Skip to main content

How do I configure SSH tunneling in a Windows Server environment?

Christa Mason
Updated

Complete the following steps for this process:

  1. Install Open SSH on Windows Server (2019 or later or 2016 and earlier)
  2. Configure SSH Server
  3. Configure Firewall Rules
  4. SQL Login Setup

Install OpenSSH on Windows Server 2019 and later

Open Install and configure OpenSSH in Windows and follow the instructions

Install OpenSSH on Windows Server 2016 and earlier

Install and configure OpenSSH in Windows 

  1. Download OpenSSH-Win64 from https://github.com/PowerShell/Win32-OpenSSH/releases
  2. Extract to C:\Program Files (the zip file contains an “OpenSSH-Win64” folder)
  3. Open PowerShell using “Run as administrator”
  4. Run the following commands in PowerShell
    1. setx PATH "$env:path;C:\Program Files\OpenSSH-Win64" -m
    2. cd "C:\Program Files\OpenSSH-Win64"
    3. .\install-sshd.ps1
    4. Set-Service sshd -StartupType Automatic; Set-Service ssh-agent -StartupType Automatic; Start-Service sshd; Start-Service ssh-agent
  5. If you have Windows Firewall enabled, add a firewall rule to allow SSH on port 22

Configure SSH Server

  1. Update sshd_config_default and %ProgramData%\ssh\sshd_config
    1. Uncomment the “AllowTcpForwarding” setting and change to “AllowTcpForwarding yes”
  2. Stop the “OpenSSH Authentication Agent” Windows service
  3. Stop the  “OpenSSH SSH Server” Windows services
  4. Terminate any existing sshd processes via Task Manager 
    1. NOTE: sshd processes stay open if there are active connections
  5. Start the “OpenSSH SSH Server” Windows service
  6. Add "aiwyn" SSH user with a strong password (Windows user account)
    1. A "standard user" is all that is needed.
  7. Ensure the SSH user's password is set to not expire. Failure to do so will result in a database disconnection when the password expires. 

Configure Firewall Rules

  1. Allow port 22 or whichever port has been configured for SSH access from Aiwyn in firewall for SSH Server (Aiwyn IP Address: 35.245.176.176)
  2. Allow port "X" from SSH server to your database server
    1. If using the default SQL Server port, this would be 1433
    2. If using a named instance (ie sqlprod\STAR), the port can be discovered through the SQL Server Configuration Manager tool

OpenSSH SSH Server Windows Service Recovery (optional)

The Windows services can be configured to restart the service upon failure and with some PowerShell scripting can also alert you to a failure.

Here is an example of using PowerShell and the Recovery options to alert when a Windows service fails.

https://www.techcartnow.com/windows-service-setting-recovery-options-sending-alert-email-in-case-of-service-failure-using-powershell-script/

Troubleshooting OpenSSH Server Connectivity Issues

The OpenSSH event logs can be viewed using Windows Event Viewer.  The logs are located in “Applications and Services Logs” > “OpenSSH” > “Operational”.

SQL Login Setup

The creation of a read-only SQL authentication based user is required. This SQL user will be used by Aiwyn's translation engine to pull in your data to our systems. Review SQL login setup for additional details.

 

Related articles