File: SHA256: a6b1fa6a23dcdf099b58302bbeaa8fdb671e2dbafc79988fa019a1. 2015 13:58, Rainer Schuetz wrote: First I saw there are two ssh binaries /bin/sshd /usr/bin/sshd Is that normal, which one should I use? There is just one binary and /bin is just a mount point, redirecting to /usr/bin. Run MSYS2 SSHD on Port 2222 Concurrently with Native OpenSSH SSHD - rkitover/windows-alt-sshd-msys2. But, I actually have MSYS2 sshd first in my path (even though I don't use it), so above command tries to get the version of MSYS2 sshd instead (which doesn't have embedded version info, so it returns blank). Instead I have to do this in PowerShell: (Get-Item C:WindowsSystem32OpenSSHsshd.exe).VersionInfo.FileVersion) Server OperatingSystem.
sshd
Msys2 Ssh
As most GHC developers are used to work on Unix workstations, having to use a graphical remote desktop session to access the CygWin/MSYS2 environment is rather disruptive to typical workflows. By setting up a SSH daemon inside the MSYS2 environment, such a CygWin/MSYS2 environment can be treated almost as yet another remote Unix environment.
While on CygWin setting up sshd is taken care of by the provided ssh-host-config shell script which creates the required user accounts and installs sshd as a system service in Windows, with MSYS2 these steps need to be performed manually. To this end, here's the steps needed to setup sshd manually (which I had to find out the hard, time-consuming way, hence documenting them here):
Msys2-ssh-setup
pacman -S cygrunsrv openssh mingw-w64-$(uname -m)-editrightsssh-keygen -ACreate priviledged
cyg_serveruser (required in most current Windows versions)
TODO evaluate alternative script at https://gist.github.com/samhocevar/00eec26d9e9988d080ac
Msys2 Sshd
| #!/bin/sh |
| # |
| # msys2-sshd-setup.sh — configure sshd on MSYS2 and run it as a Windows service |
| # |
| # Please report issues and/or improvements to Sam Hocevar <sam@hocevar.net> |
| # |
| # Prerequisites: |
| # — MSYS2 itself: http://sourceforge.net/projects/msys2/ |
| # — admin tools: pacman -S openssh cygrunsrv mingw-w64-x86_64-editrights |
| # |
| # This script is a cleaned up and improved version of the procedure initially |
| # found at https://ghc.haskell.org/trac/ghc/wiki/Building/Windows/SSHD |
| # |
| # Changelog: |
| # 24 Aug 2015 — run server with -e to redirect logs to /var/log/sshd.log |
| # |
| pacman -S openssh cygrunsrv mingw-w64-x86_64-editrights |
| set -e |
| # |
| # Configuration |
| # |
| PRIV_USER=sshd_server |
| PRIV_NAME='Privileged user for sshd' |
| UNPRIV_USER=sshd # DO NOT CHANGE; this username is hardcoded in the openssh code |
| UNPRIV_NAME='Privilege separation user for sshd' |
| EMPTY_DIR=/var/empty |
| # |
| # Check installation sanity |
| # |
| if! /mingw64/bin/editrights -h >/dev/null;then |
| echo'ERROR: Missing 'editrights'. Try: pacman -S mingw-w64-x86_64-editrights.' |
| exit 1 |
| fi |
| if! cygrunsrv -v >/dev/null;then |
| echo'ERROR: Missing 'cygrunsrv'. Try: pacman -S cygrunsrv.' |
| exit 1 |
| fi |
| if! ssh-keygen -A;then |
| echo'ERROR: Missing 'ssh-keygen'. Try: pacman -S openssh.' |
| exit 1 |
| fi |
| # |
| # The privileged cyg_server user |
| # |
| # Some random password; this is only needed internally by cygrunsrv and |
| # is limited to 14 characters by Windows (lol) |
| tmp_pass='$(tr -dc 'a-zA-Z0-9'< /dev/urandom | dd count=14 bs=1 2>/dev/null)' |
| # Create user |
| add='$(if ! net user '${PRIV_USER}'>/dev/null;thenecho'//add'; fi)' |
| if! net user '${PRIV_USER}''${tmp_pass}'${add} //fullname:'${PRIV_NAME}' |
| //homedir:'$(cygpath -w ${EMPTY_DIR})' //yes;then |
| echo'ERROR: Unable to create Windows user ${PRIV_USER}' |
| exit 1 |
| fi |
| # Add user to the Administrators group if necessary |
| admingroup='$(mkgroup -l | awk -F: '{if ($2 'S-1-5-32-544') print $1;}')' |
| if! (net localgroup '${admingroup}'| grep -q '^''${PRIV_USER}''$');then |
| if! net localgroup '${admingroup}''${PRIV_USER}' //add;then |
| echo'ERROR: Unable to add user ${PRIV_USER} to group ${admingroup}' |
| exit 1 |
| fi |
| fi |
| # Infinite passwd expiry |
| passwd -e '${PRIV_USER}' |
| # set required privileges |
| forflagin SeAssignPrimaryTokenPrivilege SeCreateTokenPrivilege |
| SeTcbPrivilege SeDenyRemoteInteractiveLogonRight SeServiceLogonRight;do |
| if! /mingw64/bin/editrights -a '${flag}' -u '${PRIV_USER}';then |
| echo'ERROR: Unable to give ${flag} rights to user ${PRIV_USER}' |
| exit 1 |
| fi |
| done |
| # |
| # The unprivileged sshd user (for privilege separation) |
| # |
| add='$(if ! net user '${UNPRIV_USER}'>/dev/null;thenecho'//add'; fi)' |
| if! net user '${UNPRIV_USER}'${add} //fullname:'${UNPRIV_NAME}' |
| //homedir:'$(cygpath -w ${EMPTY_DIR})' //active:no;then |
| echo'ERROR: Unable to create Windows user ${PRIV_USER}' |
| exit 1 |
| fi |
| # |
| # Add or update /etc/passwd entries |
| # |
| touch /etc/passwd |
| foruin'${PRIV_USER}''${UNPRIV_USER}';do |
| sed -i -e '/^''${u}'':/d' /etc/passwd |
| SED='/^''${u}'':/s?^(([^:]*:){5}).*?1''${EMPTY_DIR}'':/bin/false?p' |
| mkpasswd -l -u '${u}'| sed -e 's/^[^:]*+//'| sed -ne '${SED}' |
| >> /etc/passwd |
| done |
| # |
| # Finally, register service with cygrunsrv and start it |
| # |
| cygrunsrv -R sshd ||true |
| cygrunsrv -I sshd -d 'MSYS2 sshd' -p |
| /usr/bin/sshd.exe -a '-D -e' -y tcpip -u '${PRIV_USER}' -w '${tmp_pass}' |
| # The SSH service should start automatically when Windows is rebooted. You can |
| # manually restart the service by running `net stop sshd` + `net start sshd` |
| if! net start sshd;then |
| echo'ERROR: Unable to start sshd service' |
| exit 1 |
| fi |
Msys2 Ssh Service