Opening Bitvise SSH Server to the internet

Bitvise SSH Server is intended to run with minimal configuration after initial installation. However, when installed in a LAN environment, it will not immediately receive connections from the internet by default.

In order to open Bitvise SSH Server to the internet, other network components must first be configured. The most prominent such components are the firewall on the machine where the SSH server is running, and the router on the LAN to which this machine is attached.

Necessary preparation

Before you open Bitvise SSH Server to the internet, perform the following important steps:

  • Follow instructions in Connecting for the first time to make sure you are able to connect to the SSH server from 'localhost'; that is, that you can connect from a client running on the same machine where the SSH server is installed.
  • Follow instructions in Securing Bitvise SSH Server to lock down your settings to a degree where you are comfortable with them. After locking down your settings, use a client installed on the same machine to verify that everything is behaving the way you want.

Only when you are satisfied with the security of your settings, and when your settings work when connecting from 'localhost', open your SSH server to the internet by:

  • opening the Bitvise SSH Server listening port(s) in your firewall, and
  • configuring your router to forward internet connections to the machine where the SSH server runs.

Bitvise SSH Server (WinSSHD) 5.06 and later

Since version 5.06, you can configure Bitvise SSH Server to perform the above tasks automatically.

  • Open Bitvise SSH Server Easy settings. In the first tab (Server), change the setting "Open Windows Firewall" to "Open port(s) to any computer". This will automatically open your listening ports in your firewall when the SSH server is running.
  • On the same tab, enable the setting "Automatically configure router (requires UPnP)". This will automatically configure your router to forward internet connections to Bitvise SSH Server when it is running.

If you have other software or hardware firewalls in addition to the Windows firewall, you will have to configure those firewalls manually.

In order for UPnP NAT forwarding to work, your router must support the Universal Plug and Play standard. Most recent routers do. If yours does not, you will have to configure it manually, too.

WinSSHD 5.05 and earlier

WinSSHD versions prior to 5.06 do not support automatic configuration of the Windows firewall and of routers. For those versions, the Windows firewall and the router have to be configured manually.