FAQs

Copssh stops to work after a Windows update

The problem can be related to address changes of Windows DLLs after a Windows update operation. That behaviour may create collisions for more static Cygwin DLLs, especially in a 32-bit environment. We suggest to reboot the system as a first measure. You may need to install Copssh again by using our recipe which allows to keep an existing configuration intact. Consider to install the 64-bit version (available only in the product edition) if the problem still persists.

view
How can I activate users/groups and set up public keys ?

 Activating users/groups can be done in multiple ways:

  • Using AllowUsers/AlowGroups directives globally - requires that user does have a Windows profile directory 

  • Create a match block for a specific user/group (you can use directory isolation to specify a specific directory instead of user profile directory)

 

 

Copying public key can be done via Tools -> Copy public key. It uses the tool ssh-copy-id. You can use localhost to contact the copssh server.

 

view
How can I make a clean install without losing the existing setup ?

 In some situations, it may be necessary to make a clean install to make an upgrade work. You can do it by following steps below:

  • Backup your host keys in etc directory (etc/ssh_host*)
  • Uninstall the existing version of Copssh
  • Remove remnants of the installation directory except home directories if they exist
  • Make sure that the service account and the sshd account are removed
  • Install new Copssh
  • Restore host keys back to etc directory
  • Start Copssh Control Panel and verify that the service is running
  • Activate your users again and specify their existing home directories as the home directory during the activation
view
How can I run Openssh daemon in debug mode ?

  • Sometimes it may be necessary to see directly how the openssh daemon reacts to startup or connection requests, to be able to locate daemon-related problems. 

     

    • Stop Openssh SSHD (system name:OpenSSHServer) service
    • Right click Start a Unix Bash Shell from Copssh start menu (assuming that you have admin privileges)
    • Enter the following command from the bash prompt:

    /bin/sshd -p <listening port> -D -d -e

    This will start openssh daemon in standalone debug mode and messages will be displayed on the screen. You may specify up to three -d for increased output verbosity.

    • Try to initate a putty session and watch messages at the server side.
view
How do I access files/drives/resources outside the Copssh root directory?
    • Start a bash shell, locally or remotely
    • Change to the user's home directory if it is not already done
    • Link a directory or network share to a local name by using ln command

Examples:

ln -s "/cygdrive/d/pub/" "pub"

 creates a link from D:\pub to pub in the user's home directory.

 ln -s "//myserver/netdata" "netdata"

 creates a link from \\myserver\netdata to netdata in the user's home directory.

Now, the user can use pub and netdata to access D:\pub and/or \\myserver\netdata respectively.

view
How do I improve the security of Copssh ?

  • Some recommendations (not all of them can be applicable in your case, no sorting by importance):
     

    Recommendation Benefits/Side effects How
    Change port 22 to something non-standard Reduces your vulnerability surface dramatically by taking a well-known parameter out of equation, not applicable if you have a general purpose server. Security by obscurity ? Yes. However, there are many script kiddies out there bombing port 22 wherever they find. Conf.file etc\sshd_configport
    Reduce the maximum number of concurrent unauthenticated con-
    nections    		 Reduces your vulnerability surface by allowing a smaller number of potentialy dangerous attacks simultaneously. Conf.file etc\sshd_configMaxStartups (default 10)
    Turn off authentication by password. Use public key authentication instead. Eliminates the most widely used technique of potential attacks: cracking passwords.

    Conf.file etc\sshd_configPasswordAuthentication no

    PubkeyAuthentication
    (default yes)
    Restrict access by host Use your firewall setting to limit hosts authorized for access

     
    Restrict access by user/group  

    Conf.file etc\sshd_config:

    AllowUsers
    AllowGroups
view
Why is it called copssh?

  • I am fond of fancy and short names :-))

     

    Cygwin + OPENSSH is a qualified guess !!

view

Release announcements

more