Difference between revisions of "Windows Domain SSH"
From Stadm
Jump to navigationJump to search| Line 4: | Line 4: | ||
*Create a service domain account that we will used to be able to login through ssh from a domain joined computer | *Create a service domain account that we will used to be able to login through ssh from a domain joined computer | ||
| − | *on the local computer | + | *Making the passwd file |
| − | * | + | mkpasswd -d > /etc/passwd |
| + | mkgroup -g > /etc/group | ||
| + | |||
| + | *on the local computer we need to add the Domain service account to certain groups | ||
| + | *Go to Administrative tools in the Control Panel and open the Local Security Policy | ||
| + | *Navigate to | ||
Local Security Policy => Security Settings => Local Policies => User Rights Assignment | Local Security Policy => Security Settings => Local Policies => User Rights Assignment | ||
*add domain user to these groups | *add domain user to these groups | ||
| Line 16: | Line 21: | ||
*Setup sshd | *Setup sshd | ||
ssh-host-config | ssh-host-config | ||
| − | *We are going to answer yes to most of the default configuration, below shows a summary of what we ill be saying yes and no too as long as with output from a setup | + | *We are going to answer yes to most of the default configuration, Except we will replace the user which is the service account used to run cygwin |
| + | *By default it creates this user under the name cyg_server, when asked if we would like to create this user we will say no and give the ssh-host-config script another user which has the appropriate permission to allow domain logins | ||
| + | *In our domain the user created for this purpose is cyg_service | ||
| + | *below shows a summary of what we ill be saying yes and no too as long as with output from a setup | ||
Should privilege separation be used(yes/no)? Yes | Should privilege separation be used(yes/no)? Yes | ||
Revision as of 15:29, 9 June 2015
- Install Cygwin, for openssh you only need the openssh package but a few other tools will probably help(vim,wget,shutdown,rsync)
- Create a service domain account that we will used to be able to login through ssh from a domain joined computer
- Making the passwd file
mkpasswd -d > /etc/passwd mkgroup -g > /etc/group
- on the local computer we need to add the Domain service account to certain groups
- Go to Administrative tools in the Control Panel and open the Local Security Policy
- Navigate to
Local Security Policy => Security Settings => Local Policies => User Rights Assignment
- add domain user to these groups
Act as part of the operating system Create a token object Deny log on through remote desktop services Log on as a service Replace a process level token
- Setup sshd
ssh-host-config
- We are going to answer yes to most of the default configuration, Except we will replace the user which is the service account used to run cygwin
- By default it creates this user under the name cyg_server, when asked if we would like to create this user we will say no and give the ssh-host-config script another user which has the appropriate permission to allow domain logins
- In our domain the user created for this purpose is cyg_service
- below shows a summary of what we ill be saying yes and no too as long as with output from a setup
Should privilege separation be used(yes/no)? Yes
