在Windows2003中配置ssh服務
在vm
裡成功做了一個ssh
伺服器,以下對這個過程做個總結。
步驟一:
在vm win2k3
裡安裝cygwin
環境,虛拟機上不了外網,是以就在我的工作機上下載下傳了一個cygwin
的安裝包,完整的,640M
。
把這個包拷貝到虛拟機裡面,完全安裝,
安裝的中間出現很奇怪的進度顯示,如下所示。
安裝了很長時間,至少有1h
,完成之後,輕按兩下cygwin
無法使用。在另一台虛拟機裡也試着安裝了一下,也是沒有成功。很郁悶。
步驟二:
把我自己的工作機(winxp)上的cygwin的安裝包壓縮後傳到vm上,1,8G
,上傳之後解壓到C槽。到cygwin目錄下,輕按兩下Cygwin.bat,成功打開bash環境。在桌面上做了一個快捷鍵。如下
步驟三:
配置ssh
伺服器。
1) 添加環境變量CYGWIN和path。
2) 授權。
chmod +r /etc/group
chmod +r /etc/passwd
chmod +rwx /var 3) 安裝sshd服務
$ ssh-host-config # 引導SSH服務配置 *** Info: Generating /etc/ssh_host_key
*** Info: Generating /etc/ssh_host_rsa_key
*** Info: Generating /etc/ssh_host_dsa_key
*** Info: Creating default /etc/ssh_configfile
*** Info: Creating default /etc/sshd_configfile
*** Info: Privilege separation is set toyes by default since OpenSSH 3.3.
*** Info: However, this requires anon-privileged account called 'sshd'.
*** Info: For more info on privilegeseparation read /usr/share/doc/openssh/READ
ME.privsep.
*** Query: Should privilege separation beused? (yes/no) yes #
輸入
yes
*** Info: Updating /etc/sshd_config file
*** Warning: The following functionsrequire administrator privileges!
*** Query: Do you want to install sshd as aservice?
*** Query: (Say "no" if it isalready installed as a service) (yes/no) yes #
輸入
yes
*** Info: Note that the CYGWIN variablemust contain at least "ntsec"
*** Info: for sshd to be able to changeuser context without password.
*** Query: Enter the value of CYGWIN forthe daemon: [ntsec] ntsec #
輸入
ntsec
*** Info: On Windows Server 2003, WindowsVista, and above, the
*** Info: SYSTEM account cannot setuid toother users -- a capability
*** Info: sshd requires. You need to have or to create a privileged
*** Info: account. This script will help you do so.
*** Info: You appear to be running Windows2003 Server or later. On 2003 and
*** Info: later systems, it's not possibleto use the LocalSystem account
*** Info: for services that can change theuser id without an explicit password
*** Info: (such as passwordless logins[e.g. public key authentication] via sshd).
*** Info: If you want to enable thatfunctionality, it's required to create a new
*** Info: account with special privileges(unless a similar account already exists).
*** Info: This account is then used to runthese special servers.
*** Info: Note that creating a new userrequires that the current account have
*** Info: Administrator privileges itself.
*** Info: No privileged account could befound.
*** Info: This script plans to use'cyg_server'.
*** Info: 'cyg_server' will only be used byregistered services.
*** Query: Do you want to use a differentname? (yes/no) no #
輸入
no
,不指定啟動使用者
*** Query: Create new privileged useraccount 'cyg_server'? (yes/no) no #
輸入
no
,不指定啟動使用者
*** ERROR: There was a serious problemcreating a privileged user.
*** Query: Do you want to proceed anyway?(yes/no) yes #
輸入
yes
*** Warning: Expected privileged user'cyg_server' does not exist.
*** Warning: Defaulting to 'SYSTEM'
*** Info: The sshd service has beeninstalled under the LocalSystem
*** Info: account (also known as SYSTEM).To start the service now, call
*** Info: `net start sshd' or `cygrunsrv -Ssshd'. Otherwise, it
*** Info: will start automatically afterthe next reboot.
*** Info: Host configuration finished. Havefun!
4)
Net start sshd # 啟動 SSH服務
5) 注意: 使用 windows 使用者本地認證
mkpasswd-l > /etc/passwd 使用windows 使用者的密碼
mkgroup -l > /etc/group 使用windows 使用者組 6) 啟動完成之後ssh Administrator@localhost提示輸入密碼,輸入正确的密碼,可以成功登陸,則ssh配置成功。
問題:
Q:
安裝的時候出現如下錯誤Error installing a service: OpenService: Win32 error 1073:
重新安裝sshd
服務,要先到系統資料庫中删除對應的注冊資訊。
HKEY_LOCAL_MACHINE\HKEY_LOCAL_MACHINE\SYSTEM\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sshd
Q: cygrunsrv -Ssshd
不能啟動,報告
cygrunsrv: Error starting a service:QueryServiceStatus: Win32 error 1062:
The service has not been started.
A:
很可能是/var/log
的權限設定不正确。首先執行mkpasswd
和 mkgroup
重新生成權限資訊,再删除sshd
服務,重新配置:
$ mkpasswd -l > /etc/passwd
$ mkgroup -l > /etc/group
$ cygrunsrv -R sshd
$ ssh-host-config -y
$ cygrunsrv -S sshd