freeSSHd

Update 2013 - Inability to initiate Unison from a Mac to a Windows XP computer is a bug in freeSSHd. When I switched to Bitvise's WinSSHD on the Windows platform, all works well.

Setting up freeSSHd Server on Windows XP

Trying to get freeSSHd on Windows accepting connects from my Mac with key pairs instead of passwords, I found "step by step" guides that caused me grief for 3 days because their steps set up things I didn't want or assumed I had things set up in certain ways already.
Working through the situation I have, here's what I figured out so far...

The Windows server gets to keep the public key, and freeSSHd has to know where to find it. Many ssh servers (like the Mac) pile all the public keys into the authorized_key file. freeSSHd instead puts all the public keys into a common directory, and keeps a separate file for each username. The key file name must match the user name (no extension) in order for freeSSHd to find it when a client tries to connect with that username. Appending multiple openSSH formatted public keys into a single file seems to work.
The client has the private key. FreeSSHd can create private keys or other private keys can be imported on the SSH tab of the program. It's not clear to me what these option fields are for. Why is the server doing private keys when it should be happy with just the public key? freeSSHd offers no tool to make just the public key that freeSSHd will use; this seems wierd. Move the private key pair from the freeSSHd computer to the client, which is where it should have been from the beginning. I can't get freeSSHd to work with keys made by Mac OSX 10.6.2 command line ssh-keygen. The result is I have separate private keys on the Mac to match each of the freeSSHd Windows server computers I want to talk to. Yuk.
I used PuTTYgen.exe to make PuTTY (OpenSSH) format matching keys. Use the cut-n-paste method to get the public key and put it into whatever directory the freeSSHd Authentication tab points to, with a filename matching the username in the Users tab. Use puttygen's Conversions, Export option to export an private OpenSSH format key. Remember, put the private key on the other client computer calling freeSSHd. Is it possible that the server must generate the pairs and then distribute the private key to each caller who will use the server? This is backwards from the normal paradigm, where private key pair is generated on the client, and the public key is uploaded to the server.
When the {username} key file is removed from the freeSSHd app directory, freeSSHd will not allow connects. Put it back, and it works again. So why does it need its own generated private keys (DSA/RSA) in its root directory named as keys in the option fields? It errors if they're not named, but apparently they're not used.

Once freeSSHd is allowing connections

SFTP directory in freeSSHd must be named - Because I don't have $HOME defined, it errors if a directory is not named here.
freeSSHd server can spawn a command shell on the Windows computer. Rather than just run cmd.exe, try setting the environment a bit more conveniently:

C:\WINDOWS\system32\cmd.exe K "cd C:\Documents and Settings\{usernamehome} & set HOME=C:\Documents and Settings\{usernamehome}"

As you move keys around from one computer to the other, and build up a collection of public keys on a server, it's sometimes convenient to find which key is which. You can find fingerprints of public keys on linux/Mac:

onmac$ ssh-keygen -lf {keyfile}

Clients to use with freeSSHd

Bitvise Tunnelier has a nice SFTP interface, but transfers only files, not directories. I generated a non-password key by exporting the public key from Bitvise Tunnelier and then copying the text from the file into a file {username} in the Program Files\freeSSHd directory of the new SSH server. This also works if there are multiple OpenSSH format keys in the {username} file on the server. Bitvise also exports the private key and WinSCP imports it after converting to PuTTY (SSH2) format with puttygen.exe.
WinSCP seems to work well as a client. In order to access the x200 SSH server, I generated a private key pair using freeSSHd (RSAKey.ppk) on the x200, and then imported the private key pair into WinSCP after puttygen.exe converted it into a PuTTY format. When accessing the barnnorth freeSSHd server, I created and exported a private key from Bitvise and imported into the client WinSCP. Either Bitvise or WinSCP then exported the public key which I uploaded to barn north.
SSH Secure Shell is what I use when Unison must bring up a client SSH to call the SSH freeSSHd server to spawn Unison; other clients don't work with Unison. However, the SSH authentication doesn't work. I can't figure out how to import a private key pair into SSH Secure Shell, and can't figure out how to import a public key into freeSSHd.

Using freeSSHd as a Windows Service

If you run freeSSHd as a WinXP service instead of a user startup program, it will sometimes not offer the client a command line. Maybe this is a bug. If it does offer a command line to the client, it will be the C:\windows\system32> directory, without the context of your normal user account. For example, your environment variable "HOME" is not set as required by Unison to find it's .unison directory. If you start freeSSHd with your Startup menu folder, it will offer the client a command line with context of the user who started the program.

However.. there is a work around. Read about the command shell overview. Edit the C:\Program Files\freeSSHd\FreeSSHDService.ini file and change the line
SSHCMD=C:\WINDOWS\system32\cmd.exe
to read
SSHCMD=C:\WINDOWS\system32\cmd.exe /K "cd \whatever\directory\you\want & set home=\Documents and Settings\username"

I've read several people write fearfully about using freeSSHd as a Windows service. I don't think there is anything to be afraid of. To manage the windows service, right click on the "My Computer" icon, choose Manage, Services and Applications, Services. Double click on the name "FreeSSHDService" and start/stop or chagne whatever. To totally delete the service, go to a Windows command line and type:

sc delete FreeSSHDService

While you're at it, you might as well delete all the other unnecessary services.

If you have any questions or comments, feel free to pop me an email.

Created by brian. Last Modification: Sunday 18 of August, 2013 15:22:54 CDT by brian.