Recently, I had a task assigned to me to get SFTP up and running on a Windows 2008 server. I did some Googling and found a few resources, but only by combining the various bits ofinformation was I able to get it up and running. I thought I’d throw it all together into a blog post, in the hopes that it will help someone else out.
Requirements
You will need to download the latest Cygwin package from cygwin.com (there’s a link to setup.exe halfway down the first page). You’ll also need to have administrator access to the Windows 2008 server.
Getting Started
After you’ve downloaded Cygwin’s setup.exe, right-click it and Run As Administrator. Choose to Install from Internet, keep the defaults for Root Directory and Install For All Users and leave the Local Package Directory at the default path. If you’re behind a proxy, you’ll want to use Internet Explorer’s settings, or enter the proxy information. If not, direct connection will work great. Choose a mirror (I chose the one from kernel.org), and click OK for the warning about upgrading Cygwin (since this is theoretically your first time to install it). On the package selection page, type SSH into the Search box, then expand the Net selection. Click on openssh to select the binary package only. Select the required dependent packages on the next screen and wait for the installation to finish.
Configuration
After the installation is completed, find the Cygwin Bash Shell icon (should be on your Start Menu or Desktop), and right-click to Run As Administrator. You’ll see some initial configurations running, then will be presented with a prompt. At the prompt, enter ssh-host-config to get started. You’ll be presented the wizard below. Feel free to answer as I’ve listed, or change as needed.
- Should privilege separation be used? <yes>
- Should this script attempt to create a new local account ‘sshd’? <yes>
- Do you want to install sshd as a service? <yes>
- Enter the value of CYGWIN for the daemon <> (this is the service name)
- Do you want to use a different name (privileged acct cyg_server) <no>
- Create new privileged user account ‘cyg_server’? <yes>
- Please enter the password? [your choice]
- Reenter the password
- Setup is complete. Enter net start sshd at the prompt to start the service.
Users & Groups
By default, all local groups and local users will be added to C:\Cygwin\etc\group and C:\Cygwin\etc\passwd, respectively. You can add additional local groups (created after Cygwin install/sshd configuration by using the following command at the Cygwin Bash Shell prompt:
- mkgroup -l -g “Group Name” >> /etc/group
You can also add domain-based groups with:
- mkgroup -d -g “Group Name” >> /etc/group
Add additional local or domain-based users in much the same way:
- mkpasswd -l -u “username” >> /etc/passwd
- mkpasswd -d -u “username” >> /etc/passwd
Home Directories
By default, all users you add to the passwd file (or users present during initial configuration), will be mapped to /home/username (within Cygwin Bash Shell), or C:\Cygwin\home\username in Windows.
If you wish to change the home directory for a particular user, then use a text editor to edit the home directory path in /etc/passwd. If you wish to point the user’s home directory to another folder within Windows, then you must use Cygwin’s cygdrive to do so. As an example, the C:\ drive is known to Cygwin as /cygdrive/c. The D:\ drive is /cygdrive/d, and so on. If you want to set the home directory to point to D:\directory, then the appropriate home directory path is /cygdrive/d/directory. Save and close /etc/passwd when you are done.
Testing
If you’ve made any changes to /etc/group, or /etc/passwd, then you’ll want to restart the sshd service for the changes to take effect. If not, make sure you’ve started the sshd service before moving forward with verifying that everything works as expected.
Fire up your favorite SFTP capable client (I prefer FileZilla or WinSCP), and point it towards your new SFTP server. Be sure to use a user whose group exists in /etc/group, and is listed in /etc/passwd.