Configuring the Cygwin SSH daemon

You can use the Cygwin SSH daemon (sshd) to provide SSH access to Windows systems.

For gateway-based discovery, the Cygwin SSH daemon must be installed on the gateway system; for direct SSH discovery, the daemon must be installed on each Windows system.

For more information about the supported Cygwin SSH daemon versions, see Windows gateways.

Important: For successful discovery by using Cygwin SSH, the following requirements must be fulfilled:
  • Anchors and gateways are supported on Cygwin 64-bit edition on Windows Server 2012 x64.
  • The discovery user and the user that starts the service must be the same. The discovery user must be a member of the Administrators group.

Cygwin is available from http://www.cygwin.com/.

To configure the Cygwin SSH daemon:

  1. Start the cygwin bash shell.
  2. From your system information, use the cygwin mkpasswd utility to create an initial /etc/passwd.
    You can also use the mkgroup utility to create an initial /etc/ group. See the Cygwin User's Guide for more details.
    For example, the following command sets up the password file, passwd, from the local accounts on your system:
    mkpasswd -l > /etc/passwd
  3. Run the ssh-host-config program setup.
  4. Configure SSH. Answer Yes to all questions.
  5. Start the SSH server by running the following command: 
    net start sshd
The Cygwin (sshd) service must use an administrative domain user account when accessing the gateway server. This user account is required for some sensors for example, the Microsoft Exchange sensor. Complete the following steps:
  1. Configure the domain user account by running the following commands:
     mkpasswd -u [domain_user] -d [domain] >> /etc/passwd
 mkgroup -d [domain] >> /etc/group
  2. Start the services.msc program. Check the log on properties for the Cygwin (sshd) service that was created. Verify that the service is set up to be run by an administrative domain user account.
  3. Cygwin (sshd) configuration and log files must be owned by the same domain user account that the Cygwin (sshd) service uses to accesses the gateway. Run the following commands:
          $ chown [domain_user] /var/log/sshd.log
      $ chown -R [domain_user] /var/empty
      $ chown [domain_user] /etc/ssh*
  4. The domain user account must have the following permissions on the gateway server:
    • Adjust memory quotas for a process
    • Create a token object
    • Log on as a service
    • Replace a process level token
If you are discovering multiple Windows servers, you might experience the following message:
A Working gateway cannot be found

For more information about additional configuration that might help, see Gateway problems.