All the settings can now be done using the new wSSHadmin GUI.
Besides the settings it will also show the last logging and connection stats
and it will allow you to start/stop the service.
Of course you still can manally set the setting in the ini files :
All global settings are defined in wSSH.ini
User defined settings will overrule the global settings.
Default it will use the following settings (in wSSH.ini) :
- Bind IP to 0.0.0.0 (all adapters)
- Deny all host connections, except from localhost (127.0.0.1)
- Deny all ssh logins, except user test (defined in the config directory)
- Deny all sftp,scp and portforward requests
- User test (password test) is granted access
| [Service] |
|---|
| Name | the service name which is used, defaults to wSSH |
| Description | some description |
| |
| [Server] |
|---|
| ConfigDir | Directory where user and host settings are kept, also the private key of the server is there generated. |
| Saltkey | optional encryption key to use for private keys or user password instead of the default. |
| BindIP | To which adapter to bind the server, 0.0.0.0 = all adapters |
| Port | Port to use, default 22 |
| Timeout | Optional session timeout |
| ShellCmd | default SSH shell command, default C:\WINDOWS\System32\cmd.exe |
| AllowHost | (0 or 1) if hostconnections are allowed, if 0 no host connection is allowed unless in the configdir there is a file host_<ip>.allow
If 2 only the first successfull connect, a host_<ip>.allow will be created and AllowHost will be set to 0
If 1 all host are allowed, unless there is a file host_<ip>.deny
If 0 all host are denied , unless there is a file host_<ip>.allow |
| AutoDenyHost | ((0 or 1) if enabled and an authentication fails, a file host_<ip>.deny is created
|
| AllowedUsersOnly | (0 or 1) If password logins are allowed, allow only users which are defined (a user_<user>.ini file in the config directory) |
| MaxLoginAttempts | Default 2 tries if password logins are enabled |
| AllowPassword | Allow password logins, if 0 password logins are denied and only public keys are accepted. |
| AllowPublicKey | (0 or 1) allow public key authentication |
| GSSAPI | (0 or 1) Enable GSSAPI authentication |
| NTAuthentication | 0 or 1 Use NT authentication for password check
If used, the shell is started with the user credentials |
| UserDomain | Use this domain with the NTauthentication check |
| FIPS | Path to a valid openssl libeay32.dll file |
| |
| [Logging] |
|---|
| Log | Each letter defined the kind of messages which are logged:
E=Errors W=warnings A=Login access F=login failures I=information D=debug messages |
| LogEvent | (0 or 1) log to application event log |
| LogFile | (0 or 1) log to logfile, if 1 and no logfile specified, it goes to stdout |
| LogFileName | file for logmessages |
| |
| [SSH] |
|---|
| AllowShell | (0 or 1) allow shell access |
| AllowExec | (0 or 1) allow user to execute commands |
| |
| [SFTP] |
|---|
| AllowSFTP | (0 or 1) allow sftp connections |
| AllowSCP | (0 or 1) allow scp connections |
| SFTPDir | rootdir for sftp/scp connections, user cannot go to parent directory |
| SFTPupload | (0 or 1) allow file uploads |
| SFTPdownload | (0 or 1) allow file downloads |
| SFTPdeletefile | (0 or 1) allow file deletes |
| SFTPrenamefile | (0 or 1) allow file renames |
| SFTPlistdir | (0 or 1) allow directory listings |
| SFTPmakedir | (0 or 1) allow creation of directories |
| SFTPdeletedir | (0 or 1) allow directory deletion |
| |
| [Tunnel] |
|---|
| AllowTunnel | (0 or 1) Allow tunneling |
| LocalPort=0 | (0 or 1) Allow local port forwarding |
| RemotePort=0 | (0 or 1) Allow remote port forwarding |
