locked
Configuring OpenSSH. RRS feed

  • Question

  • Hello team!

      Two questions:

    1. How can I configure the OpenSSH service on W2K16 to use domain-integrated authentication?
    2. When connecting, how can I configure the OpenSSH service on W2K16 point to the 'c:\Windows\System32\cmd.exe' shell by default? This works 'ssh.exe root@192.168.0.6 c:\Windows\System32\cmd.exe', but most of people uses PUTTY.EXE.

    Thanks.


    Doria

    Monday, June 15, 2020 3:35 PM

Answers

  • Hi team!

      Coming here to inform that what worked was not the key in the registry, but rather the change in the configuration file 'sshd_config'.

    Subsystem 	powershell 	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NoProfile

    Thanks all!


    Doria

    • Marked as answer by dydoria Tuesday, June 30, 2020 1:25 AM
    Friday, June 19, 2020 9:59 PM

All replies

  • Sorry, I noticed that domain authentication is already working correctly. I believe it is native when the server already participates in the domain.


      So, only the second question remains.


    Doria

    Monday, June 15, 2020 7:04 PM
  • Hi,

    Please confirm that if the default shell configuration mentioned in below link is helpful:
    https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_server_configuration

    Best Regards,
    Eve Wang

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, June 16, 2020 9:00 AM
  • Thanks for your answer.

      The article is very good, but even after I set the value to the default shell, I still can't open a connection without entering the command. Is this the expected behavior?


    Doria

    Tuesday, June 16, 2020 10:49 PM
  • Hi team!

      Coming here to inform that what worked was not the key in the registry, but rather the change in the configuration file 'sshd_config'.

    Subsystem 	powershell 	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NoProfile

    Thanks all!


    Doria

    • Marked as answer by dydoria Tuesday, June 30, 2020 1:25 AM
    Friday, June 19, 2020 9:59 PM
  • Hi everyone!

      Back to the first question, could someone help me with the DenyUsers, AllowUsers, DenyGroups, and AllowGroups settings?

      I need to configure the following configuration: no local or domain users can access via SSH, except those belonging to the domain group called 'sshusers'. For this case, what would be the correct configuration to add to 'C:\ProgramData\ssh\sshd_config' file?


    Doria

    Friday, June 26, 2020 4:02 PM
  • Go to Control Panel > System and Security > Administrative Tools and open Services. Locate OpenSSH SSH Server service.
    If you want the server to start automatically when your machine is started: Go to Action > Properties. ...
    Start the OpenSSH SSH Server service by clicking the Start the service.
    Friday, June 26, 2020 4:10 PM
  • Sorry, I may not be clear enough.

      OpenSSH service is installed an working... I just need to configure it to not allow every user in domain to connect to the server using SSH protocol. So, how should I set the 'sshd_config' file to let only a specific domain group is my question.

    Thanks.


    Doria

    Monday, June 29, 2020 3:32 PM