Home
About us
Products
     sshlib
     The 'log' utility
     WinSSHD and Tunnelier
          WinSSHD
               Users' guide
               Usage FAQ
               Activation FAQ
               History
               Pricing
               License
          Tunnelier
               Portable
               FTP bridge
               History
               Pricing
               License
          Screenshots
          Download
          Notifications
          Security
          Large scale
          Purchase
               Reseller list
               Reseller policy
               Affiliate program
          Customers
How-tos and tutorials
     About SSH
     SSH Features
     How the internet works
     Using WinSSHD for SFTP
     Port forwarding guide
     Tunnel Remote Desktop
     Tunnel Windows shares
     Tunnel WinVNC
     Tunnelier as service
Work at Bitvise
Contact

Frequently Asked Questions about Using WinSSHD

If you have a problem using WinSSHD - and even if you don't - you should first become comfortable with the WinSSHD event log. Unless you configured WinSSHD for minimum logging output, WinSSHD writes extensive information about its activity in the Application section of the Windows Event Log, and can also be configured to write to a textual log file. You can browse events logged to the Windows Event Log using the WinSSHD Control Panel, or remotely using Tunnelier. Whenever you have a problem, the Windows Event Log (or the WinSSHD log file, if configured) are the first place you should look.

Getting It Up and Running

Q10. After I install WinSSHD, what do I need to configure before I can start using it?

Nothing. Just start the WinSSHD service and it will work. Use one of your existing Windows account names and passwords to log on. In most cases, the default WinSSHD settings are alright and do not need to be changed.

Q11. How do I log in to a Windows domain account?

Specify the username in the standard domain, backslash, account format - for example, 'company\john' - or with a fully qualified name, for example 'john@company.com'.

Q11B. How do I log in to a Windows domain account without having to specify a fully qualified username?

The 'Domain order' setting in WinSSHD Settings is provided for this purpose. Configure an entry specifying the domain name where you would like WinSSHD to start looking up unqualified usernames. You can configure multiple such domain names.

Q12. What client software can I use to connect to WinSSHD?

You can use any client program that supports the SSH2 protocol. There are multiple types of SSH clients, including terminal session clients, file transfer clients, port forwarding clients, command execution clients, and they come in all sorts of combinations. If your client machine runs Windows, you can use our Tunnelier client for most purposes. Tunnelier offers an excellent terminal console, port forwarding support, as well as an FTP bridge and advanced file transfer capabilities. Also available for Windows is PuTTY, which includes SSH file transfer programs 'pscp' and 'psftp'. On Unix platforms, the OpenSSH package is freely available and provides the 'ssh' program for terminal sessions and port forwarding, as well as 'scp' and 'sftp' for file transfers.

Q13. I cannot start the WinSSHD service, and the Event Log says 'error 10048 during operation bind'. What should I do?

Error 10048 indicates that another application is already listening on the port you have configured for WinSSHD. The default port is 22, and this port is used as default by all SSH servers. Most probably, you already have another SSH server running on your machine, and that server is occupying port 22. You either need to shutdown the other SSH server, or configure WinSSHD to listen on a different port.

Q14. I can only log in with an administrator account - attempting to log in with a regular account fails.

There are two most common causes.

  • You are trying to log in with an account configured in WinSSHD to use the 'interactive' logon type, but this account does not have the Windows permission to log on locally. On domain controllers, this permission is not granted to regular users by default and must be enabled in the Domain Controller Security Policy.
  • You have successfully logged in with an account configured in WinSSHD to use the 'network' logon type, or you logged in using GSSAPI (Kerberos or NTLM) authentication, but starting the terminal shell failed with an Access Denied error. This is because default filesystem permissions on some Windows 2003 servers grant access to cmd.exe and other command line tools only to 'interactive' users. Switch this user or group in WinSSHD to use the 'interactive' logon type, or modify filesystem permissions for cmd.exe and other command-line tools to allow execution by users logged in with the 'network' logon type.

For more information, please read the Network vs. interactive logon section in the WinSSHD Users' Guide.

Q15. I'm trying to get some SSH client to work with WinSSHD. However, the session gets terminated immediately after connecting, and the WinSSHD event log tells me: 'Unable to create child process: Access is denied.' What is going on?

In order to provide SFTP, SCP, terminal shell, or exec request functionality, WinSSHD must have permission from Windows to execute a child process in the name of the user. You have probably configured your machine in such a way that, when the user logs in and WinSSHD starts impersonating that user, WinSSHD loses permission to execute the necessary child processes. In order to use SFTP, you must configure your machine so that the remote user will be able to execute 'sshdexec.exe' and 'sftps.exe'. In order to use SCP, the files are 'sshdexec.exe' and 'scp.exe'; for VT100 and xterm terminal sessions, 'sshdexec.exe', 'toterm.exe', and 'cmd.exe' (or whatever command processor you are using); for bvterm console sessions, 'sshdexec.exe', 'bvterms.exe', and 'cmd.exe'; and for exec requests, 'sshdexec.exe', plus, of course, whatever programs you want the user to be able to execute. Read and execute access is also required to the dynamic load libraries that programs use - in particular, system libraries which reside in the \Windows and \Windows\System32 directories.

File Transfer Issues

Q20. How do I get WinSCP to work with WinSSHD?

The latest WinSCP versions work fine in SFTP mode. Older WinSCP versions that only support SCP can also be made to work if you install the Cygwin bash shell and Cygwin's SCP, configure the bash shell to be used in WinSSHD, and move WinSSHD's scp.exe out of the way. However, it is much easier to simply use the latest version of WinSCP and toggle the setting to make it talk SFTP.

Q21. I configured an SFTP Root Directory, but when I try to connect using an SFTP client, I get an error message. What am I doing wrong?

In WinSSHD 4.06 and earlier, the account with which you are connecting needs read access not only to the SFTP Root Directory itself, but also to the parent of the SFTP root directory. If read permissions on the parent directory cannot be granted, move the SFTP root directory a further level lower and grant read permissions on the new parent directory.

In WinSSHD 4.06a and later, read access to the parent of the SFTP Root Directory is not required any more.

Q22. What is the difference between SCP and SFTP?

SCP and SFTP are two different file transfer protocols. SFTP is well-documented and standardized, while SCP is an ad-hoc adaptation of the Unix utility 'rcp'. SFTP is launched by the client opening a session channel and requesting the 'sftp' subsystem. SCP is launched by the client explicitly instructing the server to execute the server-side SCP component (scp.exe) via an SSH exec request.

We recommend that customers use SFTP; this is better standardized, better implemented, and is 'the' file transfer protocol to use with modern SSH servers.

Public Key Authentication

Q30. Someone wants to use public key authentication to log into the WinSSHD server that I am administering. They have already sent me their public key file. How do I tell WinSSHD to use the public key file when that user logs in?

Open WinSSHD Settings and go to Access Control > Windows accounts (or Virtual accounts if this is a virtual user). If an entry for this user is not already present, you need to add one. For Windows accounts, the name of the entry must match the Windows username that will be used when logging in. Now, click Edit to open the account entry in a new window, and click the 'Public keys' link. A key management window will open which you can use to import the public key.

If you are using one of the later WinSSHD 3.xx versions, the name of the link is '0 Keys' or 'n Keys'.

If using WinSSHD 4, please also read this page in the WinSSHD Users' Guide for important information about how WinSSHD account and group settings work.

Q31. I am unable to import a user's public key within the WinSSHD user key management window. I keep getting a dialog box telling me that the public key could not be imported. What could be the problem?

It is most likely that the public key you are trying to import is not in the right format. It might be an SSH1 public key file instead of an SSH2 key, or it might be something entirely alien. The formats supported by WinSSHD are the standard SSH2 public key format, and the OpenSSH SSH2 public key format. The OpenSSH SSH1 public key format is different and incompatible with SSH2.

Q32. I set up my account for public key authentication, but the next time I tried to log in, I still got asked for a password. Why?

When you enable public key authentication for an account and configure a public key, WinSSHD needs to cache the password so that later you can log in with just the public key. There are two ways for WinSSHD to get the password: either you enter it yourself in WinSSHD Control Panel > Settings > Password cache for Windows usernames, or using the wcfg utility; or WinSSHD gets it from the SSH client. If there's no password in the cache on your first login attempt after you set up public key authentication, WinSSHD will ask you for a password - even if your client already authenticated successfully using a public key. If you supply a valid password, WinSSHD will cache it, and subsequently, or until it changes, you will not be asked to enter it again.

Q33. How do I set up public key authentication with Tunnelier?

Generate a keypair in Tunnelier's User Keypair Manager. Use the Export button to export the public key in standard SSH2 format. Transfer the resulting file onto the WinSSHD machine. Follow the instructions in Q30 (above) to import the public key into WinSSHD. In Tunnelier, configure the Login : Authentication : Initial Method setting so that Tunnelier will use your generated user keypair for authentication. You can also save your Tunnelier settings into a profile for convenience. You will now be able to connect with public key authentication.

Account Settings

Q40. How do WinSSHD account settings work?

Please read this page in the WinSSHD Users' Guide for this important explanation.

Q43. How can I limit a user so that they cannot access files outside of a certain directory?

The answer depends on what sort of access you have in mind. If shell access (or remote execution in general), jailing a user is possible only through Windows file system permissions. On the other hand, if what you have in mind is SFTP access, you can limit the user by configuring an SFTP Root Directory. If you are configuring an SFTP Root Directory and are using a WinSSHD version prior to 4.06a, see Q21. Also relevant is Q22.

Usage

Q51. How can a user change their password remotely?

Beginning with version 4.01, WinSSHD supports changing a Windows account password during SSH user authentication by using a client that supports this feature, such as Tunnelier (also starting with version 4).

Additionally, beginning with version 3.31, WinSSHD comes with a 'bvPwd' utility which allows any user to change their password if they know what it currently is. The utility can be found in the WinSSHD installation directory; run it with 'bvPwd -h' for help. Additionally, administrators can use the 'net user' command intrinsic to Windows to change any user's password - type 'net help user' in a Command Prompt for help.

Passwords for WinSSHD virtual accounts cannot be changed by the virtual account user, but can be changed by an administrator in WinSSHD Settings orusing wcfg.

Contacting Support

Q. I read the entire FAQ, but it didn't help me solve my problem. What do I do?

Visit our discussion groups. Use the search function to see if your issue has been raised in the past. If not, feel free to post a support query in the appropriate forum, in which you describe your problem in as detailed manner aspossible. The more information you supply, the greater the chance of a swift and effective resolution.

Purchasing WinSSHD

Make the Purchase

WinSSHD License Terms

WinSSHD Pricing

Choosing a Reseller

Reseller Policy

Becoming an Affiliate

General SSH Information

What is SSH?

SSH Features

Port forwarding guide

How-Tos and Tutorials

How the internet works

Using WinSSHD for SFTP

Port forwarding guide

Tunnel Remote Desktop

Tunnel Windows shares

Tunnel WinVNC

Try out Tunnelier!

Tunnelier is a friendly and flexible SSH client for Windows which includes state of the art terminal emulation, graphical as well as command-line SFTP support, an FTP-to-SFTP bridge, powerful tunneling features, and also remote administration for WinSSHD. Free for individual use!


This website is Copyright © 2001-2008 by Bitvise Limited. All rights reserved.
Unauthorized copying or distribution of any part or whole is prohibited.