Buy from the highest-rated provider   Buy DigiCert Certificate x

How to set up OpenSSH on Windows

Rob Bruder from Broadband Antenna Tracking Systems shared the steps that he followed to install OpenSSH with FIPS compliant OpenSSL using CYGWIN on a Windows XP machine:

  1. Download Cygwin/x from http://cygwin.com/
  2. Install it making sure to install the  following packages
    1. Make
    2.  g++ compiler
    3. Zlib
    4. Cygrunsrv
    5. perl
  3. Download the OpenSSH Tarball file form www.openssh.org
  4. Unpackage the OpenSSH tarball to your /cygwin/usr/local.
  5. Download the OpenSSL Fips 140-2 Tarball file from www.openssl.org
  6. Unpackage the open OpenSSL  tarball to your /cygwin/usr/local directory
  7. Add Cygwin/Bin Directory to Environment Variables
  8. Run cygwin
  9. Navigate to the Open SSL directory by running
    1. cd usr/local/openSSL
  10. Configure the OpenSSL  project
    1. ./configure BSD-generic32  fipscanisterbuild
  11. Make the OpenSSL Install
    1. make install
  12. Navigate to the Open SSH Directory
    1. cd  /usr
    2. cd /local
    3. cd  /openSSH
  13. Configure the OpenSSH project
    1. ./configure –with-ssl-dir=/usr/local/ssl/fips-1.0
  14. Register the SSH Service
    1. cygrunsrv --install sshd --path '/usr/local/sbin/sshd' --env 'PATH=/bin;/sbin' --env 'CYGWIN=ntsec tty' -a -D
  15. Configure User Accounts
    1. To create a cygwin user create a user in windows then execute mkpasswd –l  >/etc/passwd from the bash command line IIRC.
    2.  mkdir /var/empty
    3.  chown SYSTEM /var/empty
    4.  chmod 755 /var/empty

      755 means read and execute access for everyone and also write access for the owner of the file

    5.  groupadd sshd                
    6.  useradd -g sshd -c 'sshd privsep' -d /var/empty -s /bin/false sshd
  16. Make the OpenSSH Install
    1. make install

Originally posted on Sat Apr 3, 2010