Installer, paramétrer et utiliser un serveur ssh sous Windows.
Le projet Open source d'OpenSSH permet d'installer un serveur ssh sous Windows, normalement dédié au monde linux.
Le protocole SSH permet d'établir une connexion sécurisée entre des systèmes.
Une fois connectés les informations qui transitent sur le réseau sont puissamment cryptées.
L'installation est très simple et il suffit ensuite de lancer quelques lignes de commande en mode dos afin d'ajouter les utilisateurs de votre Windows.
Ensuite grâce à un client SSH il est possible donc de se connecter sur votre ordinateur en mode console ou en mode graphique :
- PUTTY permet une connexion sur votre système en mode console.
- WINSCP 3 permet une connexion ssh en mode graphique (comme en ftp).
Il est donc nécessaire de vérifer si son routeur et son firewall laisse bien passer le port 22 (celui dédié à SSH).
Où trouver les logiciels nécessaires :
OpenSSH pour windows OpenSSH <= ici
Winscp : WinSCP <= ici
PUTTY : PUTTY <= ici
Utiliser et paramétrer la clef publique et la clef privée de votre connexion SSH
1. OK, first, download OpenSSH from http://lexa.mckenna.edu/sshwindows/
2. Unzip it, and run the resulting installer
3. Install the program to the directory of your choice (I will use c:\OpenSSH). You will be best served by putting OpenSSH into a directory that does not contain any spaces.
4. Take the defaults for the remaining setup screens
5. After OpenSSH is installed, open a command prompt and cd to the \OpenSSH\Bin directory
6. Run mkgroup -l >> ..\etc\group
7. Run mkgroup -d >> ..\etc\group
8. Run mkpasswd -l [-u ] >> ..\etc\passwd
9. Run mkpasswd -d [-u ] >> ..\etc\passwd
10. Run “net start opensshd“
11. On a seperate system equipped with an SSH client (such as PuTTY), ensure you can connect to the new server using a username and password that is valid for the server
12. Once you have verified the OpenSSH service is working correctly, go ahead and “net stop opensshd“ to stop it
13. From the command window on the server, cd\openssh\etc
14. Copy sshd_config to sshd_config.bak just in case something goes horribly wrong and you want to return to the default configuration and start over
15. Copy this sshd_config to the system, placing it into the \OpenSSH\etc directory (this conf file will force public key authentication, and disallow password authentication. Feel free to adjust it to your needs later.)
16. cd ..\bin
17. Run “ssh-keygen -t rsa“ (we will be generating an SSH2 RSA key, which is the currently recommended key)
18. When asked for where we want the key files to be placed, DO NOT TAKE THE SUGGESTED LOCATION. Instead enter “/etc/id_rsa“ (the use of “/“ is important here, you cannot use “\“)
19. Enter a passphrase (you can leave the passphrase blank, but a passphrase will prevent the key from being used if someone happens to acquire it)
20. Enter the passphrase a second time
21. Observe two files being generated, “id_rsa“ (your private key, which your client machines will need) and “id_rsa.pub“ (your public key, which stays on your server)
22. Run “cd ..\etc“
23. Perform a “dir“ and ensure the two files are there. If they aren't go find them and put them there.
24. Run “copy id_rsa.pub authorized_keys“ The goal is to make a copy of the public key file, named “authorized_keys“
25. Grab the other file (id_rsa) and copy it by whatever means necessary (network, floppy, usb flash disk, pigeon, whatever it takes) to the machine you will be using as the client. (This file is your private key, and should be treated as highly confidential. If you used a well-thought-out passphrase when generating the key, then it is nigh unusable if someone comes across it. Otherwise, if someone gets a hold of this file, they can IMPERSONATE YOU when connecting to your SSH server. Pass phrase or not, this file should be treated as sensitive, and erased from whatever media you used to move it to your client.)
26. Run “net start opensshd“ and check in the Services applet that is has started and is running.
27. On the client, assuming you have SSH client tools installed, you can run “ssh -l “ from the directory where the id_rsa file was copied, and it should prompt you for the pass phrase, if you entered on during key generation. Once the pass phrase is entered, it should connect to the SSH server and give you a command prompt.
28. Pat yourself on the back and have a beer, preferably Fat Tire. But get your own. Just because I have a keg in my kitchen does not mean I have enough to share with other people!
Configuring PuTTY to use your shiny new key:
PuTTY is a free terminal emulation program, and it pretty much kicks ass. It supports all major encryption and authentication standards, and permits SSH tunnelling (which is what got me into this mess to begin with). I highly recommend it. You should go get it now and install it, if you haven't already.
First, the id_rsa file, your private key, needs to be converted to a format that PuTTY can work with:
1. Open a command prompt and navigate to the directory where PuTTY was installed
2. Run “puttygen“
3. Click “Load“
4. Change “Files of type:“ to “All Files (*.*)“
5. Navigate to where the id_rsa file was placed and select it, then click “Open“
6. If you set a pass phrase, you will be required to enter it before continuing
7. You should receive a Notice saying that the key has been successfully imported (blah blah blah). Hit OK there.
8. Ensure the “SSH2 RSA“ radio button is selected at the bottom of the window, in the box entitled “Parameters“
9. Click “Save Private Key“
10. Note the location, or pick a new one, and save the file as “id_rsa.ppk“
11. Close puttygen, you're done with it.
Now, configure a new SSH session in PuTTY to connect to your OpenSSH server:
1. Run PuTTY
2. Enter the Host Name or IP Address in the “Host Name“ box towards the top of the main window
3. Ensure “SSH“ is selected in the “Protocol“ box
4. In the “Saved Sessions“ top box, enter a name for the session you are creating
5. In the tree on the left, expand the “Connection“ and “SSH“ sections, if necessary
6. Under the “SSH“ tree, highlight “Auth“
7. Hit the “Browse“ button next to the box that says “Private key file for authentication“
8. Locate the “id_rsa.ppk“ file and double click on it (or highlight it and click “Open“)
9. Highlight the “Session“ section in the treeview on the left
10. Click “Save“ to save the session you have just configured (from now on, you can simply double-click on that session name when you start PuTTY and it will load all the settings you just configured)
11. Click “Open“ at the bottom of the window, or double-click on the newly-created session in the list box to start it.
12. If all goes well, you should establish a connection to the remote OpenSSH server, and be prompted for a user name
13. Enter a user name that is valid on the remote server and hit return
14. If you have configured a pass phrase, you will be challenged for it now. Otherwise...
15. You're done. I think we've earned another Fat Tire, don't you? I know I'm having another.
Pitfalls:
* Directories with spaces in them MAY cause some issues with OpenSSH. Avoid them.
* Don't place your public key (id_rsa.pub and authorized_keys file) into your user directory, which is the default location for them when using “ssh-keygen“. User dirs have funny permissions on them sometimes. Use a neutral location, like the suggested “\OpenSSH\etc“ dir.
* Remove the private key from the server, or at least move it to a more secure location. This is the key to your kingdom. Even with a pass phrase, it can be broken by a hacker with enough motivation, horsepower and time.
* Don't be dazzled by all the things PuttyGen can do. All you want to do it save the private key in the PuTTY format. All the noise about pasting text into “authorized_keys“ and stuff is not necessary in the scenario we walked through here. Ignore all that, follow my instructions (unless you know what you are doing, in which case, why the hell are you reading this drivel?).
|
