C:\Program Files\Bitvise WinSSHD>wcfg import settings -i Enter instructions, one per line, 'q' to query a value (try "q", "q ?" first) 'abort' or 'quit' to exit without saving, 'commit' to save changes and exit. > q - The "?" query will display possible instructions and queries at the root level. The "*" query will display current values of the whole hierarchy. The "%" query will do the same, but without values that equal defaults. - The "SetDefaults" instruction will reset the whole hierarchy to defaults. - Most nested types understand the following special query types: .? for a list of possible instructions and queries .* for the current values of all contained elements .% for the list of those values that differ from their defaults - Most nested types understand the following special instruction: .SetDefaults to set that type and its descendants to their defaults - Contained types are referenced by appending their names to their parents, separated by a single dot, e.g.: 'someType.someSubType.?' - Test expressions are possible in some contexts Example test expression: someType.someList.(name eqi "steve").someValue 123 affects the first entry of someList where the 'name' member is "Steve". Numeric comparison operators: > < >= <= == != String comparison operators: gt lt ge le eq ne Case-insensitive string comparison operators: gti lti gei lei eqi nei - 'With' clauses provide easier access to deeply nested settings. For example: With someType.list.(name eqi "Default") { fileNameSetting "c:\\SomeFile" With listenSks.New { listenIntf 10.10.10.1 listenPort 5554 } listenSks.NewCommit } This has identical effects to: someType.list.(name eqi "Default").fileNameSetting "c:\\SomeFile" someType.list.(name eqi "Default").listenSks.New.listenIntf 10.10.10.1 someType.list.(name eqi "Default").listenSks.New.listenPort 5554 someType.list.(name eqi "Default").listenSks.NewCommit - The "WithClauses" query shows the currently active With clauses. > q ? Supports *, %, ? queries and SetDefaults. Members: server, nested type (query with .? for more info) Settings affecting the WinSSHD server as a whole. algs, nested type (query with .? for more info) Settings in this section affect which algorithms WinSSHD will support in establishing and maintaining an SSH session. There is no need to change settings in this section unless there is a good reason to do so. session, nested type (query with .? for more info) Settings affecting how an SSH session may be established and how it is maintained. Includes settings for user authentication, automatic IP blocking, supported GSSAPI methods, key re-exchange, session timeout. domainOrder, sorted list (query with .? for more info) When a user tries to log in with a username that does not explicitly specify a domain, WinSSHD will attempt to look up the username in domains in the order in which domains are listed here. If the domain order list is empty, login usernames must explicitly specify a domain in 'domain\user' or 'user@domain' format, or the username is assumed to be local. proxyProfiles, sorted list (query with .? for more info) When users use client-to-server tunneling, WinSSHD can forward these outbound connections through a proxy. If one or more forwarding destinations must be accessed through a proxy, configure the proxy settings here. Proxy profiles are referenced from within IP and DNS connect rules in WinSSHD group and account settings entries. access, nested type (query with .? for more info) Use settings in this section to control which Windows users can log in through WinSSHD, to create virtual accounts specific to WinSSHD, to control internet addresses from which WinSSHD will accept connections, and to configure what SSH services users can access. If settings in this section are left at defaults, WinSSHD will accept connections from all internet addresses and will permit logon for all Windows accounts to which a local logon right is granted by the local computer's security policy. > q access.? Supports *, %, ? queries and SetDefaults. Members: winGroups, sorted list (query with .? for more info) A list of WinSSHD settings for Windows groups. Whenever a user logs into WinSSHD with a Windows username, one of the group settings entries here will apply. Group settings will be used if an account has no settings entry in 'Windows accounts'. Group settings will also be used when an account's settings entry specifies a 'default' value for a setting. See also: http://www.bitvise.com/wug-accounts.html winAccounts, sorted list (query with .? for more info) A list of WinSSHD settings for Windows accounts. If there is no entry in this list for a Windows account that tries to log in, a group settings entry in 'Windows groups' will be used. If an account settings entry is defined, but specifies the 'default' value for a setting, the corresponding Group setting will be used. See also: http://www.bitvise.com/wug-accounts.html virtGroups, sorted list (query with .? for more info) A list of WinSSHD settings for virtual groups. Each WinSSHD virtual account defined in section 'Virtual accounts' is a member of one virtual group defined here. Group settings will be used when a virtual account specifies a 'default' value for a setting. See also: http://www.bitvise.com/wug-accounts.html virtAccounts, sorted list (query with .? for more info) A list of WinSSHD settings for virtual accounts. Virtual accounts allow you to configure different WinSSHD login settings and permissions for multiple users without having to create and maintain dedicated operating system accounts. Multiple virtual accounts can have different WinSSHD settings while using the same backing Windows account for OS-level permissions and security. See also: http://www.bitvise.com/wug-accounts.html hosts, nested type (query with .? for more info) Remote addresses from which connections will be accepted. > q access.winGroups.? Instructions: Clear, removes all entries, implies NewClear Erase , removes the entry with the specified id Erase(), removes all entries that satisfy the test condition New, references a new entry that has not yet been added to the list if the new entry has not yet been referenced or a previous new entry has just been committed or cleared, a new entry with a unique id is created CreateNewWithId , explicitly creates a new entry with the specified id; the id must be non-zero, numeric, and unique across the current list NewClear, clears the entry referenced with 'New' NewCommit, commits the entry referenced with 'New' into the list All, executes the instruction on each of the list entries (), references the first entry that satisfies the condition , references the entry with the specified id Queries: Count, returns the number of entries in the vector Count(), returns the number of entries that satisfy the condition New, references a new entry that has not yet been added to the list if the new entry has not yet been referenced or a previous new entry has just been committed or cleared, a new entry with a unique id is created All, evaluates the query on all entries, returning a multi-line string if no query is specified, returns full names of entries with unique ids (), references the first entry that satisfies the condition , references the entry with the specified id Test expressions: Example test expression: someType.someList.(name eqi "steve").someValue 123 affects the first entry of someList where the 'name' member is "Steve". Numeric comparison operators: > < >= <= == != String comparison operators: gt lt ge le eq ne Case-insensitive string comparison operators: gti lti gei lei eqi nei > q access.winGroups.All access.winGroups.1 > q access.winGroups.% SetDefaults > q access.winGroups.* Clear CreateNewWithId 1 With New { priority 100 groupType everyone winDomain "" group "" loginAllowed true logonType interactive limitSessions none maxSessions 2 passwordAuth allowed publicKeyAuth allowed keys.Clear permitRemoteAdmin true mapRemoteHomeDir false mapRememberedShares false shares.Clear With onLogonCmd { command "" workDir "" execAsService false noLoadProfile false maxWaitTime 0 allowJobBreakaway false } With onLogoffCmd { command "" workDir "" execAsService false noLoadProfile false maxWaitTime 0 allowJobBreakaway false } allowSessionJobBreakaway false permitTerminalShell true terminalShell "cmd.exe" initDir "" permitExecRequests true execReqPrefix "cmd.exe /c " permitScp true permitSftp true sftpRootDir "\\\\" permitC2SForwarding true permitS2CForwarding true With connectRules { With ipRules { Clear CreateNewWithId 1 With New { ipRule.ip 0.0.0.0 ipRule.sigBits 0 portRangeRule.portFrom 1 portRangeRule.portTo 65535 desc "" With instr { allowConnect true targetHost "" targetPort 0 proxyProfile "Default" } } NewCommit } dnsNameRules.Clear } With listenRules { Clear CreateNewWithId 1 With New { ipRule.ip 0.0.0.0 ipRule.sigBits 0 portRangeRule.portFrom 0 portRangeRule.portTo 65535 desc "" With instr { allowListen true With acceptRules { With ipRules { Clear CreateNewWithId 1 With New { ipRule.ip 0.0.0.0 ipRule.sigBits 0 desc "" instr.allowConnect true } NewCommit } dnsNameRules.Clear } } } NewCommit } srvSideFwding.c2s.Clear srvSideFwding.s2c.Clear } NewCommit > access.winGroups.1.terminalShell "C:\\MyCustomShell\\MyCustomShell.exe" > access.winGroups.1.permitExecRequests false > access.winGroups.1.permitScp false > access.winGroups.1.permitSftp false > access.winGroups.1.permitC2SForwarding false > access.winGroups.1.permitS2CForwarding false > q access.winGroups.% Clear CreateNewWithId 1 With New { terminalShell "C:\\MyCustomShell\\MyCustomShell.exe" permitExecRequests false permitScp false permitSftp false permitC2SForwarding false permitS2CForwarding false } NewCommit > commit Saving new settings to registry. Import successful, WinSSHD signaled to reload settings. C:\Program Files\Bitvise WinSSHD>