Compiling OpenSSH under Windows 2003 Server

MinGW

I did attempt to compile OpenSSH using MinGW, however, this appears to be a cut down version of Cygwin so the compilation has issues with pwd.h and netinet/in.h (and probably others) being missing. It may be possible with some effort to get these missing components installed, however, I decided for the easier approach of using Cygwin for the compilation.

Pre-requisites

Cygwin
Required components: Base, gcc, make, zlib, minires-devel & cygrunsrv
Optional components: tcp-wrappers
OpenSSL
You need the OpenSSL libraries (and probably the headers too)
Perl
Needed for configuring OpenSSL - ActiveState Perl will do

Building

Assuming OpenSSL was build in ../openssl-0.9.8g

  • sh configure --prefix='' --libexecdir=/sbin --with-ssl-dir=../openssl-0.9.8g
    • Add --with-tcp-wrappers if required
  • make

Installing

mkdir C:\Program Files\OpenSSH
mkdir C:\Program Files\OpenSSH\bin
mkdir C:\Program Files\OpenSSH\sbin
mkdir C:\Program Files\OpenSSH\etc

Assuming you wish to install OpenSSH without a full installation of Cygwin you will need the following Cygwin components:

  • cygwin1.dll
  • cygcrypt-0.dll
  • cygz.dll
  • cygminires.dll
  • mkgroup.exe
  • mkpasswd.exe
  • cygrunsrv.exe

Copy these into C:\Program Files\OpenSSH\bin
Add C:\Program Files\OpenSSH\bin to the PATH environment variable so the Cygwin DLL's can be found.

From the OpenSSH compilation directory install the binaries
copy *.exe C:\Program Files\OpenSSH\bin
Move sshd.exe and sftp-server.exe to C:\Program Files\OpenSSH\sbin

Copy sshd_config.out, ssh_config.out to C:\Program Files\OpenSSH\etc

Cygwin will need to find /etc which it does by registry settings as shown below.

[HKEY_LOCAL_MACHINE\SOFTWARE\Cygnus Solutions]

[HKEY_LOCAL_MACHINE\SOFTWARE\Cygnus Solutions\Cygwin]

[HKEY_LOCAL_MACHINE\SOFTWARE\Cygnus Solutions\Cygwin\mounts v2]
"cygdrive prefix"="/cygdrive"
"cygdrive flags"=dword:00000022

[HKEY_LOCAL_MACHINE\SOFTWARE\Cygnus Solutions\Cygwin\mounts v2\/]
"native"="C:\\Program Files\\OpenSSH"
"flags"=dword:0000000a

[HKEY_LOCAL_MACHINE\SOFTWARE\Cygnus Solutions\Cygwin\mounts v2\/home]
"flags"=dword:0000000a
"native"="C:\\Documents and Settings"

[HKEY_LOCAL_MACHINE\SOFTWARE\Cygnus Solutions\Cygwin\mounts v2\/usr/bin]
"flags"=dword:0000000a
"native"="C:\\Program Files\\OpenSSH\\bin"

[HKEY_LOCAL_MACHINE\SOFTWARE\Cygnus Solutions\Cygwin\Program Options]

Note: These will get clobbered if you install Cygwin later.

Generating keys

You don't need all of these but you will need at least one.

SSH1 RSA
ssh-keygen -t rsa1 -f "\Program Files\OpenSSH\etc\ssh_host_key" -N ''
SSH2 RSA
ssh-keygen -t rsa -f "\Program Files\OpenSSH\etc\ssh_host_rsa_key" -N ''
SSH2 DSA
ssh-keygen -t dsa -f "\Program Files\OpenSSH\etc\ssh_host_dsa_key" -N ''

Installing as a service

You will need to have created the OpenSSH server user and assigned the appropriate privileges before the following step. The version of OpenSSH I was using would not start as service unless the -r (re-exec flag) was used.

cygrunsrv -I sshd -d OpenSSH -p path -a "-D -r" -u sshd -w passwd -y tcpip -e "CYGWIN=ntsec tty"

Why no MSI?

To avoid license compilcations I've not packaged the final application into a distributable MSI.