NOTE DINFORMATIONS / INFORMATION NOTE

Page: 1 / 8

Rdacteur / Written by: SHG Date de rdaction / Writing date: 11/10/2011 Diffusion / Recipients: Indus Objet / Subject: Specifications fo insta!!in" t#e $%"&in/Openss# Red#at Se 'e on (indo&s 200) R2 Se 'e The purpose of this docu ent is to descibe the steps for insta!!ing and configuring the S"TP #yg$in/Openssh Ser%er supp!ied by Redhat on Windo$s &''8 R& ser%er in Wor(group )ode secured by the *ste!!ia security script+ * separate docu ent $i!! be $ritten for ser%ers in Do ain )ode secured by the *ste!!ia security script+

1* INSTA++ATION*****************************************************************************************************************2 2* $ONFIG,RATION*************************************************************************************************************.* ,NINSTA++***********************************************************************************************************************) -* TRO,/+ESHOOTING******************************************************************************************************)

#onfidentie! *ste!!ia / *ste!!ia confidentia

"ichier : &&,-./,00+doc

NOTE DINFORMATIONS / INFORMATION NOTE

Page: & / 8

1*

INSTA++ATION 11 Prere2uisites: security script 3&+1+' 4 ini u 5 a+ *pp!y the security script a%ai!ab!e here W*R6768: after insta!!ing the script9 bui!tin ad inistrator 4ad ::: or ad inistrator or ad inistrateur5 has been rena ed ;ad < + =ou need to rena e it in ad ::: as usua!+ b+ #hange access rights for directories #:>*ste!!ia and D:>aste!!ia *ccess rights for #:>*ST?@@7*: "u!! contro!: S=ST?) "u!! contro!: *STAT?#B "u!! contro!: *ST A*D)76 "u!! contro!: *ST AO*) *ccess rights for D:>*ste!!ia and ?:>*ste!!ia "u!! contro!: S=ST?) "u!! contro!: *STAT?#B "u!! contro!: *STAA*D)76 Share directory D:>*ste!!ia 4share na e: *ste!!ia5 "u!! contro!: *STAT?#B "u!! contro!: *STA*D)76 c+ Re e ber to !og off after insta!!ing the script+ pac(ages for Openssh and 3i pac(ages of Redhat:

&1 Do$n!oad the #yg$in RedhatA#yg$inA1+8+.+.+Cip

.1 Run the rhsetup.exe as a @oca! *d inistrator+ Se!ect ;7nsta!! fro @oca! Directory<+

#onfidentie! *ste!!ia / *ste!!ia confidentia

"ichier : &&,-./,00+doc

NOTE DINFORMATIONS / INFORMATION NOTE

Page: . / 8

Se!ect $01Aste!!ia1 #c%"&in as the insta!! directory+

7n the ;Setup *!ert< $indo$ c!ic( O2+

#onfidentie! *ste!!ia / *ste!!ia confidentia

"ichier : &&,-./,00+doc

NOTE DINFORMATIONS / INFORMATION NOTE

Page: , / 8

The fo!!o$ing $indo$ is disp!ayed:

#!ic( ;Sui'ant3 < 4<Ne4t3<5 to insta!!+

2*

$ONFIG,RATION

1+ #reate the Dser that $i!! connect to the S"TP ser%er: #reate the Dser in Windo$s $ith a pass$ord that ne%er eEpires+

#onfidentie! *ste!!ia / *ste!!ia confidentia

"ichier : &&,-./,00+doc

NOTE DINFORMATIONS / INFORMATION NOTE

Page: - / 8

&+ *dd this Dser to the *STA*D)76 !oca! group to gi%e hi .+ Open a #yg$in conso!e 4see des(top shortcut5+ ?nter the fo!!o$ing co ands: (pass$d 1! F /etc/pass$d (group 1! F /etc/group ,+ #onfigure the SSB ser%ice+

rights to *ste!!ia directories+

Start the #yg$in conso!e 4see red hat #yg$in des(top icon5+ Ssh1host1config Guestion: shou!d pri%i!ege separation be usedH 4yes/no5 yes 6e$ !oca! account IsshdIH 4yes/no5 yes Do you $ant to insta!! sshd as a ser%iceH yes ?nter the %a!ue of #=8W76 for the dae on: ntsec Do you $ant to use a different na eH 4yes/no5 no #reate ne$ pri%i!eged user account IcygAser%erIH 4yes/no5 yes

#onfidentie! *ste!!ia / *ste!!ia confidentia

"ichier : &&,-./,00+doc

NOTE DINFORMATIONS / INFORMATION NOTE

Page: / / 8

-+ 3erify users created by #yg$in: ?nsure the pass$ord is set to ;Pass$ord ne%er eEpires< for sshd and cygAser%er+

*dd the cygAser%er Dser to the *STAT?#B group so that he is a!!o$ed to start a ser%ice+

#onfidentie! *ste!!ia / *ste!!ia confidentia

"ichier : &&,-./,00+doc

NOTE DINFORMATIONS / INFORMATION NOTE

/+ Security Setting #hange port:

Page: J / 8

3i /etc/sshdAconfig #hange the !ine: Port && To: Port &&&&& ?nab!e !ogs:

?nab!e Sys!og #yg$in ser%ice+ 7n the #yg$in conso!e9 enter: Sys!ogd1config Do you $ant to insta!! sys!ogd as a ser%iceH: yes Dnco ent the !ines Sys!og"aci!ity and @og@e%e! in configuration fi!e /etc/sshd+conf+

Start Windo$s ser%ices ;#yg$in sshd< and ;#=8W76 sys!og< and test !ogin to S"TP 4eE: fi!eCi!!a5 and ssh 4eE: putty5+

J+ Data access To access data9 use an abso!ute path9 such as cygdri%e/e/aste!!ia 4i portant: $ithout ;/< at the beginning5+ #hec( that the user 4sftpuser5 or the *STAT?#B group ha%e ;"u!! contro!< per issions on S"TP data directories 4typica!!y under D:>*ste!!ia5+

#onfidentie! *ste!!ia / *ste!!ia confidentia

"ichier : &&,-./,00+doc

NOTE DINFORMATIONS / INFORMATION NOTE

Page: 8 / 8

.*

,NINSTA++

To

anua!!y uninsta!! #yg$in9 you can do the fo!!o$ing: 1+ De!ete a!! #yg$in ser%ices9 such as sshd9 cron9 cygser%er and inetd: o o 7f the ser%ice is running9 stop it using the cygrunsrv -E nom co stands for the ser%ice na e+ Dninsta!! the ser%ice using the cygrunsrv -R nom co and+ and9 $here nom

&+ 7f ser%er :11 is running9 stop it and ter inate any #yg$in progra that ay be running in the bac(ground+ De!ete a!! ount infor ation using the umount -A co and+ ?Eit the co and !ine and a(e sure there is no #yg$in process running+ .+ De!ete the #yg$in insta!! fo!der and a!! subfo!ders+ o o 7f you get an error indicating that an object is in use9 p!ease chec( that a!! ser%ices ha%e stopped and that a!! #yg$in progra s $ere c!osed+ 7f you get an error saying ;Droit d'accs refuse 4;access right denied), edit per issions or change the o$nership rights of your user account for fi!es or fo!ders $hich caused the error+ To change the #yg$in fo!der property fro Windo$s ?Ep!orer9 right1c!ic( the #yg$in fo!der9 then c!ic( 5 ope ties+ 7n the ;Security< tab9 choose Ad'anced+ 7n the ;O$ner< tab9 a(e sure your account appears to be ;O$ner<+ Tic( ; Rep!ace o&ne on su6containe s and o67ects ;9 then c!ic( O2+

,+ Re o%e #yg$in shortcuts on the des(top and in Start )enu+ -+ 7f #yg$in $as added to syste path9 de!ete it+

/+ 7f you ha%e defined the #=8W76 en%iron ent %ariab!e9 de!ete it+ J+ Re o%e the registry trees Software\Cygnus Solutions and Software\Cygwin under !E"#$%CA$#&AC '(E and !E"#C)RRE(*#)SER+ if present+ 8+ Re o%e the Windo$s #yg$in users 4astftp9 cygAser%er9 sshd9 etc+5 .

-*

TRO,/+ESHOOTING

@og When a prob!e

occurs9 you can increase !og !e%e!+

7n /etc/sshdAconfig9 set ;Sys@og!e%e!< to ;D?KD8<9 then restart #=8W76 ser%ices+ @ogs are !ocated in /%ar/!og/ essages+ 3erify that #yg$in Dsers 4sftpuser9 cygAser%er and sshd5 are not !oc(ed out in Windo$s+

#onfidentie! *ste!!ia / *ste!!ia confidentia

"ichier : &&,-./,00+doc