What is a good SSH server to use on Windows? [closed]

ssh windows-server-2003

In my spare time I remotely support my wife's office via VPN into a Windows Server. I am about to purchase a wireless broadband service which doesn't support VPN.

I don't want to open up the remote desktop ports directly, and I would like to set up an SSH tunnel into the network, and if necessary then VPN over the top of that.

What is the best windows SSH Server implementation to use on a Windows 2003 Server, or should I just be using sshwindows?


I've been using FreeSSHd on my home Windows box, and have not run into any limitations. Highly recommended.


We've been using Bitvise WinSSHD for a few years now and have been very happy with it. It's free for "Non-Commercial/Personal" use, but even the for-pay version is not terribly expensive. It's nice because it's designed specifically for Windows and supports just about any type of authentication you would throw at it (AD, Kerberos, self-contained user db, etc). Installation and Upgrades are a breeze. Initial config has a nice GUI and I believe most of the config is also scriptable as well. Their site gives a more complete feature list.

*Edit: Looks like Bitvise decided to rename the product to Bitvise SSH Server


I have been evaluating KpyM SSH Server and it looks pretty good and is BSD-licensed with source. It is based on cryptlib fundementally and creates a Window Station for each session which is why it is one of the few open source SSH solutions that works correctly with PowerShell.

We have been using OpenSSH compiled for Interix/SFU/SUA for the last several years. The downside is that OpenSSH doesn't play all that nicely with PowerShell which is an annoyance and it requires the full POSIX subsystem from Services for Unix 3.5 or the Subsystem for Unix Applications (Win2k3 R2 and later).

Years ago we used to use Vandyke and it worked well.

Bitvise WinSSHD is very nice. Supports aes256 and aes128 out of the box. It is not open source but it is free (with AD integration crippled) for personal use and very reasonable $100 USD per server for commercial use. Can be configured to use powershell as the default shell and powershell works correctly. WinSSHD has very granular configuration per-account and per-group and per client IP and per client DNS. There are logon and logoff actions that can be configured per account or group. Supports OpenSSH public key files. Exposes an automation API. Write logs to the Windows event log and/or text file. Still has a small and light service process.


CopSSH is nice. It wraps a Cygwin OpenSSH in an installer and makes it very quick and easy to get things configured.


I would use the one from cygwin.

This is not directly answering your question, but I think that SSL is as secure as SSH and you could also use stunnel or socat ( http://www.dest-unreach.org/socat/ ) to open a certifacte-authenticated ssl-encrypted port for remote desktop. Socat would authenticate using ssl client certificates and forward the traffice towards the rdp port. On your machine you would do the same in reverse. The man page has samples for this and socat is available for windows

Related

Non-volatile cache RAID controllers: what kind of protection is there against NVCACHE failure?
Set root domain record to be a CNAME
In DNS can an IN NS point to a CNAME?
Is there a big difference between CentOS 6.4 to 6.2 and should I up/down-grade?
Why multiple PTR records in DNS is not recommended?
DNS just started resolving my server.prod addresses to 127.0.53.53
FTP and Apache permission issues
`sudo echo "bla" >> /etc/sysctl.conf` permission denied
Should I use IPv6 only or both IPv4 and IPv6 in my web server?
Find out which process is changing a file
Apache Default/Catch-All Virtual Host?
How can I determine what is taking up so much space? [duplicate]