Closed
Bug 792456
Opened 13 years ago
Closed 12 years ago
setup ssh on Windows 8
Categories
(Infrastructure & Operations :: RelOps: General, task, P3)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: arich, Assigned: q)
References
Details
(Whiteboard: [reit-win8])
Attachments
(1 file)
51.83 KB,
text/html
|
Details |
Based on conversation in email, it sounds like we do not have a complete set of requirements for automating the windows 8 testers. Specifically, there's some question about which ssh/scp server should be used. Armen, could you modify one of the HPs running w8 to test out which ever ssh/scp server releng would like to use and let us know what works for you? We can then automate that process with whatever software you specify.
I know that the current windows machines are using kpyM-sshd, but you seem to indicate interest in copssh (I'm not sure what the desire to switch is motivate by). If you decide on copssh, I'm sure we can obtain a license for that since it's only $400 for unlimited use. Is the desire also to use a different ssh server on the other platforms moving forward?
Comment 1•13 years ago
|
||
(In reply to Amy Rich [:arich] [:arr] from comment #0)
> Based on conversation in email, it sounds like we do not have a complete set
> of requirements for automating the windows 8 testers. Specifically, there's
> some question about which ssh/scp server should be used. Armen, could you
> modify one of the HPs running w8 to test out which ever ssh/scp server
> releng would like to use and let us know what works for you? We can then
> automate that process with whatever software you specify.
>
I will.
>
> I know that the current windows machines are using kpyM-sshd, but you seem
> to indicate interest in copssh (I'm not sure what the desire to switch is
> motivate by). If you decide on copssh, I'm sure we can obtain a license for
> that since it's only $400 for unlimited use. Is the desire also to use a
> different ssh server on the other platforms moving forward?
kpyM-sshd seems to have stopped development [1].
it does not allow us to ssh into the machine without having to type a password.
We cannot scp files into a Windows host.
We cannot execute commands remotely (e.g. ssh host "command")
[1] http://www.kpym.com/2/kpym/download.htm
Priority: -- → P2
fwiw, I've had success with cygwin's sshd, but that was most recently with win2k. The setup instructions have to be followed carefully to get all the windows permissions correct, but scp & ssh both worked "just like *nix"
Whiteboard: [reit-win8]
Comment 3•13 years ago
|
||
I have dropped pursuing copSSH on Windows 8.
I have 2 machines for others to try if you would like.
Here are the steps I followed:
* production-opsi.build.mozilla.org:~cltbld/Copssh_4.4.0_Installer.zip
* as Administrator, install in default location
* C:\Program Files (x86)\ICW\bin\copsshcp.exe to start the GUI
** Users tab, add both cltbld and Administrator, then Apply
** copy the authorized_keys file from another host into C:\Program Files\ICW\home\cltbld\.ssh
Comment 4•13 years ago
|
||
I have managed to install Bitvise SSH Server.
I have not managed to install CygWin + OpenSSH
The problem is that is pricey, does not have rsync (not a blocker), I cannot determine how often they release.
The advantage is that it meets what I believe are our must:
* password less login
* scp
It integrates better than copSSH on Windows XP as far as I can tell.
################################################
== CygWin + OpenSSH ==
NOTE: I could not get it going. Perhaps someone else is luckier.
This instructions [1] might be for older versions since tty ntsec was complaining.
I was getting "Error 1069: The service did not start due to a logon failure" (IIRC) when running "cygrunsrv -S sshd"
* Using reading this http://www.noah.org/ssh/cygwin-sshd.htm
* The most recent version of the Cygwin DLL is 1.7.16-1.
** Install it by running setup.exe.
* Select installation from the internet
* You have to choose one of the mirrors
* search for the following packages
** openssh 6.1p1-1
** cygrunsrv 1.40-2
* click "Next" all the way
* run the Cygwin terminal as "Administrator"
** a cyg_server user gets created and you have to give it a password
NOTE: end of the notes as I did not succeed
################################################
== Bitvise SSH Server ==
Bitvise SSH Server installer - version 5.56, size 7.7 MB
* http://dl.bitvise.com/BvSshServer-Inst.exe
* Install all the defaults
* Once the installation finishes you will see an "easy settings" with 3 tabs.
* On the 2nd tab, add "cltbld" and import the keys
** import from "authorized_keys" from another slave
** NOTE: Placing the file directly on C:\Users\cltb\.ssh does not seem to do the trick
* Open the admin interface (C:\Program Files\Bitvise SSH Server\BssCtrl.exe)
** Click on "Activity tab"
** Click on hyperlink besides "Popup notifications" and select "Never".
*** Otherwise SSH activity would show up on the desktop and could interfere with tests
### Features ###
* password less login works
* scp file cltbld@10.12.40.72:/c/Users/cltbld works (no password)
* Scriptable configuration with BssCfg is available and .vbs
** http://www.bitvise.com/files/WinsshdCfgManip.txt
** http://www.bitvise.com/files/WinsshdCfgManip-PubKey.txt
** http://www.bitvise.com/ssh-server-guide-scriptable
** http://www.bitvise.com/ssh-server-guide-advanced
### Disadvantage ###
* it is pricey $99.95
* it does not seem to support rsync
Armens-MacBook-Air:tools armenzg$ rsync ~/moz/temp cltbld@10.12.40.72:/c/Users/cltbld
'rsync' is not recognized as an internal or external command,
operable program or batch file.
rsync: connection unexpectedly closed (0 bytes received so far) [sender]
rsync error: error in rsync protocol data stream (code 12) at /SourceCache/rsync/rsync-42/rsync/io.c(452) [sender=2.6.9]
I get a different error when trying to start sshd within cygwin:
KWierso@KWWin8Dell ~
$ cygrunsrv -S sshd
cygrunsrv: Error starting a service: QueryServiceStatus: Win32 error 1062:
The service has not been started.
Comment 6•13 years ago
|
||
KWierso, that's right. I think that is the error I was getting. I think I got the next error when I tried using "cltbld" instead of "cyg_server" user.
FTR the criteria I'm using is:
* does it allow password-less login?
* can we scp files into it? (password-less)
* does it inherit the PATH set on the system?
* can I use mozilla-build tools? (e.g. wget, rm, mv, ls, cp, vim, etc)
* can I reboot the host? (shutdown -f -r -t 0)
* changing the password of "cltbld" does not affect the password-less login
* password-less login is managed through ~/.ssh/authorized_keys
I don't see this as a blocker
* rsync support
Bitvise meets all of that criteria.
WRT to Bitvise I see it recommended at the top of this stackoverflow thread:
http://stackoverflow.com/questions/18292/what-are-some-good-ssh-servers-for-windows
* I have also noticed that we can export the settings which means we could import it
* Instead of adding "cltbld" + importing the keys; I have removed it and added the feature "Advanced settings > Access control > Synchronize with authorized_keys."
** I believe this means that it will read authorized_keys rather than maintaining its own internal
** This requires placing authorized_keys under C:\Users\cltbld\.ssh
* I have also found that there is wiki documentation: http://www.bitwiseim.com/wiki/index.php?title=BitWise_DocuWiki
Updated•13 years ago
|
Priority: P2 → P3
Updated•13 years ago
|
Assignee: armenzg → nobody
Comment 7•12 years ago
|
||
dustin: I didn't see an IT bug for ssh so I'm reusing this.
I will also follow up with Q to see when we can get into it.
Assignee: nobody → server-ops-releng
Component: Release Engineering: Machine Management → Server Operations: RelEng
OS: Mac OS X → Windows 8
QA Contact: armenzg → arich
Summary: choose ssh/scp server for windows 8 → setup ssh on Windows 8
Reporter | ||
Updated•12 years ago
|
Assignee: server-ops-releng → q
FreesshD will wokr and I have a working test. However, when using shared keys the user operates as "SYSTEM" not as the user. If NT authentication is used (password required) things work as expected. I have setup bitvise and got it to work however, there are licensing costs for anything outside of "personal" or non profit use. A site license for bitvise is $10,000
After conversations with Armen It looks like our best option for a quick setup that will meet the majority of needs is kypM-ssh. I have a method of deploying it and setting up key and user authentication with it for the cltbld user. We already own a license for this product and it operates within user security context. I am going to have Armen this on one of the slaves as soon as I track down the key pair for the cltbld user.
Assignee | ||
Comment 10•12 years ago
|
||
kypM-ssh now has an install that is ready to go out via gpo Files_sshd_testers. The files will live in c:\program files\KTS on the slaves. The current cltbld authorized_keys file has been run through a simple python script that creates a publickey_logon.ini file that gets distributed to c:\program files\KTS\ . This allow the same key based access as the Linux slaves for the cltbld users. This process will need to be automated in the near future but for now a new file can be generated with fair ease and setup for distribution.
Assignee | ||
Comment 11•12 years ago
|
||
Things to keep in mind for the next revolution of ssh on windows:
* SCP
* Non interactive shell support ( ssh direct command line)
* Automation, automation, automation
Assignee | ||
Comment 12•12 years ago
|
||
Per Armen's go ahead SSH is deploying on win 8 now. This will also deploy to the ix win 7 setup as well.
Assignee | ||
Comment 13•12 years ago
|
||
Known issue if users have thier ssh clients setting ServerAliveInterval set users will experience very short timeouts
Assignee | ||
Comment 14•12 years ago
|
||
SSH is now deployed on all Windows 8 domain machines with authorized keys. I will be attaching the somewhat complicated GPO to this bug.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Assignee | ||
Comment 15•12 years ago
|
||
Updated•12 years ago
|
Component: Server Operations: RelEng → RelOps
Product: mozilla.org → Infrastructure & Operations
You need to log in
before you can comment on or make changes to this bug.
Description
•