Windows Domain SSH

2015-07-10T22:25:02Z

Mtc:

[[Category:Windows]]

*Install Cygwin, for openssh you only need the openssh package but a few other tools will probably help(vim,wget,shutdown,rsync)
*Create a service domain account that we will used to be able to login through ssh from a domain joined computer

*Making the passwd file for Domain users:
mkpasswd -d > /etc/passwd
mkgroup -g > /etc/group

*Making the passwd file for local users:
mkpasswd -cl > /etc/passwd
mkgroup -cl > /etc/group

*Now you'll need to edit the passwd file and remove the hostname and/or domain name from the beginning of each user you'd like to be able to ssh into the system with.

*on the local computer we need to add the Domain service account to certain groups
*Go to Administrative tools in the Control Panel and open the Local Security Policy
*Navigate to
Local Security Policy => Security Settings => Local Policies => User Rights Assignment
*add domain user to these groups
Act as part of the operating system
Create a token object
Deny log on through remote desktop services
Log on as a service
Replace a process level token

*Setup sshd
ssh-host-config
*We are going to answer yes to most of the default configuration, Except we will replace the user which is the service account used to run cygwin
*By default it creates this user under the name cyg_server, when asked if we would like to create this user we will say no and give the ssh-host-config script another user which has the appropriate permission to allow domain logins
*In our domain the user created for this purpose is cyg_service
*below shows a summary of what we will be saying yes and no too as long as with output from a setup
Should privilege separation be used(yes/no)? Yes

Stadm - User contributions [en]

Windows Domain SSH