by Gina Trapani
Click to viewAnyone who's done any Unix work has used SSH (Secure Shell) to connect to other computers and perform tasks like transferring files. But you don't have to be a Unix whiz with a beard, ponytail and penguin tee-shirt to reap the benefits of the secure, remote computing that SSH offers.
It's simple to set up an SSH server right on your Windows PC with Cygwin (and even simpler on your Mac). Once your personal SSH server is up and running, you can connect to your home computer securely from anywhere on the internet, up and download files and perform all the command line tasks your heart desires. Here's how.
Notes: Running a server and opening a port on your computer is a risky undertaking. Do make sure your computer's up to date, has strong logins and is behind a firewall before proceeding.
Why SSH?
We've covered how to install several different kinds of home servers here at Lifehacker. Here's what sets SSH apart:
Unlike a home web server, SSH is read/write, meaning you can get and put files on a server with it.
Unlike a home FTP server, SSH is secure. All the transactions are encrypted and cannot be sniffed.
Unlike a VNC server, SSH (alone) doesn't let you drive your computer remotely, and it is also secure and encrypted (while VNC is not.)
Like the sounds of SSH? Let's get started.
Install and configure OpenSSH
We're going to use the free Unix emulator Cygwin to get the Open SSH suite installed on your Windows machine. If you're new to Cygwin, check out previous Cygwin tutorials, part 1, 2 and 3.
Run Cygwin's setup.exe and from the package list, check off "openssh," which appears in the "Net" group, as shown. (Click to enlarge.)
Complete the Cygwin setup and restart if necessary.
Then, launch a Cygwin command line window and type ssh-host-config. When the script asks you about "privilege separation," answer yes. When the script asks to "create local user sshd," answer yes. When the script asks to "install sshd as a service," answer yes. When the script stops and asks you for "CYGWIN=" your answer is ntsec tty. (Thanks to the author of this page for the help here.).
Disable SSH protocol 1
On a particularly locked-down network I spend a lot of time on, the admins asked me to disable SSH's Protocol 1 on my SSH server for security reasons. This goes a bit beyond my level of SSH expertise (so network admins, feel free to jump in here), but apparently some vulnerabilities have been identified with Protocol 1, which you don't need for your server anyway. To disable it, open SSHD's configuration file in a text editor, located at c:\cygwin\etc\defaults\etc\sshd_config. Change the line that reads:
#Protocol 2,1
To:
Protocol 2
.
So you're just removing the # and the ,1. Save the file.
Run your SSH server
Now it's time to get your SSH server running. Since we're on Windows we'll start it as a service. It will use your Windows login names and passwords to authenticate users. (Make sure all your PC login's have strong passwords associated with them!)
At the Cygwin prompt, type:
net start sshd
You should get:
The CYGWIN sshd service is starting. The CYGWIN sshd service was started successfully.
Now you're rockin' and rolling!
Note that you can also start and stop the Cygwin SSH server in the Services panel. In Control Panel, Administrative Tasks, choose Services. Right-click on the "CYGWIN sshd" item to start, stop, disable or edit other properties of the service, as shown.
Open SSH port 22
Now that your server's running, you have to open a port on your firewall to let clients connect to it. If you're behind a router/firewall, here's a refresher on how to access a home server behind it. Remember, SSH runs on port 22, so that's the port you want to forward.
For folks running the regular Windows Firewall, add the SSH port to your list of exceptions. In Control Panel, click on Windows Firewall, and on the Exceptions tab, click "Add Port" and enter ssh and port 22, as shown.
Now you're ready to log in.
Connect to your server
There are several ways to connect to your new SSH server. You just need the server's IP address (internal for local networks, external from out on the internet, or perhaps your dynamic DNS name.)
From the command line on the other machine, type:
ssh -l username
(That's a dash lower-case L, not 1 before username.) Once you're logged in, you're sitting at the command line of the remote machine with freedom to do whatever you want at the prompt.
For a graphical user interface that transfers files, download and install the excellent, free WinSCP. Create a new connection to your server, as shown (replace "localhost" with your server's IP address.) (Click to enlarge.)
Once you connect, browse the server's files, download and upload the documents you need.
Finally, you can just use a regular FTP client that supports SFTP, or secure FTP. For example, Transmit on the Mac can SFTP to your SSH server and transfer files that way.
Mac SSH Server
As with most networking utilities, Mac users have it easy when it comes to running an SSH server. From System Preferences, Sharing, under Services, check off Remote Login, as shown. (Click to enlarge.)
And you're all set! You can connect to your Mac SSH server with WinSCP on a Windows machine or just at the Cygwin/Mac Terminal command line as well.
Once your SSH server is up and running, you may not want to have to remember its IP address all the time. Check out this tutorial on how to assign a memorable domain name to your home server.
In the meantime, happy SSH'ing! Post any questions/thoughts/tales of SSH sorrow or joy up in the comments.
Gina Trapani, the editor of Lifehacker, types SSH 20 times a day. Her semi-weekly feature, Geek to Live, appears every Wednesday and Friday on Lifehacker. Subscribe to the Geek to Live feed to get new installments in your newsreader.