Copssh 5.0.1

After encountering problems installing OpenSSH for Windows server software on later versions of Microsoft Windows (the last update to that software occurred a decade ago), I started using Copssh - OpenSSH for Windows to set up Windows Vista and Windows 7 systems as SSH servers, since it has worked well for me and is relatively inexpensive. I've also used the Bitvise SSH server software, but it is considerably more expensive if you need software that will be used in a busines environment rather than for personal use; it can be used for free for personal use. Copssh (Cygwin + OPenSSH) makes use of Cygwin and OpenSSH.

By installing SSH server software on a system, I can remotely connect to those systems for troubleshooting without interfering with the users' access to the systems. I.e., I don't need to take over the keyboard, mouse, and screen display as I would for many remote control programs, such as if I was using the Microsoft Remote Desktop Protocol or many commercial remote control programs. I can log into the system via SSH and enter commands at a command line prompt to diagnose problems on the system.

There is a free version of Copssh and also a paid version, which as of today, November 23, 2014, costs $35 per system, if purchased for less than 5 systems. For differences between the free and paid versions, see Copssh License/Version. These instructions are for the paid version, but the process of installation and configuration for the free version should be very similar.

After downloading and unzipping the software, to install it you will run either Copssh_5.0.1_x64_Installer.exe for installation on 64-bit Microsoft Windows systems or the Copssh_5.0.1_x86_Installer.exe program for 32-bit systems. The installation is via the Nullsoft Install System v2.46. When the setup wizard starts, it will suggest closing other open applications so that system files can be updated without rebooting the system after the installation.

Copssh 5.0.1 Setup Wizard

When you click on Next, you will be presented with the Copssh License Agreement (PDF, Txt). After clicking on I agree, you will be able to choose the install location for the software. The default installation directory is C:\Program Files\ICW.

The next window is the Service Account window which informs you that OpenSSH server will be set up as a windows service with the logon credentials that will be displayed for you. You can change the service account and/or its password, if you wish. When you click on the Install button the installation process will begin. At the successful completion of the installation, if you leave the "Run Copssh Control Panel" checkbox checked when you click on Finish at the completion window where you close the setup wizard, you can then configure the software to allow SSH logins for accounts on the system through the COPSSH Control Panel.

Copssh Control Panel

When the Control Panel opens, you should see "Service is running" next to a button with a large green sphere on it. If you ever need to stop the service, clicking on that button is a way to stop it.

If you want to change the TCP port on which the system listens for SSH connections from the default value of 22, click on the Configuration tab, then put the port you want to use in the "Listening port" field and click on Apply. You will then see a notice that "Configuration is changed. A service restart is required to make changes in effect." Click on OK. Copssh should then immediately start listening for connections on the new port you have specified. The port selected is stored in the file etc/sshd_config, which is Copssh's configurtion file, beneath the directory where you installed Copssh.

Copssh Control Panel Configuration

You can check that it is listening on the new port from a command prompt by using the netstat command. E.g., assuming you wished to have Copssh listen on port 22022, you could use the following command to verify that it is now listening on that port:

C:\>netstat -an | find "22022" | find "LISTENING"

  TCP    0.0.0.0:22022          0.0.0.0:0              LISTENING
  TCP    [::]:22022             [::]:0                 LISTENING

By default, the SSH File Transfer Protocol (SFTP) is enabled. If you wish to disable SFTP file transfers, you can click on the SFTP table and uncheck the "Enabled" check box.

Copssh Control Panel SFTP

You will need to click on the Users tab to add accounts that can log into the system via SSH.

Copssh Control Panel Users

When you click on the Add button, you will be presented with a Copssh User Activation window. At the Select a user window you can specify the domain (with the free version you can only provide access to local accounts on the system). Note, by default even with the paid version you will see the name of the computer in the Domain field, but you can put in the domain name, instead. If you put the name of the domain in the Domain field, you won't be able to select the user from a drop-down list as you can for a local account, but you can put the account name in the field below where the drop-down list would appear. Then click on the Forward button. Note: you can also put in a account name for a nonexistent account; there will be no warning and you will see the account listed under "Activated users" beneath the Users tab.

Copssh Select a user

At the Select Options window you can pick the type of access.

Copssh Select Options

The default is "Linux shell and sftp", but you have the following options:

Linux shell
Linux shell and sftp
Windows shell
Sftp
No shell access

Copssh Access Type

I usually select "Windows shell" to get a Windows command prompt.

When you proceed, you will then be presented with the options that will be set for the selected account and prompted to apply the selected options. There is also a note that "User names must be specified in lowercase during login. There is NO NEED to specify domain names."

Copssh Activation Confirmation

Click on the Apply button to activate the account for SSH logins.

Information for the accounts that are permitted to log into the system via SSH can be found in the etc directory beneath the installataion directory for Copssh in the sshd_config and passwd files, which can be examined with a text editor, such as the Windows Notepad application.

If the Microsoft Windows Firewall software is enabled on the system, the Copssh setup process will automatically configure the firewall to allow SSH connections, even if you change the port to be a nonstandard port, rather than the default port of 22. If you are using other firewall software on the system, you may need to configure it at this point to allow the SSH connections. Of course, if external access is controlled by an external firewall/router, you will need to configure that device to allow incoming connections to the system from external systems.

If the Microsoft Windows Firewall is being used, on a system using Microsoft Vista, Windows 7, Windows 8, or Windows Server 2008, you can check the existence of the appropriate firewall rule from the command line with the command netsh advfirewall firewall show rule name=opensshd, since Copssh will use "Opensshd" for the rule name.

C:\>netsh advfirewall firewall show rule name=opensshd

Rule Name:                            Opensshd
----------------------------------------------------------------------
Enabled:                              Yes
Direction:                            In
Profiles:                             Domain
Grouping:
LocalIP:                              Any
RemoteIP:                             Any
Protocol:                             TCP
LocalPort:                            22
RemotePort:                           Any
Edge traversal:                       No
Action:                               Allow
Ok.

If you experience any problems with Copssh or just want to see what has been happening with it regarding logins, its event log is accessible from the Status tab by clicking on the button with a piece of paper on it with writing on the paper at the bottom of the column of 3 buttons; you will see a number for events that have occurred to the left of that button, e.g., "16 events last 15 minutes" in the example below:

Copssh events

Copssh creates a Windows service named Openssh SSHD when it is installed; the service can be stopped and started by clicking on the top button under the Status tab - the one that is green when the service is running - or from a command prompt with net stop "Openssh SSHD" and net start "Openssh SSHD".

C:\>net stop "Openssh SSHD"
The Openssh SSHD service is stopping..
The Openssh SSHD service was stopped successfully.


C:\>net start "Openssh SSHD"
The Openssh SSHD service is starting.
The Openssh SSHD service was started successfully.

The Copssh installation process adds two new accounts to the system. On a Windows 7 system, these can be viewed through Control Panel/System and Security/Administrative Tools/Computer Management/Local Users and Groups/Users.

Name	Full Name	Description
sshd		copSSH privilege separation user
SvcCOPSSH		copSSH service account

Copssh also provides client ssh, scp, and sftp utilities. These are installed by running Copssh_client_5.0.0_x64_Installer.exe on 64-bit Windows systems or Copssh_client_5.0.0_x86_Installer.exe on 32-bit systems. The license agreement can be viewed in PDF or text) format. Once installed, you can find the utilities beneath the bin directory where you install the Copssh client applications. These applications can be run from the command line; they don't provide a GUI.

Problems Encountered

Problematical domain user account. Whenever I tried adding one domain user, the second account I tried adding to CopSSH, whenever I got to the final stage where I was prompted to confirm the settings and would click on Apply, the account creation process would hang and go no further. I would then have to kill the "Activate a user for Copssh access" task through the Windows Task Manager, which would also kill the "Copssh Control Panel" task. I would then have to reopen the Copssh Control Panel. The same thing happened for repeated attempts to add the account. I wanted to provide Windows shell access, but it didn't matter whether I selected "Windows shell" or "Linux shell and Sftp", the process of adding the account always hung. I was able to add another domain account, though. I was finally able to add the problematical account, by changing the home directory from C:\Users\username, where username was the name for the user's account, to C:\Users\username\Documents while the service was stopped.
Unable to login as domain administrator. The first account I added under Copssh was the domain administrator account. I specified the domain when I added the account, but the system would never accept the password for the account. There was a local account named administrator as well, but that account was disabled; I don't if somehow Copssh was still attempting to use the login credentials for the local account even though in its list of activated users it showed domainname\administrator. I deleted the account and added it again, but the results were the same. When I checked he Copssh event log, which can be viewed from the Status tab in the COPSSH Control Panel, I would see "Failed password for administrator" entries corresponding to the times I attempted to log in. I could have tried enabling the local administrator account and adding it to Copssh's list of activated users, but, instead, I added another local account that was in the administrators group for the system. I was able to log into that account without a problem.

Justdeals Daily Electronics Deals

Created: Sunday November 23, 2014