copssh, WinScp, Tunnelier, Etc.

[desktop user]

Hey All,

I am seeking a secure way to share files with other computers. I was
directed to copssh and WinScp or Tunnelier.

I'm having a couple of issues. First, the copssh service which
appears to have been installed does not match that as stated during
the copssh installation. The service I have is Openssh SSHD but during
installation it said it would be SvcCopSSH or something like that.

Second, OK, I've installed copssh... now what? I looked through
documentation but I see nothing regarding ports, passwords, etc. that
specifically tells me what I'm supposed to do (i.e. use the machine's IP
address? Network username & password, etc.)?

Third, with the WinScp documentation, it's similar. It doesn't tell
you where these credentials are to come from.

The above said, where does one obtain the IP address / Host name for use
with
the client application, what credentials are required, where do the
credentials come from?

Lastly, it is also not clear what file folders are available?

Thanks,


TC

 

[Sooner Al [MVP]]

Hey All,

I am seeking a secure way to share files with other computers. I was
directed to copssh and WinScp or Tunnelier.

I'm having a couple of issues. First, the copssh service which
appears to have been installed does not match that as stated during
the copssh installation. The service I have is Openssh SSHD but
during
installation it said it would be SvcCopSSH or something like that.

Second, OK, I've installed copssh... now what? I looked through
documentation but I see nothing regarding ports, passwords, etc. that
specifically tells me what I'm supposed to do (i.e. use the machine's
IP address? Network username & password, etc.)?

Third, with the WinScp documentation, it's similar. It doesn't tell
you where these credentials are to come from.

The above said, where does one obtain the IP address / Host name for
use with
the client application, what credentials are required, where do the
credentials come from?

Lastly, it is also not clear what file folders are available?

Thanks,


TC

Openssh SSHD is the correct service. SvcCopSSH is the top level user
that owns copSSH created by the copSSH installer.

SSH uses TCP Port 22 as the default. That can be changed my modifying
the etc\sshd_config file in the Port parameter. You need to make sure
any firewall or router the SSH server PC is behind has TCP Port 22
open/forwarded. If you change the default port that change also needs to
be made in the firewall/router.

When you install copSSH you need to activate users. Go to Start ->
Programs -> All Programs -> copSSH and select activate a user. The
initial login credentials will the the windows user ID and password. I
am presuming your in a small work group environment. The login ID and
password work for WinSCP, Tunnelier or any other SSH client.

You call the SSH server from a remote location using the public IP of
the PC if its connected directly to the internet or the public IP of any
firewall or router. You can get that by going to
http://www.whatismyip.com from any PC on your LAN. Its best, however, to
use a free dynamic naming service like No-IP.com or DYNDns to assign a
fully qualified domain name [FQDN] to your ISP assigned IP. The way it
works is you run a small program on your SSH server. The program
contacts the No-IP.com or DYNDns or similar service servers on a time
scheduled basis. The servers then know what your current IP is and maps
that to your chosen FQDN. That is then propagated to other name servers
on the internet. You call home using the FQDN, ie. your.alias.dyndns for
example. Note that some routers include built-in support for No-IP.com
and DYNDns. Check the documentation.

Basically all folders on the SSH server will be available although that
can be modified.

I suggest testing the basic login and operation over your local LAN, ie.
client PC to the server, using the private static LAN IP of the server.
This will let you troubleshoot login issues, etc.

http://theillustratednetwork.mvps.org/Vista/PPTP/BasicVPNTest.html

Once you know that works you can test port forwarding with the
http://www.canyouseeme.org site. Test for TCP Port 22. If the test
passes you should be able to go to a remote location and access your SSH
server.

Here is the WinSCP documentation pages. They should be pretty self
explanatory...

http://winscp.net/eng/docs/start

copSSH and WinSCP forums for a lot of help...

http://www.itefix.no/i2/forum/35
http://winscp.net/forum/index.php

Lastly once you get this all working with a password from a remote
location you might consider tightning security of the SSH server.

http://theillustratednetwork.mvps.org/Ssh/SecureYourcopSSHServer-Vista.html

--

Al Jarvi (MS-MVP Windows - Desktop User Experience)

Please post *ALL* questions and replies to the news group for the
mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...
How to ask a question
http://support.microsoft.com/KB/555375

 

[Shenan Stanley]

I am seeking a secure way to share files with other computers. I
was directed to copssh and WinScp or Tunnelier.

I'm having a couple of issues. First, the copssh service which
appears to have been installed does not match that as stated during
the copssh installation. The service I have is Openssh SSHD but
during installation it said it would be SvcCopSSH or something like
that.
Second, OK, I've installed copssh... now what? I looked through
documentation but I see nothing regarding ports, passwords, etc.
that specifically tells me what I'm supposed to do (i.e. use the
machine's IP address? Network username & password, etc.)?

Third, with the WinScp documentation, it's similar. It doesn't tell
you where these credentials are to come from.

The above said, where does one obtain the IP address / Host name
for use with
the client application, what credentials are required, where do the
credentials come from?

Lastly, it is also not clear what file folders are available?

Still don't want to state specifically what it is you are trying to do? I'd
have to guess an illegitimate software site at this point... ? Would
explain the hesitance in explaining the purpose and the change in name for a
new posting.

Does RoadRunner (in your area/for your service) allow transfers over some
ports? Are you trying to set it up so you can use the ports they do allow?

copssh is an ssh server and client implementation for windows systems. As a
server, it just allows you - with some configuration of another app - to
(more) securely do whatever it was you were trying to do before. (FTP,
Remote Desktop, file transfer, etc) It gets its information from the
machine it is running on and the setup you do on it (from reading up on it.)

WinSCP/Tunnelier <- Clients. You get the IP from the site you are trying to
connect to and the credentials (username/password) from the management of
the site.

Are these the instructions you are trying to follow?
http://theillustratednetwork.mvps.org/Ssh/RemoteDesktopSSH.html

You do realize you are now securing the computers for Remote Desktop (only
available in the 'professionally oriented' Windows OSes.) not just for file
transfers (although - the Remote Desktop implentation *is* encrypted,
possibly vulnerable to a man-in-the-middle attack without the extra
protection above, although NLA (Vista and above) eliminates the possibility
of that problem fairly well - so it seems...)

 

[desktop user]

To be completely honest, I changed the name for this post in an effort to
avoid and your condescending remarks.

Why bother responding to a newsgroup if you're main goal is to rip someone a
new one?

Actually, I stated quite clearly what I wanted to do... perhaps you should
take to the time to actually read the entire post and let it sink in:

To reiterate:

am seeking a secure way to share files with other computers.

I'm not sure how much more clear I can be than the above!!!

Anyway, thanks for the condescension. It was just what I was looking for
and just what I needed.

 

[desktop user]

Thanks Al, I try this. Might be more trouble than it's worth to me at this
point.

Hey All,

I am seeking a secure way to share files with other computers. I was
directed to copssh and WinScp or Tunnelier.

I'm having a couple of issues. First, the copssh service which
appears to have been installed does not match that as stated during
the copssh installation. The service I have is Openssh SSHD but during
installation it said it would be SvcCopSSH or something like that.

Second, OK, I've installed copssh... now what? I looked through
documentation but I see nothing regarding ports, passwords, etc. that
specifically tells me what I'm supposed to do (i.e. use the machine's IP
address? Network username & password, etc.)?

Third, with the WinScp documentation, it's similar. It doesn't tell
you where these credentials are to come from.

The above said, where does one obtain the IP address / Host name for use
with
the client application, what credentials are required, where do the
credentials come from?

Lastly, it is also not clear what file folders are available?

Thanks,


TC

Openssh SSHD is the correct service. SvcCopSSH is the top level user that
owns copSSH created by the copSSH installer.

SSH uses TCP Port 22 as the default. That can be changed my modifying the
etc\sshd_config file in the Port parameter. You need to make sure any
firewall or router the SSH server PC is behind has TCP Port 22
open/forwarded. If you change the default port that change also needs to
be made in the firewall/router.

When you install copSSH you need to activate users. Go to Start ->
Programs -> All Programs -> copSSH and select activate a user. The initial
login credentials will the the windows user ID and password. I am
presuming your in a small work group environment. The login ID and
password work for WinSCP, Tunnelier or any other SSH client.

You call the SSH server from a remote location using the public IP of the
PC if its connected directly to the internet or the public IP of any
firewall or router. You can get that by going to http://www.whatismyip.com
from any PC on your LAN. Its best, however, to use a free dynamic naming
service like No-IP.com or DYNDns to assign a fully qualified domain name
[FQDN] to your ISP assigned IP. The way it works is you run a small
program on your SSH server. The program contacts the No-IP.com or DYNDns
or similar service servers on a time scheduled basis. The servers then
know what your current IP is and maps that to your chosen FQDN. That is
then propagated to other name servers on the internet. You call home using
the FQDN, ie. your.alias.dyndns for example. Note that some routers
include built-in support for No-IP.com and DYNDns. Check the
documentation.

Basically all folders on the SSH server will be available although that
can be modified.

I suggest testing the basic login and operation over your local LAN, ie.
client PC to the server, using the private static LAN IP of the server.
This will let you troubleshoot login issues, etc.

http://theillustratednetwork.mvps.org/Vista/PPTP/BasicVPNTest.html

Once you know that works you can test port forwarding with the
http://www.canyouseeme.org site. Test for TCP Port 22. If the test passes
you should be able to go to a remote location and access your SSH server.

Here is the WinSCP documentation pages. They should be pretty self
explanatory...

http://winscp.net/eng/docs/start

copSSH and WinSCP forums for a lot of help...

http://www.itefix.no/i2/forum/35
http://winscp.net/forum/index.php

Lastly once you get this all working with a password from a remote
location you might consider tightning security of the SSH server.

http://theillustratednetwork.mvps.org/Ssh/SecureYourcopSSHServer-Vista.html

--

Al Jarvi (MS-MVP Windows - Desktop User Experience)

Please post *ALL* questions and replies to the news group for the
mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...
How to ask a question
http://support.microsoft.com/KB/555375

 

[Shenan Stanley]

I am seeking a secure way to share files with other computers. I
was directed to copssh and WinScp or Tunnelier.

I'm having a couple of issues. First, the copssh service which
appears to have been installed does not match that as stated during
the copssh installation. The service I have is Openssh SSHD but
during installation it said it would be SvcCopSSH or something like
that.
Second, OK, I've installed copssh... now what? I looked through
documentation but I see nothing regarding ports, passwords, etc.
that specifically tells me what I'm supposed to do (i.e. use the
machine's IP address? Network username & password, etc.)?

Third, with the WinScp documentation, it's similar. It doesn't tell
you where these credentials are to come from.

The above said, where does one obtain the IP address / Host name
for use with
the client application, what credentials are required, where do the
credentials come from?

Lastly, it is also not clear what file folders are available?

Still don't want to state specifically what it is you are trying to
do? I'd have to guess an illegitimate software site at this
point... ? Would explain the hesitance in explaining the purpose
and the change in name for a new posting.

Does RoadRunner (in your area/for your service) allow transfers
over some ports? Are you trying to set it up so you can use the
ports they do allow?
copssh is an ssh server and client implementation for windows
systems. As a server, it just allows you - with some configuration
of another app - to (more) securely do whatever it was you were
trying to do before. (FTP, Remote Desktop, file transfer, etc) It
gets its information from the machine it is running on and the
setup you do on it (from reading up on it.)
WinSCP/Tunnelier <- Clients. You get the IP from the site you are
trying to connect to and the credentials (username/password) from
the management of the site.

Are these the instructions you are trying to follow?
http://theillustratednetwork.mvps.org/Ssh/RemoteDesktopSSH.html

You do realize you are now securing the computers for Remote
Desktop (only available in the 'professionally oriented' Windows
OSes.) not just for file transfers (although - the Remote Desktop
implentation *is* encrypted, possibly vulnerable to a
man-in-the-middle attack without the extra protection above,
although NLA (Vista and above) eliminates the possibility of that
problem fairly well - so it seems...)

To be completely honest, I changed the name for this post in an
effort to avoid and your condescending remarks.

Why bother responding to a newsgroup if you're main goal is to rip
someone a new one?

Actually, I stated quite clearly what I wanted to do... perhaps you
should take to the time to actually read the entire post and let it
sink in:
To reiterate:

am seeking a secure way to share files with other computers.

I'm not sure how much more clear I can be than the above!!!

Anyway, thanks for the condescension. It was just what I was
looking for and just what I needed.

Not condescending at all. If you feel that way, so be it. I still say...

I asked an honest question and yet you still avoid it. I do not understand
your avoidance of a simple question. Your answer (as I pointed out before)
is incomplete. If you provide adequate information on what specifically you
are trying to accomplish - someone here will be more likely to assist you.

- What type of files are you trying to share with other computers?
- Is there a need for extra security?
- Will those accessing said files be technologically savvy or just normal
users of technology?
- Does the file transfer go both ways and with both ways having full/partial
control of the file/folder system you choose?

The situation dictates the best way to do it. In general - I find that
putting things on the web and then sending people a link to the page (with
them having an account with a password) to be the most efficient way to
transfer files to someone. It puts more control in the hands of the person
I am sending the files to and frees up more of my time since I only have
to transfer said files to the location once. It is a similar idea to FTP -
but
done correctly on a site using SSL - much more secure and for many
non-computer-literate people, much simpler.

What I am transferring and to whom makes a huge difference in the 'best way'
to do things. A file that I want to stay private/secure? A picture I could
care less if everyone in the world saw? My grandparents versus my
computer-savvy friends? To many people or to a select few? Do I have
access to the resources I would need to use the 'best way'?

If I need two-way capabilities - I have used FTP in the past, but there are
many
web-based solutions as well. There are even web sites that allow you to put
up files and share them for anyone or just those that have the account
information... Some free.

If you are just trying to send files between friends/family - and it is just
a few files - likely IM file transfer will be fine. If you are sending DoD
documents - likely it won't be. If you are remotely controlling a PC and
need to get files to it - the better remote software has encrypted ways to
do this. If you are sharing pictures - use something like Picasa. You can
send a decent sized email via GMail...

What is it, again, you are attempting to do?

I cannot be more clear than that. I am simply trying to help you help
yourself.

 

[desktop user]

What was it again I was trying to do?

Uhhh... offer the ability to share files remotely in a secure way.

I guess, for whatever reason, you need an explanation of this need.

It is for business purposes and has to do with documents which pertain to
legal issues.

Is that specific enough for you?

Is that the "big secret" you were looking to be revealed?

On my end, I still understand why the below from my original post wasn't
clear enough for you:

I am seeking a secure way to share files with other computers

No, I don't need security to share family photo albums. However, if I felt
there was a "need for extra security", I don't think that any further
explanation should be required.

 

[Sooner Al [MVP]]

Thanks Al, I try this. Might be more trouble than it's worth to me at
this point.

You might also look at using the build-in PPTP VPN functionality in XP
or Vista. Its probably a bit easier to setup and use. See these pages...

Vista server and client help...

http://theillustratednetwork.mvps.org/Vista/PPTP/PPTPVPN.html

XP server and client help...

http://www.onecomputerguy.com/networking/xp_vpn_server.htm
http://www.onecomputerguy.com/networking/xp_vpn.htm

If the server is behind a firewall or router you need to forward/open
TCP Port 1723 and be able to pass GRE Protocol 47 traffic. The latter is
sometimes called "PPTP Pass Through" or "VPN Pass Through" depending on
the manufacturer. Sometimes GRE Protocol 47 traffic is automatically
passed with TCP Port 1723 is opened. That's the case with my Belkin
router and the built-in Windows Firewall in Vista and XP.

You call using the public IP of the firewall/router/server PC or use a
FQDN as I mentioned earlier.

The downside to this is...

1. A Vista or XP desktop acting as PPTP VPN server will only allow one
incoming VPN connection at a time.
2. GRE Protocol 47 traffic can be problematic on many consumer grade
routers. You can test this using the "PPTP Ping" and "VPN Traffic"
sections on this page.

http://www.microsoft.com/technet/community/columns/cableguy/cg0105.mspx

In all cases use a strong password for your users...

http://www.microsoft.com/protect/yourself/password/checker.mspx

A third party solution like Hamachi may also work for you. Its free and
many folks like it. I have never used it so as always YMMV...

https://secure.logmein.com/products/hamachi/vpn.asp?lang=en

Good luck...

--

Al Jarvi (MS-MVP Windows - Desktop User Experience)

Please post *ALL* questions and replies to the news group for the
mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...
How to ask a question
http://support.microsoft.com/KB/555375

 

[Shenan Stanley]

<snipped>

What was it again I was trying to do?

Uhhh... offer the ability to share files remotely in a secure way.

I guess, for whatever reason, you need an explanation of this need.

It is for business purposes and has to do with documents which
pertain to legal issues.

Is that specific enough for you?

Is that the "big secret" you were looking to be revealed?

On my end, I still understand why the below from my original post
wasn't clear enough for you:

I am seeking a secure way to share files with other computers

No, I don't need security to share family photo albums. However,
if I felt there was a "need for extra security", I don't think that
any further explanation should be required.

How unfortunate for you that you are not the only person on the planet, eh?
That way, what you think would be the only thing that mattered and how well
you explain what you think would not matter to anyone but you. ;-)

You are looking for a way to share files with other people using computers
and the Internet as your medium in as secure of a fashion as possible
because the data you will be sharing is valuable to you in some way.

I still don't know if your plan is just for those people you are sharing
with to be able to put files on your computer or if you are just allowing
them to grab files from your computer (sharing is a bit ambiguous in the
computer world.) Since you are reticent and a very defensive person about
sharing (which makes this sort of ironic) - I will assume you want to allow
some people to log onto something and be able to put files and get files,
others to just be able to log on and get files and possibly even other that
can only put files up.

Given what I know now and seeing how you thought perhaps Sooner Al's
original suggestion may be 'over the top' - how about setting up your FTP as
someone suggested in the other thread (I am unsure if you are still
monitoring it.)

http://lifehacker.com/339887/build-a-home-ftp-server-with-filezilla

It does not tell you how to secure it - but it does allude to how you would
do it. However - to help you out...

You download it from here:
http://filezilla-project.org/
Specifically, given what you have:
https://www.ohloh.net/projects/filezilla/download?filename=FileZilla_Server-0_9_29.exe

Once you have it downloaded, you install it by running the
"FileZilla_Server-0_9_29.exe" file.

- You will need to agree to the License Agreement.
- I suggest (at a minimum) leaving "FileZilla Server (Service)",
"Administration interface" and "Start Menu Shortcuts" checked.
- Probably fine leaving the installation directory at default for your
system.
- Here you have a choice to make based on your needs. If you want this FTP
site up 24/7 (whenever your computer is on/connected to the Internet) then I
suggest the "Install as service, started with Windows" default choice. If
you want a little more security (it will only be up when you choose to turn
it on - not leaving an active port/service on your machine all the time) -
choose "Install as service, started manually".
- I would suggest changing the default admin interface port (but leaving it
between 10000-20000 is fine) for security reasons (why have the same setup
as everyone else so they know your administration interface port...?)
- Another choice... If yo want to be bothered/reminded that you have this
installed each time you log into your computer as any iser, leave it at the
default of "Start if user logs on, apply to all users". If you only want
the current user to see that, choose "Start if user logs on, apply only to
current user". If you want full control and no bother/reminder - choose
"Start manually".
- Finish the install.

If you left the other defaults not mentioned checked, it will start up with
a "Connect to Server" dialogue box. Your server address can be entered on
this machine as 127.0.0.1 or localhost. The port is whatever you set the
port to above (default of 14127). You have not assigned a password yet -
that is blank.

Once connected, you should likely put in a password for the administration
interface - first thing. To do this, click on the menu option labeled
"Edit" and the sub-menu option labeled "Settings". From the left side of
choices, select "Admin Interface Settings". Check the box for "Change admin
password" and type in a password of your choosing twice. Click "OK" on the
bottom left area of the options window. This will close the window and send
the password settings.

From that point on, you should look into the settings/faqs yourself (the
first link does explain some things about user/group creation and
management - and pretty much that is all there is to an FTP other than
creating the directory structure the users/groups see and use.

Only you know your needs and abilities. It can be setup as a secure FTP
site and if your ISP blocks the use of Port 21, you can even change the
listening port. Some forwarding may have to be setup if you are behind a
NAT router - on the NAT router itself (or Passive FTP at least.)

Some documentation here:
http://wiki.filezilla-project.org/Documentation

There are many options, but not knowing what you are going for - the
instructions would include a LOT of extraneous information without a doubt.

Good luck!