SFTP/SSH Sunucu Kurulumu

• En son sürüm OpenSSH for Windows binaries (package OpenSSH-Win64.zip veya OpenSSH-Win32.zip)
• Administrator yetkisi ile, paketi C:\Program Files\OpenSSHklasörü içerisine çıkarın
• Administrator yetkisi ile, sshd ve ssh-agent servislerini kurun:

  powershell.exe -ExecutionPolicy Bypass -File install-sshd.ps1
  
  
  

SSH Sunucu Konfigürasyonu

• Windows Güvenlik Duvarı üzerinde SSH sunucusu için gelen bağlantılara izin verin:
  • Aşağıdaki PowerShell komutunu (Windows 8 ve 2012 veya daha yeni sürümlerde), Administrator yetkisi ile çalıştırın:

    New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH SSH Server' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22

  • veya Control Panel > System and Security > Windows Firewall > Advanced Settings > Inbound Rules ve 22 portu için yeni kural ekleyin.
• Servisi başatın veya otomatik başlatmaya ayarlayın:
  • Control Panel > System and Security > Administrative Tools ve Services açın. OpenSSH SSH Server servisine girin.
  • Otomatik başlaması için: Action > Properties > Startup type > Automatic.
  • OpenSSH SSH Server > Start the service.

SSH ortak anahtar kimlik doğrulamasını ayarlayın

• .ssh klasörü oluşturun ( authorized_keys dosyası için)  ( C:\Users\username\.ssh).
• For permissions to .ssh folder and authorized_keys file, what matters are Windows ACL permissions, not simple *nix permissions. Set the ACL so that only a respective Windows account have a write access to the folder and the file (what is the default access level, if you create the folder and the file, while logged in using the respective account).

Connecting to the server

for %f in (%ProgramData%\ssh\ssh_host_*_key) do @%WINDIR%\System32\OpenSSH\ssh-keygen.exe -l -f "%f"

Get-ChildItem $env:ProgramData\ssh\ssh_host_*_key | ForEach-Object { . $env:WINDIR\System32\OpenSSH\ssh-keygen.exe -l -f $_ }

C:\Windows\System32\OpenSSH>for %f in (%ProgramData%\ssh\ssh_host_*_key) do @%WINDIR%\System32\OpenSSH\ssh-keygen.exe -l -f "%f"
1024 SHA256:K1kYcE7GHAqHLNPBaGVLOYBQif04VLOQN9kDbiLW/eE martin@example (DSA)
256 SHA256:7pFXY/Ad3itb6+fLlNwU3zc6X6o/ZmV3/mfyRnE46xg martin@example (ECDSA)
256 SHA256:KFi18tCRGsQmxMPioKvg0flaFI9aI/ebXfIDIOgIVGU martin@example (ED25519)
2048 SHA256:z6YYzqGiAb1FN55jOf/f4fqR1IJvpXlKxaZXRtP2mX8 martin@example (RSA)

Start WinSCP. Login dialog will appear. On the dialog:

• Make sure New site node is selected.
• On New site node, make sure the SFTP protocol is selected.
• Enter your machine/server IP address (or a hostname) into the Host name box.
• Enter your Windows account name to the User name box. It might have to be entered in the format user@domain, if running on a domain.
• For a public key authentication:
  • Press the Advanced button to open Advanced site settings dialog and go to SSH > Authentication page.
  • In Private key file box select your private key file.
  • Submit Advanced site settings dialog with the OK button.
• For a password authentication:
  • Enter your Windows account password to the Password box.
  • If you Windows account does not have a password, you cannot authenticate with the password authentication (i.e. with an empty password), you need to use the public key authentication.
• Save your site settings using the Save button.
• Login using Login button.
• Verify the host key by comparing fingerprint with those collected before (see above).

If you cannot authenticate to the server, and you are using Windows 10 Developer mode, make sure that your OpenSSH server does not conflict with an internal SSH server used by the Developer mode. You may need to turn off the SSH Server Broker and SSH Server Proxy Windows services. Or run your OpenSSH server on a different port than 22.