One tool that I have always found missing from Windows installations is an SSH daemon that allows users to remotely log in to a console or, with the right tool, run a remote application or administer a machine. Some tools for this job either are too complicated or simply don't work. There is a solution, WinSSHD, that is as robust and reliable as it is easy to install.
WinSSHD works with all NT-series Windows operating systems, including:
Although not listed as being supported, I have successfully installed and used WinSSHD on Windows 7 as well.
This blog post is also available in PDF format in a free TechRepublic download.
WinSSHD includes the following features:
- Secure remote console access
- vt100, xterm, bvterm support
- Remote desktop and WinVNC support
- Secure file transfer with SFT and SCP
- Secure TCP tunneling
- 30-day demo available
- Simple to install
- User-friendly management console
Getting and installing
Installing WinSSHD is as simple as any Windows application installation. There are two screens, however, that will need attention. Before you get to that point, you will first need to download the installer from the Bitvise Web site and double-click the saved file to begin the installation process.
Each WinSSHD installation is considered a "site."
You will also have to select what you are doing with this installation. The options are:
- Replace existing WinSSHD site: This option will be available only if you already have a WinSSHD installation.
- Install new WinSSHD site: If this is your first installation, this is what you want to select.
- Install new default site: If you are going to have only one WinSSHD installation, select this option.
- Install new named site: If you know you are going to have multiple instances of WinSSHD, select this option.
- Run WinSSHD Control Panel when done: If you want to start working with WinSSHD immediately, check this option.
- Standard Edition: This is the 30-day demo you downloaded. With this installation you will have full functionality, but it will expire unless you purchase a license.
- Personal Edition: Free, but with restrictions (see Figure B).
If you need access to only one machine with one group and 10 accounts, the Personal edition is perfect.
The remainder of the installation is simple. Once you have completed the installation, the WinSSHD Control Panel will open and you can start working with WinSSHD.
Using WinSSHDFrom the WinSSHD Control Panel you can manage all aspects of the application. The first tab in this control panel that you should visit is the Server tab (Figure C). From here you can activate your copy of WinSSHD, start/stop the server, manage your Host Keys, and configure WinSSHD.
This tab will inform you how many days you have left on your evaluation.Out of the box, WinSSHD works perfectly for a single-session SSH connection. If you decide the default settings won't work for you or if you know you have a network/setup that demands specific configurations, such as needing to open the Windows Firewall to your local network or configuring your proxy settings, click on the Settings link near the bottom. From within the Settings window (Figure D), there are a number of options you can configure.
Although the default settings should work, WinSSHD allows you to get fairly granular with your configurations.
Any options you may need/want to configure within the settings will be determined by your particular network topography as well as your user needs.
When you have WinSSHD set up, you will want to make sure it works. The first test you will want to run is from localhost. So open an instance of your SSH client (such as PuTTy) on the machine with WinSSHD installed and attempt to log in. That should work without a problem.
Now move over to another machine on your network and attempt the same login. If this fails most likely you will need to adjust some of the security parameters within WinSSHD. The first place to look is in the Server section of the Settings window. In that section you will want to click on the Firewall section and then make sure the Open Ports to Local Subnet option is selected from the dropdown.
Once you are able to log in from another machine on your network, you will want to do a bit of securing.
Once you have WinSSHD set up and working, it's time to secure your WinSSHD installation. Really there are only three items to secure:
- What services are made available
- What users can gain access
- When to use strong authentication
Let's examine services first. There are three services to either enable or disable:
- File transfer
- Routing TCP connections
This is also the same window where you can add groups.Select the Everyone group and click the Edit button. From this window, you will need to scroll down to the section where you can see Permit Terminal Shell (Figure F).
Remember, this is the default group, so you might want to keep strong control over this group.
This section is where you will want to disable the services you do not need. Once you have deselected those features, click the OK button to save the settings and dismiss the window.Now, let's say you want to limit access to only certain users on the machine. You will first need to disable login access to the Everyone group you were just working with. Once you do that, you can configure a user account for logging in. To do this, go back to the settings window and then click on the Windows Accounts section under Access Control. Here you want to add an account, so click the Add button. In this window, you will want to configure the options you need and, most importantly, add the actual user name associated with the account you want to enable (Figure G).
I have labeled the section USERNAME_HERE where you need to add the actual user name.
Follow those same steps for all users you want to be able to log in to this machine.
The final piece of advice is to make sure all users are using strong passwords. Because WinSSHD is opening a Windows machine for remote access, you will want to ensure that the users all are using strong passwords so those accounts are harder to crack. Make sure your user passwords are at least 15 characters long and have a combination of alpha and numeric characters. If your users are using simple passwords, the likelihood of this machine being cracked becomes much greater.
I can highly recommend WinSSHD to anyone needing SSH access to a Windows machine. And not only would I recommend this application to single users, but to small and large businesses as well. WinSSHD is very simple to use and allows you to configure your SSHD server to very specifically meet your needs.
Stay on top of the latest XP tips and tricks with TechRepublic's Windows XP newsletter, delivered every Thursday. Automatically sign up today!
Jack Wallen is an award-winning writer for TechRepublic and Linux.com. He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website getjackd.net.