Working with SSH and Secure FTP Servers in Windows
Windows offers some remote administration capabilities, like with Windows Powershell, ServerManager.exe, or a telnet server, but it doesn't offer native SSH (Secure Shell) or Secure FTP access.
- Navigating Your IT Career
- Exploring the Private Cloud for Your Organization
- IT Manager's Guide to Social Networking
The good news, though, is it's fairly easy to set up SSH and Secure FTP (SFTP) servers so that you can securely access the command prompt and files of remote PCs or servers. Example use cases for this include troubleshooting, maintenance, or transferring / sharing files when you're out of the office. You might even decide to set it up to do SSH tunneling to secure your Wi-Fi traffic when using hotspots.
While there are many SSH and SFTP server options available, here we'll discuss freeSSHd. FreeSSHd is a SSH and Telnet server that supports regular shell or command-line SSH access, SSH-based SFTP access (with command-line or GUI clients), and SSH-based tunneling (VPN-like functionality).
FreeSSHd is easy to install via a typical Windows installer. Do make sure though to create the private keys at the end of the installation, as they're needed for the encryption.
Once you open freeSSHd you'll find a system tray icon, which you can click to open the server settings. If you didn't create the private keys during the install go to the SSH tab and click New for the key(s). Otherwise, all you should have to do in order to get the server running is to create some users by clicking the Users tab.
To make your SSH server even more secure, consider forcing users to authenticate via their password plus a private key that they must have on their PC and configured in their client program when connecting.
If you know where remote connections to the server will be made — if it will always be from another office that has a static Internet IP, for example — you can also consider whitelisting the remote IP addresses to increase server security. To do this, simply click the Host Restrictions tab and enter in the IP addresses.
If you plan to use SFTP connections to transfer files, click the SFTP tab to designate a default path for users.
Testing the Server
Before opening the SSH port on your firewalls you can test the server by connecting from a client program on the same PC using the host address of localhost or the IP address of the PC. You can use standard SSH and SFTP clients like PuTTY, WinSCP or FileZilla.
Open the Firewall
In order to access the SSH server from other PCs the SSH port of 22 must be open in Windows Firewall or any other personal firewall you might have installed. You may have been alerted about allowing or disallowing access when you first ran freeSSHd. If not and you're unable to connect via SSH from other PCs, double-check the firewall settings.
And if you plan to connect to the SSH server via the Internet, the router and network the PC is connected to must be configured to allow the access. In routers you can use a virtual server or port forwarding setting to open SSH port 22 and forward traffic to the IP address of the PC hosting the SSH server.
Eric Geier is a freelance tech writer — keep up with his writings on Facebook. He's also the founder of NoWiresSecurity, a cloud-based Wi-Fi security service, and On Spot Techs, an on-site computer services company.
Read more on "Server Software Spotlight" »