FAQs

Copssh stops to work after a Windows update

The problem can be related to address changes of Windows DLLs after a Windows update operation. That behaviour may create collisions for more static Cygwin DLLs, especially in a 32-bit environment. We suggest to reboot the system as a first measure. You may need to install Copssh again by using our recipe which allows to keep an existing configuration intact. Consider to install the 64-bit version (available only in the product edition) if the problem still persists.

view
How can I activate users/groups and set up public keys ?

 Activating users/groups can be done in multiple ways:

  • Using AllowUsers/AlowGroups directives globally - requires that user does have a Windows profile directory 

  • Create a match block for a specific user/group (you can use directory isolation to specify a specific directory instead of user profile directory)

 

 

Copying public key can be done via Tools -> Copy public key. It uses the tool ssh-copy-id. You can use localhost to contact the copssh server.

 

view
How can I make a clean install without losing the existing setup ?

 In some situations, it may be necessary to make a clean install to make an upgrade work. You can do it by following steps below:

  • Backup your host keys in etc directory (etc/ssh_host*)
  • Uninstall the existing version of Copssh
  • Remove remnants of the installation directory except home directories if they exist
  • Make sure that the service account and the sshd account are removed if they exist
  • Install new Copssh
  • Restore host keys back to etc directory
  • Start Copssh Control Panel and verify that the service is running
  • Activate your users again and specify their existing home directories as the home directory during the activation
view
How can I rotate Copssh log file ?

 Copssh 8 syslog daemon writes log messages to  /var/log/messages as default. You may need to introduce a log rotation scheme to keep growth of that file under control.

You can use the recipe below to use our free tool logwot8 for that purpose.

  • Install logwot8 to a separate directory
  • Edit the configuration file logwot8.conf according to your requirements. The example below will rotate the log file weekly by keeping last 12 weeks of log activiy in compressed files. See documentation for more options.
# Remember cygwin path conventions: 'c:\work' becomes '/cygdrive/c/work'
compress
create

"/cygdrive/c/copssh_x64/var/log/messages {
    rotate 12
    weekly
}
  • Create a Windows scheduled task running the batch file logwot8.cmd weekly.
view
How can I run Openssh daemon in debug mode ?

  • Sometimes it may be necessary to see directly how the openssh daemon reacts to startup or connection requests, to be able to locate daemon-related problems. 

     

    • Stop Openssh SSHD (system name:OpenSSHServer) service
    • Right click Start a Unix Bash Shell from Copssh start menu (assuming that you have admin privileges)
    • Enter the following command from the bash prompt:

    /bin/sshd -p <listening port> -D -d -e

    This will start openssh daemon in standalone debug mode and messages will be displayed on the screen. You may specify up to three -d for increased output verbosity.

    • Try to initate a putty session and watch messages at the server side.
view
How do I access files/drives/resources outside the Copssh root directory?
    • Start a bash shell, locally or remotely
    • Change to the user's home directory if it is not already done
    • Link a directory or network share to a local name by using ln command

Examples:

ln -s "/cygdrive/d/pub/" "pub"

 creates a link from D:\pub to pub in the user's home directory.

 ln -s "//myserver/netdata" "netdata"

 creates a link from \\myserver\netdata to netdata in the user's home directory.

Now, the user can use pub and netdata to access D:\pub and/or \\myserver\netdata respectively.

view
How do I improve the security of Copssh ?

  • Some recommendations (not all of them can be applicable in your case, no sorting by importance):
     

    Recommendation Benefits/Side effects How
    Change port 22 to something non-standard Reduces your vulnerability surface dramatically by taking a well-known parameter out of equation, not applicable if you have a general purpose server. Security by obscurity ? Yes. However, there are many script kiddies out there bombing port 22 wherever they find. Conf.file etc\sshd_configport
    Reduce the maximum number of concurrent unauthenticated con-
    nections    		 Reduces your vulnerability surface by allowing a smaller number of potentialy dangerous attacks simultaneously. Conf.file etc\sshd_configMaxStartups (default 10)
    Turn off authentication by password. Use public key authentication instead. Eliminates the most widely used technique of potential attacks: cracking passwords.

    Conf.file etc\sshd_configPasswordAuthentication no

    PubkeyAuthentication
    (default yes)
    Restrict access by host Use your firewall setting to limit hosts authorized for access

     
    Restrict access by user/group  

    Conf.file etc\sshd_config:

    AllowUsers
    AllowGroups
view
Why is it called copssh?

  • I am fond of fancy and short names :-))

     

    Cygwin + OPENSSH is a qualified guess !!

view