openssh# Troubleshooting # =============== # if cygwin is not starting, or crashing, you can check the logs in # /var/log/sshd.log # make sure your user has a password (in cygwin): # passwd will # if your user doesn't have a passwd entry, make one with # mkpasswd -l >> /etc/passwd # cygwin's openSSH requires that the account is an administrator # and that the windows user has a password in order for a user to login. # (at least this is what is documented, I have reasons to doubt this) # **NOTE** # DESPITE THE FACT THAT WINDOWS DOESN'T DISTINGUISH BETWEEN UPPER AND LOWER CASE # CYGWIN DOES. IF YOUR WINDOWS USER ACCOUNT HAS CAPITAL LETTERS, THE ENTRY IN # /etc/passwd WILL ALSO HAVE CAPITALS. THIS WILL DENY YOUR LOGIN ATTEMPTS. # ALSO, DESPITE WHAT IS SAID ON THE INTERNET/DOCUMENTATION, CYGWIN DOES NOT USE # YOUR WINDOWS USER CREDENTIALS, AND INSTEAD USES THE CYGWIN PASSWD ENTRIES. # make sure that bash is executable # test if you can login as cyg_server@localhost. If that's working, then # perhaps you should run ssh-host-config again without the privileged user # separation. It's only windows after all... if someone really wants in... ##openSSH will start automatically on the next windows boot. (using windows services)