atbas logo


Basic Apps and Software

 wSSH: Configuration

All the settings can now be done using the new wSSHadmin GUI. Besides the settings it will also show the last logging and connection stats and it will allow you to start/stop the service.  

Of course you still can manally set the setting in the ini files : All global settings are defined in wSSH.ini User defined settings will overrule the global settings. Default it will use the following settings (in wSSH.ini) : - Bind IP to (all adapters) - Deny all host connections, except from localhost ( - Deny all ssh logins, except user test (defined in the config directory) - Deny all sftp,scp and portforward requests - User test (password test) is granted access

Namethe service name which is used, defaults to wSSH
Descriptionsome description
ConfigDirDirectory where user and host settings are kept, also the private key of the server is there generated.
Saltkeyoptional encryption key to use for private keys or user password instead of the default.
BindIPTo which adapter to bind the server, = all adapters
Port Port to use, default 22
Timeout Optional session timeout
ShellCmd default SSH shell command, default C:\WINDOWS\System32\cmd.exe
AllowHost(0 or 1) if hostconnections are allowed, if 0 no host connection is allowed unless in the configdir there is a file host_<ip>.allow
If 2 only the first successfull connect, a host_<ip>.allow will be created and AllowHost will be set to 0
If 1 all host are allowed, unless there is a file host_<ip>.deny
If 0 all host are denied , unless there is a file host_<ip>.allow
AutoDenyHost((0 or 1) if enabled and an authentication fails, a file host_<ip>.deny is created
AllowedUsersOnly(0 or 1) If password logins are allowed, allow only users which are defined (a user_<user>.ini file in the config directory)
MaxLoginAttemptsDefault 2 tries if password logins are enabled
AllowPasswordAllow password logins, if 0 password logins are denied and only public keys are accepted.
AllowPublicKey(0 or 1) allow public key authentication
GSSAPI(0 or 1) Enable GSSAPI authentication
NTAuthentication0 or 1 Use NT authentication for password check If used, the shell is started with the user credentials
UserDomainUse this domain with the NTauthentication check
FIPSPath to a valid openssl libeay32.dll file
Log Each letter defined the kind of messages which are logged:
E=Errors W=warnings A=Login access F=login failures I=information D=debug messages
LogEvent(0 or 1) log to application event log
LogFile(0 or 1) log to logfile, if 1 and no logfile specified, it goes to stdout
LogFileNamefile for logmessages
AllowShell(0 or 1) allow shell access
AllowExec(0 or 1) allow user to execute commands
AllowSFTP(0 or 1) allow sftp connections
AllowSCP(0 or 1) allow scp connections
SFTPDirrootdir for sftp/scp connections, user cannot go to parent directory
SFTPupload(0 or 1) allow file uploads
SFTPdownload(0 or 1) allow file downloads
SFTPdeletefile(0 or 1) allow file deletes
SFTPrenamefile(0 or 1) allow file renames
SFTPlistdir(0 or 1) allow directory listings
SFTPmakedir(0 or 1) allow creation of directories
SFTPdeletedir(0 or 1) allow directory deletion
AllowTunnel(0 or 1) Allow tunneling
LocalPort=0(0 or 1) Allow local port forwarding
RemotePort=0(0 or 1) Allow remote port forwarding

In this file in the config directory you can overrule the global settings.
Name user name
Domain overrules the server setting
NTauthentication overrules the server setting
Password plain text password or encrypted password(SHA1 + SALT).
On 1st connect the plain text password is replaced by the encrypted password.
The encrypted password are portable accross systems as long as the same Saltkey is used.
HomeDirUsers homedirectory
Pathuse this as PATH environment
All named settings are checked and overrule the global settings
All named settings are checked and overrule the global settings
All named settings are checked and overrule the global settings
If you allow local or remote tunneling in the config file, still all connections are denied.
Only when you add filterrule files, you will be allowed to setup a tunnel
tunnel_any_local_any.allow           - allow tunnel to all local ports
tunnel_any_local_<port>.allow        - allow tunnel to local <port>
tunnel_<remip>_local_<port>.allow    - allow tunnel to local <port> from <remip>

tunnel_any_<ip>_any.allow            - allow tunnel to <ip>  all ports
tunnel_any_<ip>_<port>.allow         - allow tunnel to <ip>  <port>
tunnel_<remip>_any_<port>.allow      - allow tunnel to anyip <port> from <remip>
tunnel_<remip>_<ip>_<port>.allow     - allow tunnel to <ip>  <port> from <remip>