How Do You SSH to a Windows Server or How Do You Install Cygwin on a Windows 2016 Server?

Problem scenario
You want to install Cygwin to allow for SSH connections (from Linux servers) to your Windows server.  How do you do this?

1.  If the server is new, skip step #1.

  a)  Log in and go to Control Panel -> System and Security -> System.  Click on "Advanced system settings" on the left.

  b)  Go to the Advanced tab and click on "Environment Variables..."

  c)  Under the "System variables", highlight the "Path" variable.  Click "Edit..."

  d)  Verify the "Variable value" does not have "OpenSSH\bin" nor "mksnt".  Normally they will not; so you would click "Cancel".  Delete them if they are present.

  e)  Go to services.  Verify the MKS Secure Shell service is not running.

2.  If the server is new (freshly installed with just the OS and a typical image), or if you have completed step #1, download the 64-bit version of Cygwin from from the server itself.  (Go to "Install Cygwin" in the upper lefthand corner.  If the download doesn't work, go to I.E.'s sprocket symbol, Security tab, click the Internet zone, go to "Custom level..." button and ensure that Downloads -> File download is set to "Enable" and "Font download" is set to "Prompt.")

3.  Click "Save" for the download to start.  

4.  Run the .exe file and click "Yes" to allow it to make changes to your system.  

5.  When you see the "Cygwin" set up window, choose "Next".

6.  Choose "Install from Internet" and click "Next".

7.  Install for "All Users" and click "Next."

8.  Make a note of the location of where it is being installed.  You will need this folder path.  Accept the default location of the "Local Package Directory" and click "Next".

9.  For "Select Your Internet Connection" use "Use System Proxy Settings" (which will certainly work if the Windows server is in GCP).

10.  Choose any available download site you want.

  a)  Expand Net.  Make sure you install the openssl and openssl-devel.  There are two boxes.  The left box should be checked for both of these two (to signify binary).  

  b) Expand Archive.  Make sure you install the unzip and zip.  There are two boxes.  The left box should be checked for both of these two (to signify binary).  Click "Next."

12.  For the "Resolving Dependencies" option, ensure that "Select required packages" is checked.  Click "Next."

13.  Click "Finish."  

14.  Open the Cygwin.bat file (e.g., in C:\cygwin\ if you accepted the default location).  Make sure it has this sole stanza above the "bash --login -" stanza:

set CYGWIN=binmode ntsec

Here is an example of how the whole file may look when you are done (the emboldened text is just for clarity):

@echo off

chdir C:\cygwin\bin
set CYGWIN=binmode ntsec
bash --login -i

15.  Open Cygwin as administrator.  (Right click it and go to "Run as Administrator".)

16.  Run this command in Cygwin:

ssh-host-config   # respond to the prompt with "yes" with no quotes

# To the question about StrictModes, respond to the prompt with "yes" with no quotes

# To the prompt about "new local account 'sshd', respond with "yes" with no quotes

# To the prompt about installing sshd as a service, respond with "yes" with no quotes

# To the prompt about "Enter the value of CYGWIN for the daemon, enter this with no leading spaces

before "binmode":  binmode ntsec

# To the prompt that says "Create new privileged user account", enter "yes" with no quotes

# Enter the password for this new local user.  Press enter.  Repeat the process for confirmation.

# To the prompt about "Do you want to proced anyway", enter "yes" with no quotes

17.  Go to Services. Start the Cygwin service (right click it, go to Start).

18.  Open Windows Firewall.  Either turn it off or configure it to allow inbound TCP connectivity over port 22. 
Optional details:  To turn it off, open the MMC, in the Overview section in the middle there is a hyperlink for "Windows Firewall Properties".  Click this link and go to the drop down menu for "Firewall state."  Choose off.

19.  Now you are ready to use SSH.  If you want details on how to use passwordless SSH authentication, see this posting.

Leave a comment

Your email address will not be published. Required fields are marked *