At the end of the installation, the installation software displays the message below:

After the installation, I clicked on Start, selected All Programs, then COPSSH, then Activate a User.

I selected a user and then proceeded to the next step where I typed in a passphrase, which is used to protect the private key for the account.

I then clicked on the Activate button, which produced the message below.

I selected the "This program installed correctly" option.

Since the system was using the firewall capability built into Windows Vista, I then clicked on the Start button, selected Control Panel, then Security then Windows Firewall, and then Change Settings.

I clicked on the Exceptions tab and then selected Add Port. At the Add Port window, I specified copSSH as the name for the firewall port and the default SSH port, which is port 22. SSH uses the TCP protocol.

I clicked on Ok and then OK again to create the firewall rule for copSSH. I was then able to use PuTTY to log into the system from another system.

If you would like to use another port other than the default port of 22, you need to edit the sshd_config file, which you will find within the etc directory beneath the directory in which you installed copSSH, e.g. \Program Files\copSSH\etc\sshd_config.

I suggest editing the file with WordPad rather than Notepad, because WordPad can handle the end of line characters used in the file so that each line appears one beneath the other rather than all lines appearing as one long line as they will in Notepad. WordPad can deal with the end of line character used on Unix and Linux systems better than Notepad. The file uses the linefeed character common for files on Unix and Linux systems rather than the combination of carriage return and linefeed characters that Microsoft Windows uses.

To change the port, locate the line below. Remove the "#" from the beginning of the line, which turns the line into a comment line. Then replace 22 with whatever number you wish to use for the port.

#Port 22

When you've changed the port, you will need to restart the SSH server service, which you can do by rebooting or simply stopping and restarting the service. To stop and restart the service from the command line, obtain a command prompt. If you aren't logged into an administrator account, you can use the command runas /user:administrator cmd from a command prompt to open another command prompt window under the administrator account.

C:\>net stop "Openssh SSHD"
The Openssh SSHD service is stopping.
The Openssh SSHD service was stopped successfully.


C:\>net start "Openssh SSHD"
The Openssh SSHD service is starting.
The Openssh SSHD service was started successfully.

You can verify copSSH is listening on the new port using the netstat command. E.g., if you set the port to 5622, you could use the command below:

C:\>netstat -an | find "5622"
  TCP    0.0.0.0:5622          0.0.0.0:0              LISTENING

[/os/windows/network/ssh/copssh] permanent link

When a scan is started, the following is displayed:

Scanning


Scanning all filesystems mounted under /mnt/scan/ directory.
The results of the scan will be saved in /tmp/scan_results.txt

Alt-F1 This screen.
Alt-F5 To see details of files being scanned.
Alt-F6 To see any malware found.
Ctrl-C TO cancel scanning.

You can also use Alt-F2, Alt-F3, or Alt-F4 to get a shell prompt. I used Alt-F2 to obtain a shell prompt.

When a system is booted from the rescue CD, the hard drive on the system is mounted under /mnt/scan. In this case, the hard drive is an IDE drive designated as hda2 by Linux, which is the operating system used on the F-Secure Rescue CD. So I could store the log files, which are as follows, somewhere under /mnt/scan/hda2.

scan_error.txt
scan_log.txt
scan_results.txt

On this system there was a C:\TEMP directory, so I decided to store them there. You can see the directories on the hard drive using the ls command, e.g. ls /mnt/scan/hda2/.

Using the pico editor on the CD, I created a script, which I named rebootwin in the /tmp directory to automatically reboot the system after 9 hours, presuming that the scan of the system should certainly be completed within that time (it took about 3 hours).

root@tty2[/]# cd /tmp
root@tty2[tmp]# pico rebootwin

I put the following commands in the script:

#!/bin/bash
date
sleep 9h
cp scan*.txt /mnt/scan/hda2/TEMP/.
reboot

The script prints the date and time and then "sleeps" for 9h. When that amount of time has elapsed, it copies the log files from the scanning process from the /tmp directory to the C:\TEMP directory on the system's hard drive. The system is then rebooted. If the system is set to boot from the hard drive first, rather than a CD-ROM drive, it will boot into Windows from the hard drive. If the system's BIOS is set to attempt to boot the system first from a CD in a CD-ROM drive, it will reboot from the F-Secure Rescue CD, but, unless a key is hit within a few seconds, it will not continue with a reboot into the antivirus scanning software, but will instead boot from the system's hard drive.

I saved the script with Ctrl-X and then made the script executable with the chmod command. I then started the script with ./rebootwin.

root@tty2[tmp]# chmod 755 test
root@tty2[tmp]# ./rebootwin
Sat Sep 13 23:52:46 UTC 2008

The next morning, I was able to check the results of the scanning process by examing the log files on the system's hard drive.

[/security/antivirus/f-secure] permanent link