Running Bitvise SSH Client as a Windows Service

It is possible to run a Windows program as a system service. The advantage of services is that they can be started at boot time independently of any logon session, and will continue to run as users log on and off of the machine.

Frequently users would like to run Bitvise SSH Client as a service so that its port forwarding features would come into effect as soon as the machine boots and remain active regardless of users logging on and off of the machine.

Bitvise SSH Client itself does not run as a service, but it can be encapsulated inside a program that enables this. A few such programs we're aware of are:

  • The srvany utility included with the Windows Resource Kits. Guidance to using the srvany utility can be found in the MS Knowledge Base.
  • FireDaemon. This may be easier to set up, and more powerful than srvany.
  • We have received suggestions for the Non-Sucking Service Manager by Iain Patterson.

Stnlc and the Log Utility

Bitvise SSH Client includes not only the graphical client, but a number of command line clients which can perform the same tasks. The command line client stnlc exposes static port forwarding, dynamic port forwarding, and FTP bridge functionality. For information about command line parameters supported by stnlc, run it as follows:

  C:\>stnlc -?

or as follows:

  C:\>stnlc -? | more

If you wish to set up Bitvise SSH Client to provide port forwarding or the FTP bridge as a service, we recommend using stnlc in combination with the log utility. In this case, the full command to execute might be as follows:

  log -scfx "C:\Client Logs\Stnlc" stnlc -profile=...

This will capture the client's output and store it in files in the specified location. The captured output will be useful in the event that you need to perform any diagnostics (which is likely!).

Host Key Verification

The most common issue when using Bitvise SSH Client non-interactively occurs when the client is run under a different Windows account than was previously used interactively, and the client has no way to verify the server's host key.

Verification of the server's host key is essential to the security of the SSH session, so this step cannot be skipped. There are a number of ways in which the SSH Client can be told what host keys the server might use that the Client can accept:

  • When you connect to the server interactively using the graphical SSH Client, and manually verify the server's host key, the SSH Client will store the host key in the Windows registry, but only for the currently logged on Windows user. All aspects of the SSH Client will then be able to connect to that server and trust that host key, as long as they are run in a Windows logon session belonging to the same Windows user.
  • A host key can also be stored in a Bitvise SSH Client profile, and will then be trusted for the server connected to with that profile, regardless of the Windows logon session in which the connection occurs. If you have a host key that is trusted in the Windows registry, and you want to copy it to a profile:
    1. Open the profile using the graphical Bitvise SSH Client.
    2. Open the Host key manager interface from the Login tab of the SSH Client.
    3. Find the host key, right click it, and select Copy to profile.
  • A host key or its fingerprint can be passed to any instance of the SSH Client - graphical or command line - using the following command line parameters:
    • -hostKeyFile=...: Specifies a file in which one or more host keys are stored.
    • -hostKeyBB=...: Specifies a Bubble-Babble hash of a host key to trust.
    • -hostKeyMd5=...: Specifies an MD5 hash of a host key to trust.