Question

Locked

Open SSH For Windows

By dcolbert Contributor ·
I've got a unique challenge.

I am trying to set up Open SSH for Windows for secure SFTP connections.

There are a few problems, though...

Using Bitvise Tunnelier, I get a GUI based SFTP client on a connect, but it also opens a SSH shell at the Windows prompt.

I want to suppress allowing SSH connections while allowing SFTP connections. I'm sure this must be possible? But I can't seem to find a lot of information on this online (it might be that I can hardly figure out how to describe this, let alone do a search on it that will return meaningful results).

I don't want to do this CLIENT side, mind you, I want the suppression of the SSH to happen server-side. There are security concerns with allowing terminal based command line connections to the server - but I can control those issues better in SFTP. I've looked at the /etc config files - I see how I would suppress the SFTP deamon from starting - it is dependent on the SSH deamon. But therefore, the SSH deamon *must* be running, it seems. So I want it (SSH) to run, just not to respond to an external connection attempt.

Is this possible?

Is there a better way to enable secure, encrypted communications to a Win32 box?

Running Linux is not an option. I've tried FreeNAS, but the limited server-side user and permissions on FreeNAS prevent this from being a viable solution for me.

This conversation is currently closed to new comments.

5 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

Just config tunnelier??

by robo_dev In reply to Open SSH For Windows

http://www.bitvise.com/tunnelier

"make Tunnelier hide portions of its user interface (main window, authentication messages, access to SSH features) using the -hide and -menu parameters"

Collapse -

The problem is...

by dcolbert Contributor In reply to Just config tunnelier??

That doesn't prevent someone from installing their own copy of Tunnelier configured to allow them the shell access. I need to suppress it on the server-side, not the client side.

I had thought of this, but the security hole exists because the SSH shell is there on the server. You could PuTTy in to it. I don't want that accessible.

Collapse -

SSH vs IPsec vs SSL

by Markx.Allen In reply to Open SSH For Windows

The Microsoftian way to do this is one of the following:

1) IIS7 + SSL (FTPS)
1.1) FileZilla Server + SSL
2) IPsec + FTP
3) SSH FTP

On Unix the way to "turn off" SSH shell access is to assign the user account a shell which only permits the sftp-server process to start (and no others).

Of course, you could spring for a "real" SSH implementation on Windows like VanDyke which already includes the ability to permit SSH FTP but not SSH shell access.

If you're looking for free, then you're probably looking at option 1 or 2.

Collapse -

LOL

by dcolbert Contributor In reply to SSH vs IPsec vs SSL

I think you're right, and 1 is out of the question (currently), so it is really 1.1 or 2.

1.1 still requires a certificate, so that isn't actually "free" either (assuming I don't use a self-issued certificate).

I was hoping I could do it with Open SSH, as I didn't want to have to re-engineer my currently beta-testing solution. But it looks like that may be the case. *sigh*.

Back to Networks Forum
5 total posts (Page 1 of 1)  

Hardware Forums