In Part1, we saw how to set up the SSH keys and convert them to PKCS#12 format to use that in SAP NWA. I also gave few links to find relevant applications and guide. The limitation pointed at the end of part 1 was that we never know what we have prepared and shared will work or not. So here is the much awaited Part2. This will let us set up a a SFTP server on our own windows system where we can put the public key and test out keys.
1. Install CYGWIN with SSH and SSL package (Choose Package)
Please follow the installation guide - Installing Cygwin/X
Choose create shortcut/terminal at desktop at the end.
2.
i) Create a folder which will be used as the root folder for sftp. I have created a folder named SFTP_ROOT in c:\
ii) Now create a user which will be used as the sftp user. Control Panel->Administrative Tools->Computer management->Local User and groups
iii) In case the windows system doesn't have above options available (Windows 8 and 10 few versions), then you can create a normal local account.
Create a local user account in Windows 10 - Windows Help -
iv) now create a folder inside SFTP_ROOT with same name as of the sftpuser (sftpuser01 in my case).
3. Go to desktop->Cygwin Terminal->Right click and choose "Run as administrator"
4. Once you have the terminal opened, navigate to C:/cygwin64 (the directory where cygwin is installed), then navigate to /etc folder. Please check if there is any file named "group" and "password" is available or not.
In my case (generally) there are no files with name group or password. So I will create these 2 files first.
5. So now we will create the group and passwd file. In the cygwin terminal type following commands
mkgroup > /etc/group
mkpasswd -cl > /etc/passwd
Now again navigate to /etc folder to check whether it has the files now?
6. Now we need to do the following in cygwin terminal
export CYGWIN='ntsec tty'
chmod +rw /etc/group
chmod +rw /etc/passwd
chmod 0755 /var
ssh-host-config
Answers to the questions for ssh-host-config
---------------------------------------------------------------------------------
1) should strictmodes be used? no
2) Should privilege separation be used? yes
3) New local account 'sshd'? yes
4) do you want to install sshd as a service? yes
5) Enter the value of CYGWIN daemon? sshd
6) do you want to use a different name? no
7) Create a new privileged user account 'cyg_server'? no
8) do you want to proceed anyway? yes
7. we have installed "sshd" as a service. No we can go to windows DOS and type following
net start sshd ( this will start windows service)
to check whether any SFTP is enabled or not just type NETSTAT -a command in DOS (command prompt) and see if any port 22 is active?
8. Now we need to edit the FSTAB file to point it to our root SFTP_ROOT directory
C:/cygwin64/etc/fstab
add a new line to fstab and add following entries to the file
C:/cygwin64 / ntfs override,binary,noacl 0 0
C:/SFTP_ROOT /home ntfs override,binary,noacl 0 0
C:/cygwin64/bin /usr/bin ntfs override,binary,noacl 0 0
C:/cygwin64/lib /usr/lib ntfs override,binary,noacl 0 0
C:/cygwin64/etc/terminfo /usr/share/terminfo ntfs override,binary,noacl 0 0
none /cygdrive cygdrive binary,posix=0,user,noacl 0 0
9. now let us go to the WINSCP and try logging in to the sftp location using username and password
as it is the first login a window pop-up will ask for the trusting the site with the fingerprint. This shows winscp is able to reach the sftp server
10. Now the task left is configuring private and public key to enable KEY based login. Now this is the time you refer PART-1.
so you need to go to your root folder SFTP_ROOT/sftpuser01. You need create a directory .ssh using command prompt, as you can't normally create a directory starting with . (dot) in windows
11. Now go inside .ssh directory and create a file "authorized_keys" ( it should not have extension). Open this file with notepad/notepad++
12. Open the public key we created in PART-1 for ssh to be given to SFTP server team and copy the content and paste it to authorized_keys
Paste the content to authorized_keys file in .ssh folder and save. Now all you need to do is set up winscp server with the PPK private key as already demonstrated in PART-1
13. Now we can test the above with WINSCP. The procedure to test is already explained in part1.
The link for testing can also be reffered here - SFTP - Login to SFTP Server without Password using CygWin OpenSSH Public Key Private Key Pair - YouTube
Hope this entire content of Part1 and Part2 is useful to the audience.