The problem can be related to address changes of Windows DLLs after a Windows update operation. That behaviour may create collisions for more static Cygwin DLLs, especially in a 32-bit environment. We suggest to reboot the system as a first measure. You may need to install Copssh again by using our recipe which allows to keep an existing configuration intact. Consider to install the 64-bit version (available only in the product edition) if the problem still persists.
FAQs
Activating users/groups can be done in multiple ways:
- Using AllowUsers/AlowGroups directives globally - requires that user does have a Windows profile directory
- Create a match block for a specific user/group (you can use directory isolation to specify a specific directory instead of user profile directory)
Copying public key can be done via Tools -> Copy public key. It uses the tool ssh-copy-id. You can use localhost to contact the copssh server.
In some situations, it may be necessary to make a clean install to make an upgrade work. You can do it by following steps below:
- Backup your host keys in etc directory (etc/ssh_host*)
- Uninstall the existing version of Copssh
- Remove remnants of the installation directory except home directories if they exist
- Make sure that the service account and the sshd account are removed if they exist
- Install new Copssh
- Restore host keys back to etc directory
- Start Copssh Control Panel and verify that the service is running
- Activate your users again and specify their existing home directories as the home directory during the activation
Copssh 8 syslog daemon writes log messages to /var/log/messages as default. You may need to introduce a log rotation scheme to keep growth of that file under control.
You can use the recipe below to use our free tool logwot8 for that purpose.
- Install logwot8 to a separate directory
- Edit the configuration file logwot8.conf according to your requirements. The example below will rotate the log file weekly by keeping last 12 weeks of log activiy in compressed files. See documentation for more options.
# Remember cygwin path conventions: 'c:\work' becomes '/cygdrive/c/work'
compress
create
"/cygdrive/c/copssh_x64/var/log/messages {
rotate 12
weekly
}
- Create a Windows scheduled task running the batch file logwot8.cmd weekly.
-
Sometimes it may be necessary to see directly how the openssh daemon reacts to startup or connection requests, to be able to locate daemon-related problems.
- Stop Openssh SSHD (system name:OpenSSHServer) service
- Right click Start a Unix Bash Shell from Copssh start menu (assuming that you have admin privileges)
- Enter the following command from the bash prompt:
/bin/sshd -p <listening port> -D -d -e
This will start openssh daemon in standalone debug mode and messages will be displayed on the screen. You may specify up to three -d for increased output verbosity.
- Try to initate a putty session and watch messages at the server side.
- Start a bash shell, locally or remotely
- Change to the user's home directory if it is not already done
- Link a directory or network share to a local name by using ln command
Examples:
creates a link from D:\pub to pub in the user's home directory.
ln -s "//myserver/netdata" "netdata"
creates a link from \\myserver\netdata to netdata in the user's home directory.
Now, the user can use pub and netdata to access D:\pub and/or \\myserver\netdata respectively.
-
Some recommendations (not all of them can be applicable in your case, no sorting by importance):
Recommendation Benefits/Side effects How Change port 22 to something non-standard Reduces your vulnerability surface dramatically by taking a well-known parameter out of equation, not applicable if you have a general purpose server. Security by obscurity ? Yes. However, there are many script kiddies out there bombing port 22 wherever they find. Conf.file etc\sshd_config: port Reduce the maximum number of concurrent unauthenticated con-
nectionsReduces your vulnerability surface by allowing a smaller number of potentialy dangerous attacks simultaneously. Conf.file etc\sshd_config: MaxStartups (default 10) Turn off authentication by password. Use public key authentication instead. Eliminates the most widely used technique of potential attacks: cracking passwords. Conf.file etc\sshd_config: PasswordAuthentication no
PubkeyAuthentication
(default yes)Restrict access by host Use your firewall setting to limit hosts authorized for access Restrict access by user/group Conf.file etc\sshd_config:
AllowUsers
AllowGroups
-
I am fond of fancy and short names :-))
Cygwin + OPENSSH is a qualified guess !!
Featured product
Free Software Highlights
Release Announcements
- 2024-11-17 OpenSSL tool 2.0.1
- 2024-11-17 Winrpe 5.6.0
- 2024-11-17 Wrbldnsd 5.0.2