This page is a part of ProSSHD online Help Manual.
|6. Configuring ProSSHD||< previous | content | next >|
This tab allows you to install and uninstall XwpSSHD as MS Windows service. Also, you can manage XwpSSHD as MS Windows service on your system.
XwpSSHD is a server program (daemon) for the SSH Secure Shell protocol version 2, or SSH2, that you can run as a standard MS Windows Service (MS Windows 2K/2003/XP/Vista).
The SSH protocol server/client programs provide secure encrypted communications between two untrusted hosts over an insecure network. An SSH client can connect securely to an SSH server, and then use the resulting secure link to access the server's resources.
A new daemon is spawned for each incoming connection instance. These daemons handle key exchange, encryption, client and server authentication, command execution, data exchange and data integrity verification.
Server authentication is performed using the DSA or the RSA public key algorithm. Client authentication can be performed using a public key algorithm such as DSA or RSA, a MS Windows Username/Password, as well as a variety of other methods.
To provide the remote console service, a channel is created in the SSH session, and the channel is used to exchange data using a terminal emulation protocol such as ANSI or AT386-type. The SSH-client displays to the user a console window (with a command interpreter) within which the user can execute commands or run programs on the SSH-server as if the user were logged on locally.
Among other things, the SSH-client can transfer files (using the SFTP protocol) and forward (local-to-remote and remote-to-local using Dynamic Forwarding (SOCKS4)) other TCP/IP connections over the secure link.
A service is an application type that runs in the background and is similar to UNIX daemon applications. Service applications typically provide features such as client/server applications, Web servers, database servers, and other server-based applications to users, both locally and across the network.
You can use MS services to:
Each service has special permissions that you can grant or deny for each user or group. You can set permissions for individual services by using Security Templates.
According to MS Windows Help Manual, Services must log on to an account in order to access resources and objects on the operating system. Some services are configured by default to log on to the Local System account, which is a powerful account that has full access to the system. If a service logs on to the Local System account on a domain controller, that service has access to the entire domain. Other services are configured to log on to LocalService or NetworkService accounts, which are special built-in accounts that are similar to authenticated user accounts. These accounts have the same level of access to resources and objects as members of the Users groups. This limited access helps safeguard your system if individual services or processes are compromised.
Services running as the LocalService account access network resources as a null session with no credentials. Services running as the NetworkService account access network resources using the credentials of the machine account.
SSH is a very flexible protocol, and many different types of services can run on top of it. Additionally, the open architecture of SSH allows these services to run all at the same time without impeding each other. The advantage of services is that they can be started at boot time independently of any logon session, and will continue to run as users log on and off of the machine.
Click Install to install XwpSSHD and to add the service to the Services list on your system.
The service name of the XwpSSHD service is XWP SSH server.
When started, XwpSSHD will be listening on port 22 (default) for SSH clients' requests.
To configure how XwpSSHD is started (Automatic or Manual), you should choose the Startup type and then press Set.
You can remove XwpSSHD from the Services list on your system by pressing Uninstall in the XwpSSHD service tab.
Click Yes to confirm removing XwpSSHD from the Services list on your system. You need not restart your PC.
Note that XwpSSHD correctly stops and disconnects active SSH clients, and closes the port used for communications on your computer when uninstalling XwpSSHD.
This section describes how to start and use XwpSSHD as a standard MS Windows service.
A slider position defines a tracing level for output network tracing log information into the LogData field for your XwpSSHD session.
In this field, network tracing log information between XwpSSHD and (remote) SSH clients is output (according to the Trace Level setting).
When a SSH client connects to the SSHD daemon:
Before using XwpSSHD, key-files (for authentication and authorization SSH clients) should be generated and put properly on SSH clients' computers and on SSH server's one.
The authentication and authorization files must be located in the ssh subdirectory in the home directory of the package.
The default names for the files are as follows:
public/private DSA host keys ssh_host_dsa_key.pub, ssh_host_dsa_key,
public/private RSA host keys ssh_host_rsa_key.pub, ssh_host_rsa_key,
XwpSSHD comes with pregenerated (sample) key-files, so these files are ready to be used if you want.
XwpSSHD comes preconfigured, so that after installation it can use the preset configuration to communicate with SSH clients.
When started, XwpSSHD reads a set of runtime configuration directives from the configuration file. These configuration directives control XwpSSHD behavior for various functions. The file contains keyword value pairs, one per line. Lines starting with # and empty lines are interpreted as comments. Keywords are case insensitive.
The SSHD configuration file must be located in the ssh subdirectory in the home directory of the package.
You can use the default values for the configuration directives listed in the file, or you can modify these values according to your needs. (The Settings button is not yet implemented.) If you make a change to the SSHD configuration file after you have enabled SSH, you must restart SSHD for these changes to take effect.
Note that when restart SSHD, all active SSH server sessions are terminated. Active SSH client sessions are not affected.
This button refreshes the status of the service.
If you have a typical installation, many services are configured as Automatic (that is, they start automatically when the system starts or when the service is called for the first time). If a service is configured as Manual, you must start the service manually before it can be loaded by the operating system and made available for use. If a service is configured as Disabled, it cannot be started automatically or manually.
To configure how XwpSSHD is started, you can choose the Startup type and press Set. Then you can manage the service session by pressing the Start/Stop and Pause/Resume buttons with watching the Service status.
To start, stop, pause, resume, or restart a service (as administrator), you can also open the Services window (clicking Start/Settings/Control Panel/Administrative Tools/Services), right-click your service, and then click Start, Stop, Pause, Resume, or Restart.
Windows Firewall monitors all aspects of the communications that are sent and received, and inspects the source and destination address of each message that it handles. In Microsoft Windows XP Service Pack 2 (SP2), Windows Firewall is turned on by default for all Internet and network connections. If you choose to install and run another firewall, turn off Windows Firewall.
When Windows Firewall is On, it blocks all unsolicited requests to connect to your computer, except for requests to programs or services selected on the Exceptions tab. When your computer gets an unsolicited request, Windows Firewall blocks the connection. If you choose to unblock the connection, Windows Firewall creates an exception. You can add a service as an exception so that the firewall will allow client's information to reach your computer and the service (through open ports for it). For programs that open ports automatically as needed to connect to your computer, Windows Firewall must allow the program to open the correct port. For these programs to work correctly, they must be listed on the Exceptions tab in Windows Firewall.
You can add a new service to your network by installing the service software on one of your network computers and then adding the service definition so that Internet Connection Sharing (ICS), if enabled, will allow the service to be accessed from the Internet. The information that you must enter to add a service definition includes: the description of the service (a name that you can easily recognize), the name or IP address of the computer hosting the service, and the TCP or UDP port number for the service (the port number that external computers use to contact this service).
This button adds the XwpSSHD definition (i.e., the description of the service) to the Exceptions tab in Windows Firewall to allow the service to be accessed from SSH clients' computers.
When you add or change settings for a service or program, you must choose whether to open the port to any computer or only to computers on your network. If you choose Any computer in the Advanced tab of Windows Firewall, anyone from the Internet or your network can connect to your computer. If you choose My network only, only computers on your local network can connect. If you prefer, you can click Custom, and then type a custom list of IP addresses and subnets that should be allowed access.
This button removes the XwpSSHD definition from the Exceptions tab in Windows Firewall.
|6. Configuring ProSSHD||< previous | content | next >|
|Copyright © 1999 - 2009 LabtamTM Inc.|