An SSH server can be handy on a Windows machine, too. Cygwin comes with OpenSSH, and provides a lot of useful tools which you can use over the SSH connection. Here’s how to install Cygwin and OpenSSH server on a Windows machine.
Install Cygwin. Make sure you also install OpenSSH under the Net category. You can download the installer from here:
To successfully run OpenSSH on a Windows 2003 Server, you must create a new user account for it. This is because the SYSTEM account, which is the default when installing OpenSSH as a service, does not have the “Create a token object” right, which is needed for public key authentication. Luckily, the ssh-host-config command will create a user for you, if you wish. Just remember to select “yes” in the following prompts.
In fact, two user accounts are created in the script below. The other one is for privilege separation, which will make your installation a bit more secure. There’s no reason not to enable it.
If you are installing OpenSSH on an Active Directory domain controller, the user accounts will be created in Active Directory. This is because a domain controller does not have a separate local user database, but the local user database is a copy of AD itself. Remember this if you are going to install OpenSSH on more than one DC. On the second installation, the user accounts are already created!
Generating /etc/ssh_config file
Privilege separation is set to yes by default since OpenSSH 3.3.
However, this requires a non-privileged account called 'sshd'.
For more info on privilege separation read /usr/share/doc/openssh/README.privsep.
Should privilege separation be used? (yes/no) <b>yes</b>
Warning: The following function requires administrator privileges!
Should this script create a local user 'sshd' on this machine? (yes/no) <b>yes</b>
Generating /etc/sshd_config file
Warning: The following functions require administrator privileges!
Do you want to install sshd as service?
(Say "no" if it's already installed as service) (yes/no) <b>yes</b>
You appear to be running Windows 2003 Server or later. On 2003 and
later systems, it's not possible to use the LocalSystem account
if sshd should allow passwordless logon (e. g. public key authentication).
If you want to enable that functionality, it's required to create a new
account 'sshd_server' with special privileges, which is then used to run
the sshd service under.
Should this script create a new local account 'sshd_server' which has
the required privileges? (yes/no) <b>yes</b>
Please enter a password for new user 'sshd_server'. Please be sure that
this password matches the password rules given on your system.
Entering no password will exit the configuration. PASSWORD=<b>SECRET</b>
User 'sshd_server' has been created with password 'SECRET'.
If you change the password, please keep in mind to change the password
for the sshd service, too.
Also keep in mind that the user sshd_server needs read permissions on all
users' .ssh/authorized_keys file to allow public key authentication for
these users!. (Re-)running ssh-user-config for each user will set the
required permissions correctly.
Which value should the environment variable CYGWIN have when
sshd starts? It's recommended to set at least "ntsec" to be
able to change user context without password.
Default is "ntsec". CYGWIN=<b>binmode ntsec tty</b>
The service has been installed under sshd_server account.
To start the service, call `net start sshd' or `cygrunsrv -S sshd'.
Host configuration finished. Have fun!
You should now have a new service, called “CYGWIN sshd”, installed. It doesn’t start automatically, so you must start it either from the Windows Services MMC Console or from the command line with the command “net start sshd”.