Build and installation instructions for the NoMachine OpenSSH Win32 Port

https://www.nomachine.com/AR01J00621

Although it should be possible to build with Visual C++ 2005 and SDK Platform for Windows XP or later, the following instructions refer to compiling the NoMachine OpenSSH portable version with MingW under a Cygwin environment.

Build instructions for openssh-5.9p1-win32-2 and later versions

STEP 1: Prepare the Cygwin environment

1. Download the Cygwin installer from www.cygwin.com

2. Launch the Cygwin installer, and ensure that packages listed below are selected as ‘install’:

devel/mingw-*
devel/mingw64-*
perl/*
devel/make: GNU Tool
devel/autoconf
devel/autoconf-2.69-2

See REFERENCE VERSIONS below for the detailed list of packages used for reference build.

STEP 2: Compile

Build with Cygwin 32-bit

1. Ensure that are you using correct mingw32 toolchain. You must have administrative rights.

To do that, create symbolic links:

/bin/i686-pc-mingw32-* |-> /bin/*

or run the /scripts/set-mingw32.sh script from the Cygwin /bin directory

2. Prepare the 32-bit libssl.a and libcrypto.a libraries and the openssl headers.

These libraries are used by 32-bit openssh and 32-bit ssh-lsa.

– Download OpenSSL sources from http://www.openssl.org/source/.

Version used as reference build is openssl-1.0.1e.

– Compile sources by running:

$./Configure mingw
$make

3. Prepare 32-bit libz.a and zlib.dll.

– Download ZLIB sources from http://www.zlib.net

Version used as reference build is 1.2.8.

– Compile sources by running:

make -f win32/Makefile.gcc

4. Build 32-bit OpenSSH:

Run the following commands under a Cygwin shell in the openssh directory:

$autoreconf

$./configure –build=i686-pc-mingw32
–host=i686-pc-mingw32
–with-ssl-dir=
–with-zlib=
–with-kerberos5

where is a directory where openssl sources are extracted and is a directory where zlib sources are extracted

$cat config.h.tail >> config.h

Build one of SSH family tool:

Run:

$make

where is any of the OpenSSH tools ported to Win32.

sftp.exe available starting from openssh-5.9p1-win32
ssh-agent.exe available starting from openssh-4.7p1-win32
ssh-add.exe available starting from openssh-4.7p1-win32
ssh-keygen.exe available starting from openssh-4.7p1-win32
sftp-server.exe available starting from openssh-4.7p1-win32
ssh.exe
sshd.exe

4. Build 32-bit ssh-lsa for native RSA/DSA key authorization

Move to contribwin32win32compatlsa directory and run:

$export LIBSSL_PATH=”/home/nars/openssl-1.0.1e”

$make -f Makefile.mingw32

– This command should produce the 32-bit ssh-lsa.dll file.

Build with Cygwin 64-bit

1. Build 32-bit openssl, zlib and openssh following 1-4 steps from 32-bit instruction. OpenSSH tools are always 32-bit.

2. Ensure that you are using correct mingw64 toolchain. You must have administrative rights.

To do that you must create symbolic links:

/bin/x86_64-w64-mingw32-* |-> /bin/*

or run /scripts/set-mingw64.sh from the Cygwin /bin directory.

3. Prepare the 64-bit libssl.a and libcrypto.a libraries and the openssl headers. These libraries are used by 64-bit ssh-lsa.

– Move clean OpenSSL sources into another directory, e.g. openssl-64.

– Compile sources by running:

$./Configure mingw64
$make

4. Build 64-bit ssh-lsa for native RSA/DSA key authorization

– Move to contribwin32win32compatlsa directory and run:

$export LIBSSL_PATH=”/home/nars/openssl-1.0.1e”

$make -f Makefile.mingw32

– This command should produce 64-bit ssh-lsa.dll file.

STEP 3 – Install ssh-lsa on system where sshd server is running

– Copy the ssh-lsa.dll to the %WINDIR%/System32 directory.

IMPORTANT NOTE:

If your Windows is at 64-bit, be sure that you use a 64-bit file manager to copy ssh-lsa.dll, otherwise this dll will be not visible on the 64-bit OS.

For example:

– Drag and drop file using Windows explorer.

Or:

– Run copy ssh-lsa.dll c:/windows/system32 under a cmd.exe console.

– Then, by using the regedit tool, add ‘ssh-lsa’ string to the end of the registry key below:

HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/Lsa/Authentication Packages

Reboot the machine.

REFERENCE VERSIONS

CYGWIN PACKAGES

13-1 Devel/autoconf: Wrapper for autoconf command

2.13-12 Devel/autoconf2.1: Stable version of the automatic configure builder

2.69-2 Devel/autoconf2.5: An extensible package of m4 macros shell scripts
to automatically configure software code packages

2.23.51-1 Devel/binutils: The GNU assembler, linker and binary utilites
4.8.2-1 Devel/libgcc1: GCC C runtime library
4.8.2-1 Devel/libssp0: GCC Stack-smashing Protection runtime library
4.8.2-1 Devel/libstdc++6: GCC C++ runtime library
4.0-2 Devel/make: The GNU version of ‘make’ utility
2.23.1-1 Devel/mingw-binutils: Bintutils for MinGW.org win32 toolchain (util)

4.7.3-1 Devel/mingw-gcc-core
4.7.3-1 Devel/mingw-gcc-g++
4.7.3-1 Devel/mingw-gcc-obj

20110507-2 Devel/mingw-pthreads: Libpthread for MinGW.org

4.0-1 Devel/mingw-runtime: MinGW.org MSVC & compiler runtime header and libraries
4.0-1 Devel/mingw-w32api

2.22.52-1 Devel/mingw64-i686-binutils
4.7.3-1 Devel/mingw64-i686-gcc-core
4.7.3-1 Devel/mingw64-i686-gcc-g++
3.0.0-1 Devel/mingw64-i686-headers
20100619-5 Devel/mingw64-i686-pthreads
3.0.0-1 Devel/mingw64-i686-runtime
3.0b_svn5935-1 Devel/mingw64-winpthreads

2.22.52-1 Devel/mingw64-x86_64-binutils
4.7.3-1 Devel/mingw64-x86_64-gcc
4.7.3-1 Devel/mingw64-x86_64-core
4.7.3-1 Devel/mingw64-x86_64-g++
3.0.0-1 Devel/mingw64-x86_64-headers
20100619-5 Devel/mingw64-x86_64-pthreads
3.0.0-1 Devel/mingw64-x86_64-runtime
3.0b-svn5935-1 Devel/mingw64-x86_64-winpthreads

5.14.2-3 Perl/perl

OpenSSL

openssl-1.0.1e

ZLIB

zlib-1.2.8

BUILD INSTRUCTIONS FOR EARLIER VERSIONS

These instructions are provided as it is for earlier version of the OpenSSH port to Windows. We strongly suggest to always use the most recent version made available on our web site.

Build instructions for openssh-5.9p1-win32-1

Prepare the build environment

Download the newest OpenSSL library.
Compile and install OpenSSL by running the following commands in the OpenSSL root directory:

$ ./Configure mingw
$ make
$ make install

Download the newest zlib library.
Compile zlib by running the following commands in the zlib root directory:

$ make -f win32/Makefile.gcc

Build OpenSSH

Run the following commands under a cygwin shell:

$export CPPFLAGS=”-mno-cygwin -I$PWD/openbsd-compat -I$PWD/contrib/win32/win32compat/includes -I$PWD/libkrb”

$autoreconf

Run configure with options listed below:

* –build=i686-pc-mingw32
* –host=i686-pc-mingw32
* –with-ssl-dir=/usr/local/ssl
* –with-kerberos5
* –with-zlib=../zlib-1.2.8

Run command:

$cat config.h.tail >> config.h

Build one of SSH family tool

Run:

$make

where is any of OpenSSH tools ported to Win32.

Tool available starting from openssh-5.9p1-win32:

sftp.exe

Tools available starting from openssh-4.7p1-win32:

ssh-agent.exe
ssh-add.exe
ssh-keygen.exe
sftp-server.exe

Build ssh-lsa for native RSA/DSA key authorization

Move to contribwin32win32compatlsa directory and run:

$make -f Makefile.mingw32

or:

$make -f Makefile.mingw64

depending on system architecture, where sshd server will be installed.

Install ssh-lsa on system where sshd server is running

Copy the ssh-lsa.dll to the %WINDIR%/System32 directory.

By using the regedit tool, add ‘ssh-lsa’ string to the end of the registry key below:

HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/Lsa/Authentication Packages

Reboot the machine.

Build instructions for openssh-4.7p1-win32, openssh-4.7p1-win32-1, openssh-5.4p1-win32 and openssh-5.9p1-win32

Download OpenSSH portable for native Win32 from the NoMachine web site.

Compile OpenSSH portable for native Win32 by running the following commands in the ssh root directory:
$ export CPPFLAGS=”-mno-cygwin -I$PWD/openbsd-compat -I
$ PWD/contrib/win32/win32compat/includes”
$ export LDFLAGS=”-mno-cygwin”
$ autoreconf
$ ./configure –build=i686-pc-mingw32 –host=i686-pc-mingw32
–with-ssl-dir=/usr/local/ssl –with-zlib=../zlib-1.2.4
$ cat config.h.tail >> config.h
$ make

where is any of OpenSSH tools ported to Win32.

Tool available starting from openssh-5.9p1-win32:
– sftp.exe

Tools available starting from openssh-4.7p1-win32:
– ssh-agent.exe
– ssh-add.exe
– ssh-keygen.exe
– sftp-server.exe

Tools available starting from openssh-4.7p1-win32:
– ssh.exe
– sshd.exe

How to enable Kerberos support in the SSH client

Download and install latest MIT Kerberos For Windows from:

http://web.mit.edu/kerberos/dist/index.html

Run the OpenSSH configure including the following command:

$ ./configure –with-kerberos5=
–build=i686-pc-mingw32 –host=i686-pc-mingw32
–with-ssl-dir=/usr/local/ssl –with-zlib=../zlib-1.2.4

where is the ‘inc’ (include) directory for Kerberos 5 support, available inside the installation on Windows. E.g.: “C:Program FilesKfWinckrb5”

Install and use the SSH Client and Server

Copy the ssh.exe and sshd.exe executable files to the installation directory.

The ssh client should be ready to work, while further operations are needed to get the ssh server up and running:

Copy the sshd_config file from source directory to installation directory and change ‘UsePrivilegeSeparation’ from ‘yes’ to ‘no’.

Generate the SSH keys pairs by using the ssh-keygen tool. Copy the generated keys, namely ssh_host_rsa_key and ssh_host_dsa_key to the installation directory.

Execute the sshd server:

$ sshd -r

Note: the user who executes the sshd daemon requires some additional privileges to be set:

SeCreateTokenPrivilege
SeAssignPrimaryTokenPrivilege
SeServiceLogonRight
SeIncreaseQuotaPrivilege
SeTcbPrivilege
SeImpersonatePrivilege