Secure Shell / Copy (SSH/SCP) Shell for Windows -- RunSCP Version 2

Introduction

This is Version 2.  The original documentation and product generated too many support emails.  This version uses the latest version of Cygwin.  The immediate benefit of the latest Cygwin code is that users' keys can be stored on the server so they don't have to keep entering their passwords.

Standard FTP transmits both data and passwords unencrypted over the Internet.  Anyone with a packet sniffer can easily see your passwords and data.  Therefore it is desirable to replace or augment FTP with secure technology.

Today, the most popular encryption technology is SSH which stands for secure shell.  SSH uses public key encryption.  SSH encrypts all data, including passwords.

Several applications are built on top of SSH.  One such application is SCP, which stands for "secure copy."  SCP allows files to be transferred files the Internet securely.

SSH servers that run on UNIX support SCP by default.  There is no magic there.  However, Windows is another story.

Cygwin, a free software package, supports both SSH and SCP.  However, users that have SCP access also have shell access which means they have free roam of the computer.  Only file permissions can restrict users' activities, and as many a hacker has proven, file permissions can be easily subverted, usually by taking advantage of administrators' mistakes.

Therefore, the world needs a restrictive SSH server that only allows SCP clients to connect to it.  Hence RunSCP.

If you made it this far, you're probably interested in a free solution.  If something sounds too good to be true, it probably is. 

• See the Caveats section below
• VanDyke's vShell is a great commercial alternative (as an sftp server)

License

All content and software located at http://devguy.com/fp/cfgmgmt and subdirectories thereof is (c) DevGuy.com, 1999-2002.  No software or content may be redistributed without permission from DevGuy.com.

The software herein may be used for any purpose by end-users free of charge.

THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE DEVGUY SSH SHELL FOR WINDOWS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

DevGuy's Dedicated SCP Shell, RunSCP

The software contained herein was written to be implement a dedicated SCP server on Windows.  This "dedicated" SCP server has the following behavior:

1. Restricts the list of users that can connect to the server via an XML configuration file.  Having an account in the passwd file is not enough to gain access.
2. Only supports two commands on the server:  ls and scp (list of commands is actually configurable via XML document)
3. Interactive shell is not permitted
4. Restricts file access to the user's home directory as specified in the passwd file.  Spelunking through the file system is not allowed.
5. Logs usage and errors to the NT Event Log, for administrators
6. Sends email confirmation of success and failure to users (via SMTP) [Optional]

These restrictions can be lowered in order for the server to behave similarly to a regular shell.  See below.

Are My Passwords Safe?

Yes - passwords are encrypted.  Passwords are always checked against the domain or workgroup, not against the /etc/passwd file.  Using key encryption is advised because sending unencrypted public keys across the Internet (e.g., via email) does not compromise security.

Is My Data Safe?

Yes - data is also encrypted.

How Many Bits Do the Keys Have?

1024 -- this is strong encryption.

Does SCP Translate Linefeed Characters?

No -- scp uses a binary copy only.

Related Software

• A command-line scp client for windows is available here. 
• A gui client is available here.
• The PuTTY software suite is excellent.

Requirements

Installation Instructions for DevGuy's SCP Server

The installation programs contained herein require Microsoft Installer 2.0.  The setup programs will install Microsoft Installer 2.0 if it is not present.  If Microsoft Installer 2.0 is not yet installed, Terminal Services must be in Remote administration mode rather than Application server mode.  Before installing anything it is advised that you create an Emergency Repair Disk.  Failure to heed all of this advice can result in a hosed machine that must be reformatted.  In no circumstances shall DevGuy be held liable for any damage to your machine made directly or indirectly by the installation programs.

1. Install MSI 2.0
2. Install at least the CYGWIN "minimal install"
3. Install CYGWIN OpenSSH server
   I recommend you not use fixperms.sh
   I've had plenty of grief installing this.  My recommendation is to follow the instructions carefully, especially rebooting immediately after changing the CYGWIN environment variable.  Otherwise you will likely hose your CYGWIN installation and you will have to start over.
4. Contact SSH-L if you have questions regarding the general CYGWIN and SSH installation.  I will not answer these types of questions.  Sorry, but I am not an expert.
5. Run the RunSCP setup
   YOU MUST INSTALL TO C:\SCP.  Sorry.
6. You may need to reboot
7. Copy c:/scp/runscp.exe to your CYGWIN bin directory
8. Add authorized users to c:\scp\users.xml
<SCP>
<Users>
<!-- Note: name and domain are lowercase -->
<User name='joe' domain='mydomain'/>
</Users>
</SCP>

The name and domain must be lowercase.  Local accounts should put the SSH host name in the domain attribute.
   
   I recommend you use XML Cooktop to edit this file, and be sure to click the checkmark icon in the toolbar to validate the file after you're done editing it.

9. Alter /etc/passwd for each SCP user.  Modify the last field and set it to /bin/runscp

Example:
   
   Guest:This_field_is_not_used_by_cygwin_on_nt/2000/xp:10501
   :10514:,S-1-5-21-1473792200-1033194076-1846952604-501
   :/home/Guest:/bin/bash

If you want to alter the user's "home" directory, change the next-to-last entry in the passwd file.  You can use any drive on the machine as long as you use CYGWIN's naming convention.  For example, f:\foo is /cygdrive/f/foo

Logging

The SCP logs various entries to the event log under the name DevGuy.  It also writes to the files c:\devguy.xml and c:\devguy.txt.  Generally entries are written to the TXT file only when writing to the XML file fails.

1. When an incoming request comes in, it logs the request
2. The user that connected
3. The command that was executed
4. Any errors that occurred

Caveats

1. Use DSA keys instead of RSA keys.  DSA keys seem to work on more platforms.
2. The SSHd service seems to crash often and needs to be stopped and restarted.
3. We have had problems where RSA keys generated on Linux don't work with the Cygwin SSH server.  The server still prompts for a password.
4. Some scp clients want to use the sftp protocol.  RunSCP only works if scp clients issue "scp" to the server via SSH.  SSH-1 scp clients seem to issue the scp command, but SSH-2 scp clients seem to use sftp.  The -S ssh argument to scp doesn't help either.  This pretty much renders RunSSH useless.
5. There is a bug in Cygwin's sshd which causes RunSCP to run under the SYSTEM user account when only key authentication is used.  This does not occur when password authentication is used.  This means you have to add domain="nt authority" user="system" in the users.xml file, which means any user in the passwd file can run RunSCP, and there is no way to send confirmation emails to the appropriate email address.

There is an email thread that discusses this issue.

How Do I Turn the Server Restrictions Off?

"I want users to be able to use SSH and SCP unrestricted."

First, you can alter /etc/passwd to run /bin/bash instead of runscp which will drop the user into a console.

Another option is to extend the number of allowed commands by modifying c:\scp\users.xml.

You can turn off all checks (command and path) by adding the attribute checkCommand='false' to the <User> element.

The following example allows 'ls', 'scp', and 'mkdir' :

<SCP>
<Commands>
<Command name='ls'/>
<Command name='scp'/>
<Command name='mkdir'/>
</Commands>
</SCP>

You can turn off the path restrictions for a particular command by adding the attribute checkCommand='false' to the <Command> element.

Unfortunately, there is currently no association between users and commands.

Testing

Put pscp.exe in your path.

Run:
   pscp -pw your_password -ls user@server:.
  pscp -pw your_password file_to_copy user@server:.
  pscp -pw your_password user@server:file_to_copy

Support

• Contact SSH-L if you have questions regarding the CYGWIN and SSH installation.

An unmoderated mailing list is available for questions, feedback, and support.  The mailing list's addresses are not sold to anyone and the list is not spammed by advertisers.  Click here to subscribe or unsubscribe

Limitations

The current release of the popular client pscp is limited to 2GB files.  Other clients and Cygwin's OpenSSH port may have similar limitations.

License

This software is public domain.

RunSCP.MSI contains free software that can be used for any purpose and redistributed free of charge.  It has been made available with the hope that it is useful, but it comes with no warranty of any kind.  Use at your own risk.  DevGuy is not responsible for any damage caused directly or indirectly by this software.

Please refer to the Cygwin license for further restrictions and copyrights.  RunSCP and its installation program contains no Cygwin artifacts.

Release Notes

(c) 2001 DevGuy.com