Internet

FreeSSHd for Windows, set up an SSH and SFTP server easily

The installation wizard will ask us if we want to create the private keys for the SSH, click on “Yes” to create them automatically and without having to do anything else. It will also ask us if we want to use this program as a system service, we click on “Yes” so that it starts with the operating system, otherwise, we can click on “No”.

As you can see, downloading and installing this program is really simple. Now we are going to see all the configuration options that we have available in this complete program.

Configuration options

In the first menu of FreeSSDd we are going to find the state of the SSH and Telnet server, by default, the Telnet protocol is deactivated for security reasons, and we do not recommend activating it under any circumstances, you always have to use SSH because all traffic it is correctly encrypted and authenticated.

In the tab of «telnet» We can configure where we want the Telnet server to listen, the TCP port used, the maximum number of concurrent connections, the timeout in case no commands are sent, and also if we want to put a welcome message. Finally, we have the possibility to choose the shell, by default it is cmd.exe but we can also choose Powershell, in addition, we can enable Telnet at the beginning of the program.

In the tab of «SSH» is where we have everything related to the SSH protocol, we can make the following configurations:

  • listening direction: by default it is listening on all physical and virtual network interfaces, here we can choose that it only listens on a certain interface.
  • Port: by default the port is TCP 22, but we can change it to the port we want.
  • Maximum number of connections: if we leave it at 0 it means unlimited number of connections.
  • idle timeout: the time the server waits until the connection is cut if we do not exchange data, by default it is unlimited (0).
  • banner message: we can put a message for the SSH clients that connect to the server.
  • Command Shell: command console to use, by default it is cmd.exe although we can also use Powershell. Other options are to start the SSH server when we start freeSSHd.
  • keys: we can configure new cryptographic keys, be they RSA, DSA and also ECDSA if we want. The most recommended is to use the ECDSA keys that are the safest and fastest.

In the tab of «authentication» we have the location of the public cryptographic keys that will be exchanged with the clients, we also have the possibility to configure password-based authentication (disabled, allowed or required), in addition, we also have the possibility to configure public key authentication. In “encryption» we have the different ciphers that we allow for SSH clients, the safest thing is to use AES in any of its versions, we do not recommend using the rest of the symmetric encryption algorithms, because they are insecure or not secure enough for something as important as SSH protocol. In the section of “tunneling» We have the possibility of enabling local port forwarding and also remote port forwarding, this will allow us to make SSH tunnels, which is like a kind of VPN but using the SSH protocol instead of a virtual private network such as OpenVPN or Wireguard. In the “SFTP” menu is where we have the path of the folder that will appear when connecting with any SFTP client such as FileZilla.

User management is one of the most important aspects, in this case, in the «users» is where we can add, change or delete the different users that we have. When adding a new user, we have to enter the name, the type of authorization (NT authentication, password or public key for SSH only). We can also configure if we want the user to use the shell, use SFTP or Tunneling. Shell and SFTP permissions should generally be given, although optionally you can also do SSH tunnels.

In the section of “Host restrictions» we have the possibility to allow only the IP addresses that we have in the list, we can configure wildcard without problems. We can also configure the blacklist, all the IPs in the list will be automatically blocked. In the tab of «logging» We have the ability to configure the logs of the freeSSHd program, and we can even resolve IP addresses to hostnames to make it easier to read the logs. In the menu of «Online users» we have the possibility to see in real time which user or users are currently connected to the program’s SSH server.

Now that we have seen all the configuration options of the program, and we have created a user to connect locally or remotely to our computer with the SSH server, we are going to show you how to connect with the popular PuTTY program.

SSH and SFTP connection

PuTTY is one of the most popular and used programs for SSH client, Telnet client and even to connect to a router or switch by console. In our case, we have entered the private IP address of the computer where we have configured freeSSHd as a system service, we have also entered the port number, 22, the default port. We have had to configure the username and password, and provide “Shell” permissions and also “SFTP” permissions as we have explained previously.

When connecting, it will indicate that we must accept the public key, and that the key is not recognized because we have never connected, so we must be careful when accepting the key. Once accepted, we proceed to enter the username and password that we have previously registered in the program, once we connect, we will be able to see the terminal (cmd.exe) via SSH in our PuTTY client.

The process to connect via SFTP is similar, in this case we can use a program like WinSCP that supports the SCP and SFTP protocol, or use the popular FileZilla Client program that also supports SFTP. In this case, we enter the sftp://IP address, we put the username and password that we have previously created, the port number 22 and click on «Quick connection». Once we have connected, we can see the directory tree and proceed with the copy of the files.

As you have seen, the connection of an SSH and SFTP client to the server configured with FreeSSHd is very easy and fast, we will only need to configure certain parameters on the server so that the clients connect easily and without problems.

Related Articles

One Comment

  1. Could you expand on proper ingress and egress filtering within ssh? Are there certain non-default options that are recomended, or is this done with additional solutions?

Leave a Reply

Your email address will not be published.