Closed Bug 792456 Opened 13 years ago Closed 12 years ago

setup ssh on Windows 8

Categories

(Infrastructure & Operations :: RelOps: General, task, P3)

Product:
Infrastructure & Operations
Component:
RelOps: General
Platform:
x86
Windows 8
Type:
task

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: arich, Assigned: q)

References

Details

(Whiteboard: [reit-win8])

Attachments

(1 file)

Files_sshd_testers GPO for deploying SSHD to windows
51.83 KB, text/html
Details
Based on conversation in email, it sounds like we do not have a complete set of requirements for automating the windows 8 testers. Specifically, there's some question about which ssh/scp server should be used. Armen, could you modify one of the HPs running w8 to test out which ever ssh/scp server releng would like to use and let us know what works for you? We can then automate that process with whatever software you specify. I know that the current windows machines are using kpyM-sshd, but you seem to indicate interest in copssh (I'm not sure what the desire to switch is motivate by). If you decide on copssh, I'm sure we can obtain a license for that since it's only $400 for unlimited use. Is the desire also to use a different ssh server on the other platforms moving forward?
(In reply to Amy Rich [:arich] [:arr] from comment #0) > Based on conversation in email, it sounds like we do not have a complete set > of requirements for automating the windows 8 testers. Specifically, there's > some question about which ssh/scp server should be used. Armen, could you > modify one of the HPs running w8 to test out which ever ssh/scp server > releng would like to use and let us know what works for you? We can then > automate that process with whatever software you specify. > I will. > > I know that the current windows machines are using kpyM-sshd, but you seem > to indicate interest in copssh (I'm not sure what the desire to switch is > motivate by). If you decide on copssh, I'm sure we can obtain a license for > that since it's only $400 for unlimited use. Is the desire also to use a > different ssh server on the other platforms moving forward? kpyM-sshd seems to have stopped development [1]. it does not allow us to ssh into the machine without having to type a password. We cannot scp files into a Windows host. We cannot execute commands remotely (e.g. ssh host "command") [1] http://www.kpym.com/2/kpym/download.htm
Priority: -- → P2
fwiw, I've had success with cygwin's sshd, but that was most recently with win2k. The setup instructions have to be followed carefully to get all the windows permissions correct, but scp & ssh both worked "just like *nix"
Whiteboard: [reit-win8]
I have dropped pursuing copSSH on Windows 8. I have 2 machines for others to try if you would like. Here are the steps I followed: * production-opsi.build.mozilla.org:~cltbld/Copssh_4.4.0_Installer.zip * as Administrator, install in default location * C:\Program Files (x86)\ICW\bin\copsshcp.exe to start the GUI ** Users tab, add both cltbld and Administrator, then Apply ** copy the authorized_keys file from another host into C:\Program Files\ICW\home\cltbld\.ssh
I have managed to install Bitvise SSH Server. I have not managed to install CygWin + OpenSSH The problem is that is pricey, does not have rsync (not a blocker), I cannot determine how often they release. The advantage is that it meets what I believe are our must: * password less login * scp It integrates better than copSSH on Windows XP as far as I can tell. ################################################ == CygWin + OpenSSH == NOTE: I could not get it going. Perhaps someone else is luckier. This instructions [1] might be for older versions since tty ntsec was complaining. I was getting "Error 1069: The service did not start due to a logon failure" (IIRC) when running "cygrunsrv -S sshd" * Using reading this http://www.noah.org/ssh/cygwin-sshd.htm * The most recent version of the Cygwin DLL is 1.7.16-1. ** Install it by running setup.exe. * Select installation from the internet * You have to choose one of the mirrors * search for the following packages ** openssh 6.1p1-1 ** cygrunsrv 1.40-2 * click "Next" all the way * run the Cygwin terminal as "Administrator" ** a cyg_server user gets created and you have to give it a password NOTE: end of the notes as I did not succeed ################################################ == Bitvise SSH Server == Bitvise SSH Server installer - version 5.56, size 7.7 MB * http://dl.bitvise.com/BvSshServer-Inst.exe * Install all the defaults * Once the installation finishes you will see an "easy settings" with 3 tabs. * On the 2nd tab, add "cltbld" and import the keys ** import from "authorized_keys" from another slave ** NOTE: Placing the file directly on C:\Users\cltb\.ssh does not seem to do the trick * Open the admin interface (C:\Program Files\Bitvise SSH Server\BssCtrl.exe) ** Click on "Activity tab" ** Click on hyperlink besides "Popup notifications" and select "Never". *** Otherwise SSH activity would show up on the desktop and could interfere with tests ### Features ### * password less login works * scp file cltbld@10.12.40.72:/c/Users/cltbld works (no password) * Scriptable configuration with BssCfg is available and .vbs ** http://www.bitvise.com/files/WinsshdCfgManip.txt ** http://www.bitvise.com/files/WinsshdCfgManip-PubKey.txt ** http://www.bitvise.com/ssh-server-guide-scriptable ** http://www.bitvise.com/ssh-server-guide-advanced ### Disadvantage ### * it is pricey $99.95 * it does not seem to support rsync Armens-MacBook-Air:tools armenzg$ rsync ~/moz/temp cltbld@10.12.40.72:/c/Users/cltbld 'rsync' is not recognized as an internal or external command, operable program or batch file. rsync: connection unexpectedly closed (0 bytes received so far) [sender] rsync error: error in rsync protocol data stream (code 12) at /SourceCache/rsync/rsync-42/rsync/io.c(452) [sender=2.6.9]
I get a different error when trying to start sshd within cygwin: KWierso@KWWin8Dell ~ $ cygrunsrv -S sshd cygrunsrv: Error starting a service: QueryServiceStatus: Win32 error 1062: The service has not been started.
KWierso, that's right. I think that is the error I was getting. I think I got the next error when I tried using "cltbld" instead of "cyg_server" user. FTR the criteria I'm using is: * does it allow password-less login? * can we scp files into it? (password-less) * does it inherit the PATH set on the system? * can I use mozilla-build tools? (e.g. wget, rm, mv, ls, cp, vim, etc) * can I reboot the host? (shutdown -f -r -t 0) * changing the password of "cltbld" does not affect the password-less login * password-less login is managed through ~/.ssh/authorized_keys I don't see this as a blocker * rsync support Bitvise meets all of that criteria. WRT to Bitvise I see it recommended at the top of this stackoverflow thread: http://stackoverflow.com/questions/18292/what-are-some-good-ssh-servers-for-windows * I have also noticed that we can export the settings which means we could import it * Instead of adding "cltbld" + importing the keys; I have removed it and added the feature "Advanced settings > Access control > Synchronize with authorized_keys." ** I believe this means that it will read authorized_keys rather than maintaining its own internal ** This requires placing authorized_keys under C:\Users\cltbld\.ssh * I have also found that there is wiki documentation: http://www.bitwiseim.com/wiki/index.php?title=BitWise_DocuWiki
Priority: P2 → P3
Assignee: armenzg → nobody
No longer blocks: 780050
Blocks: 780050
dustin: I didn't see an IT bug for ssh so I'm reusing this. I will also follow up with Q to see when we can get into it.
Assignee: nobody → server-ops-releng
Component: Release Engineering: Machine Management → Server Operations: RelEng
OS: Mac OS X → Windows 8
QA Contact: armenzg → arich
Summary: choose ssh/scp server for windows 8 → setup ssh on Windows 8
Assignee: server-ops-releng → q
FreesshD will wokr and I have a working test. However, when using shared keys the user operates as "SYSTEM" not as the user. If NT authentication is used (password required) things work as expected. I have setup bitvise and got it to work however, there are licensing costs for anything outside of "personal" or non profit use. A site license for bitvise is $10,000
After conversations with Armen It looks like our best option for a quick setup that will meet the majority of needs is kypM-ssh. I have a method of deploying it and setting up key and user authentication with it for the cltbld user. We already own a license for this product and it operates within user security context. I am going to have Armen this on one of the slaves as soon as I track down the key pair for the cltbld user.
Blocks: 798170
kypM-ssh now has an install that is ready to go out via gpo Files_sshd_testers. The files will live in c:\program files\KTS on the slaves. The current cltbld authorized_keys file has been run through a simple python script that creates a publickey_logon.ini file that gets distributed to c:\program files\KTS\ . This allow the same key based access as the Linux slaves for the cltbld users. This process will need to be automated in the near future but for now a new file can be generated with fair ease and setup for distribution.
Things to keep in mind for the next revolution of ssh on windows: * SCP * Non interactive shell support ( ssh direct command line) * Automation, automation, automation
Per Armen's go ahead SSH is deploying on win 8 now. This will also deploy to the ix win 7 setup as well.
Known issue if users have thier ssh clients setting ServerAliveInterval set users will experience very short timeouts
SSH is now deployed on all Windows 8 domain machines with authorized keys. I will be attaching the somewhat complicated GPO to this bug.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Component: Server Operations: RelEng → RelOps
Product: mozilla.org → Infrastructure & Operations
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: