SSHing into a Windows Server on Amazon’s EC2
What looked at first like a simple task – turned out to cost me hours of trial and error.
Some of the problems I’ve encountered:
- Cygwin’s SSHd, OpenSSH and CopSSH all work great on Windows EC2 instances. Until you try to bundle an instance. After you launch a bundled instance – the SSHd service wouldn’t run, because of permissions problems – and throws weird error messages in the different logs.
- It turned out that Sysprep was responsible for this – mangling the permissions of the SSHd users.
- Turning Sysprep off as suggested in some places sounds like a recipe for problems down the road.
- Couldn’t find the source code of an SSHd implemented in Java, and FreeSSHd. Wouldn’t be smart to use closed-source applications for this, security wise…
- Couldn’t find any other SSHd client, or a full solution for this specific problem.
I Googled everywhere, until I assembled the solution which consists of:
- Installing Cygwin’s SSHd (thank you LifeHacker).
- AutoExNT service is used to run a batch file right after the machine’s launch (Thank you Microsoft).
- Update_Cygwin solved the permissions problem (Thank you VCL).
So, the steps to SSH into a Windows machine on Amazon EC2 are these:
- Install Cygwin, make sure you include the OpenSSH package.
- chmod +r /etc/passwd
- chmod +r /etc/group
- chmod 755 /var
- ssh-host-config
- Choose root as the name of the privileged account.
- Copy your public key into the authorized_keys file of the account you’d like to log-in with.
- Install the AutoExNT service.
- Run the update_cygwin script right after each instance launch.
- Don’t forget to open the SSH port on the security group of the instance.
I still don’t understand:
- How come Windows doesn’t come pre-configured with an SSHd service. What do people use in order to administer Windows Server machines? Unsecure Telnet? Do they all use Remote Desktop for this?? Very weird…
- How come there’s no solution for this already on Amazon EC2 forums? Saw lots of people run into this problem, and it seems like pretty basic stuff. I guess that Windows Server administration still isn’t that popular…
Thanks for everybody on the forum that saved me valuable time getting this problem behind me…
Now for the real work 🙂
15 thoughts on “SSHing into a Windows Server on Amazon’s EC2”
I spent some time yesterday SSHing my niece.
She’s eight months old and gets cranky if she doesn’t get her nap time.
Does the Green Party Meymad know you’ve associated their logo with your occult geekish texts?
Cheers,
Mike
🙂
Looks like The Resource Kit is not supported on 64bit platforms. Any alternatives to AutoExNT ?
Have you looked at PuTTY and WinSCP?
I use both of them as clients, what was challenging is to install an SSH server that could accept their connections on the EC2 machines…
Thanks for this writeup. Big help.
I can’t believe it requires so many manual steps (click, turn off IE warning, click again, turn off another IE warning, repeat ad nauseum) to be able to make an AMI that whose sshd works!
Update: we decided to abandon SSHding into machines, we had too many problems with cygwin – probably it’s still not ready for production in virtualized machines.
Update 2: Instead of autoexnt we now use group policy to auto start applications on machine
That update_cygwin script does a lot of stuff, making me suspect is is brittle. We went the AutoExNT route suggested above but found a much simpler implementation: we use AutoExNT to run ssh-host-config at startup if the service isn’t already running. A
Why do not use you WinRm? In my opinion, winrm is good solution to this situation.
Thanks so much- searched everywhere to figure this stuff out, wish you page come up earlier!
You forgot to mention that you have to enable port 22 on the windows instance firewall advanced settings. THAT took me 2 hours to figure out. –Noob
Oops, sorry to hear that, that’s what I meant when I wrote “Don’t forget to open the SSH port on the security group of the instance”…
During the process, it gives me “The RPC server is unavailable” message.
I opened port 22, started RPC service on this remote machine. Do I need to restart the machine? Is it even a good idea to restart it?
Seems like while configuring Cygwin on windows EC2 remote instance for SSHing, I am giving wrong domain name in the command mkpasswd -l [-d] > /etc/passwd
I set root as my username and used that as value for [-d]. I guess its wrong. Could anybody t
You can simply add a free tier linux machine on the same subnet.
And through that, you can have access to your entire subnet by using ssh port forwarding feature.