Cygwin踩坑記錄(四)-openSSH與openSSL的安裝及配置
一、安裝openSSH與openSS
因為工作關係我需要在Cygwin執行 curl -s "https://get.sdkman.io" | bash 命令將Sdkman下載到本地。
在剛開始的時候我沒有配置openSSH和openSSL,執行curl命令的時候一直提示以下錯誤資訊
sdkman curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to sdkman
後來查詢一些資料後發現是因為沒有安裝和配置openSSH、openSSL導致的,然後我就到Cygwin安裝頁面中選擇了openSSH、openSS相關的資原始檔
安裝完之後別高興得太早,還需要對他們做一些比較繁瑣的配置和啟用。(配置的過程中可能會失敗多次,失敗後請解除安裝後重新配置)
二、配置openSSH與openSS
1、以管理員身份重新啟動Cygwin64 Terminal程式。
注意:這一步是必須的,不然沒許可權建立sshd服務。
2、檢視ssh版本號
$ ssh -V
3、配置ssh
$ ssh-host-config
執行完這一個命令後請嚴格按照以下提示一步一步執行:
*** Info: Generating missing SSH host keys ssh-keygen: generating new host keys: RSA1 RSA DSA ECDSA ED25519 *** Info: Creating default /etc/ssh_config file *** Info: Creating default /etc/sshd_config file *** Info: StrictModes is set to 'yes' by default. *** Info: This is the recommended setting, but it requires that the POSIX *** Info: permissions of the user's home directory, the user's .ssh *** Info: directory, and the user's ssh key files are tight so that *** Info: only the user has write permissions. *** Info: On the other hand, StrictModes don't work well with default *** Info: Windows permissions of a home directory mounted with the *** Info: 'noacl' option, and they don't work at all if the home *** Info: directory is on a FAT or FAT32 partition. *** Query: Should StrictModes be used? (yes/no) no *** Info: Privilege separation is set to 'sandbox' by default since *** Info: OpenSSH 6.1. This is unsupported by Cygwin and has to be set *** Info: to 'yes' or 'no'. *** Info: However, using privilege separation requires a non-privileged account *** Info: called 'sshd'. *** Info: For more info on privilege separation read /usr/share/doc/openssh/README.privsep. *** Query: Should privilege separation be used? (yes/no) no *** Info: Updating /etc/sshd_config file *** Query: Do you want to install sshd as a service? *** Query: (Say "no" if it is already installed as a service) (yes/no) yes *** Query: Enter the value of CYGWIN for the daemon: [] *** Info: On Windows Server 2003, Windows Vista, and above, the *** Info: SYSTEM account cannot setuid to other users -- a capability *** Info: sshd requires. You need to have or to create a privileged *** Info: account. This script will help you do so. *** Info: You appear to be running Windows XP 64bit, Windows 2003 Server, *** Info: or later. On these systems, it's not possible to use the LocalSystem *** Info: account for services that can change the user id without an *** Info: explicit password (such as passwordless logins [e.g. public key *** Info: authentication] via sshd). *** Info: If you want to enable that functionality, it's required to create *** Info: a new account with special privileges (unless a similar account *** Info: already exists). This account is then used to run these special *** Info: servers. *** Info: Note that creating a new user requires that the current account *** Info: have Administrator privileges itself. *** Info: No privileged account could be found. *** Info: This script plans to use 'cyg_server'. *** Info: 'cyg_server' will only be used by registered services. *** Query: Do you want to use a different name? (yes/no) no *** Query: Create new privileged user account 'cyg_server'? (yes/no) yes *** Info: Please enter a password for new user cyg_server. Please be sure *** Info: that this password matches the password rules given on your system. *** Info: Entering no password will exit the configuration. *** Query: Please enter the password: *** Query: Reenter: *** Info: User 'cyg_server' has been created with password 'cyg_server'. *** Info: If you change the password, please remember also to change the *** Info: password for the installed services which use (or will soon use) *** Info: the 'cyg_server' account. *** Info: Also keep in mind that the user 'cyg_server' needs read permissions *** Info: on all users' relevant files for the services running as 'cyg_server'. *** Info: In particular, for the sshd server all users' .ssh/authorized_keys *** Info: files must have appropriate permissions to allow public key *** Info: authentication. (Re-)running ssh-user-config for each user will set *** Info: these permissions correctly. [Similar restrictions apply, for *** Info: instance, for .rhosts files if the rshd server is running, etc]. *** Info: The sshd service has been installed under the 'cyg_server' *** Info: account. To start the service now, call `net start sshd' or *** Info: `cygrunsrv -S sshd'. Otherwise, it will start automatically *** Info: after the next reboot. *** Info: Host configuration finished. Have fun!
上面會提示建立一個使用者cyg_server,並提示你輸入該使用者的密碼,請牢記這裡輸入的密碼。
注意:如果這裡輸入有誤也沒有關係,請執行以下命令:
$ cygrunsrv -R sshd
刪除ssd服務之後,再重新配置ssh。
4、配置完之後到服務列表中檢視並啟用sshd(自動),啟用步驟如下:
4.1、右擊我的電腦/計算機,點選管理,開啟計算機管理。
依次選擇服務和應用程式——服務。
4.2、使用快捷鍵和命令:
同時按下win+r鍵,在執行視窗中輸入services.msc,即可開啟服務。
用以上兩種方法開啟服務後,雙擊想要開啟的的服務,選擇啟動。
以windows updata為例:
在服務狀態選擇“啟動”,就可以開啟服務,根據是否需要開機啟動,啟動型別可以選擇自動或者手動,自動為開機自啟。
注意下圖,sshd必須要用cyg_server使用者登陸的,換成“本地系統賬戶”是不行的。
三、啟動OpenSSH服務
以下是openSSH開啟和停止命令
$ net start sshd
$ net stop sshd
四、配置OpenSSH使用者密碼
輸入以下命令
$ ssh-user-config
請按照以下提示一步一步執行:
*** Query: Shall I create a SSH2 DSA identity file for you? (yes/no) yes
*** Query: Shall I create a SSH2 ECDSA identity file for you? (yes/no) yes
*** Query: Shall I create a (deprecated) SSH1 RSA identity file for you? (yes/no) no
*** Query: Do you want to use this identity to login to this machine? (yes/no) no
注意:這裡輸入的密碼必須4位以上,不然會建立失敗。
建立成功的話會在cygwin\home\User\.ssh目錄下會存在以下檔案:
五、測試是否安裝成功
在Cygwin64 Terminal中輸入
$ ssh [email protected]
輸入密碼如果沒報錯,說明OpenSSH安裝配置成功,如下圖:
注意:如果這裡提示22埠沒開的話,請執行 net start sshd 命令開啟openSSH,因為ssh預設埠是22,如果開啟失敗則說明安裝失敗,請按照本教程重新安裝。