Jun 09 2009

SSH Server on Windows Server 2008 Core

Published by under Security,Windows

I’ve been playing around (in my copious free time 😉 ) with other methods of connecting to and managing Server 2008 Core. One of the things I’ve wanted to do was to be able to SSH directly to Server 2008 Core and have the same command line capability as I do on the console. To that end I did a quick search for similar work and found the following article at TechRepublic about installing an SSH server in Windows 2008. The difference that I wanted to do was to install it in Server Core rather than the full-blown version of 2008.

Like David Davis over at TechRepublic I decided to start with FreeSSHd as my SSH server. The first thing I needed to do was to get it onto the Server Core VM. Rather than downloading it to my desktop and then transferring it to the Server Core VM I decided that would rather download it directly to the Server Core machine. In order to do that I needed wget that would run on Windows. I used the wget binary I downloaded (to my desktop) from Bart Puype in Belgium. Once I copied wget to C:\Windows\System32 I used it download the FreeSSHd.exe binary from FreeSSHd.com.

To install freesshd, just run the freesshd.exe program and it will start up the install wizard. A couple of items to note — on Server Core do not bother with creating a Start Menu item for FreeSSHd and don’t bother with creating a desktop icon either. One of the problems that I encountered when I installed FreeSSHd on Server Core was that I could not configure the SSH server since the task bar icon did not appear on the right (as should be the case since there is no task bar in Server 2008 Core). To configure FreeSSHd I had to edit the freesshdservice.ini file in the C:\Program Files\freesshd directory (the default location for the installation).

A small point to note. Server 2008 Core’s firewall is on by default (even if it’s a domain joined machine) and the policy is to block all inbound connection attempts but to allow outbound connections. After installing FreeSSHd I needed to modify the firewall and decided to use netsh to do so. The command I used was

netsh advfirewall firewall add rule name="SSHd" dir=in action=allow protocol=TCP localport=22

Very simple…I love netsh 🙂
Another problem I ran into was getting the NT authentication to work. I did manage to get the password authentication working but I wanted to tie the FreeSSHd server into the Windows authentication. I’m still not 100% sure as to where the problem lies with the NT authentication integration and will investigate it further.

One of the biggest drawbacks to FreeSSHd is that there is very little (re: almost none) documentation that covers the freesshdservice.ini file. You need to read the forums over at freesshd.com in order to get a sense of what the settings are for the file and what specific changes to the file cause in the overall operation of the server. I hope to get that put together and posted here this summer as I think others will find it useful.

To get the password authentication working I installed FreeSSHd on a Windows Server 2003 system and then created the users I wanted there and copied over the relevant portions of the freesshdservice.ini file to the one on the Server 2008 Core VM. Then, to restart the service I would just issue the commands: net stop freesshdservice and net start freesshdservice and I was good to go. As you can see from the last capture in the gallery below I was able to connect to the server and log in using the account I had created on the Server 2003 system and copied over to the freesshdservice.ini file on the Server 2008 Core VM.

In the future I’m going to try some of the other freely available SSH servers and see if they provide an easier integration into Server 2008 Core.

One response so far

Jan 19 2009

Server 2008 DNS Global Query Block List

Published by under Windows

I recently promoted one of the Server 2008 VMs in my lab to a domain controller for the lab domain and installed the DNS role as well (so now I have three DNS servers in the VM lab — all three are domain controllers). The “firewall” to the VM lab is an ISA 2006 server with the Web Proxy Auto-Discovery (WPAD) configured and I have a CNAME entry in DNS for wpad so that the ISA firewall clients can dynamically detect the ISA server and configure the settings in IE.

According to the document, “Windows Server 2008 – DNS Server Global Query Block List” the initial query block list contains the entries ‘wpad’ and ‘isatap’ by default. However, when you install or upgrade a server to Windows Server 2008 and you install the DNS role the installation is supposed to detect whether entries already exist in DNS for the names ‘wpad’ and ‘isatap’ and to remove those entries from the block list upon detection (remember, this only occurs upon installation or upgrade — not later on during normal operation). It only detects, however, when the record is either an A (IPv4 address) or AAAA (IPv6 address). In my case the record is a CNAME and therefore ‘wpad’ was automatically added to the global query block list. This generates an EventID of 7600 with the following text in my case:

The global query block list is a feature that prevents attacks on your network by blocking DNS queries for specific host names. This feature has caused the DNS server to fail a query with error code NAME ERROR for WPAD.DOMAIN.TLD even though data for this DNS name exists in the DNS database. Other queries in all locally authoritative zones for other names that begin with labels in the block list will also fail, but no event will be logged when further queries are blocked until the DNS server service on this computer is restarted. See product documentation for information about this feature and instructions on how to configure it.

Below is the current global query block list (this list may be truncated in this event if it is too long):

EventID 7600 - DNS Query Block List

EventID 7600 - DNS Query Block List

The solution can be found at the Forefront TMG (ISA Server) Product Team blog in their entry titled Windows Server 2008 DNS Block Feature. Additional information can be found on TechNet in the document “DNS Server Global Query Block List” under the Windows Server 2008 resource section covering the Domain Name System.

To make a long story short, the simple solution is to reconfigure the global query block list using the dnscmd command as shown below

Reconfiguring DNS Global Query Block List on Server 2008

Reconfiguring DNS Global Query Block List on Server 2008

No responses yet

Nov 16 2008

New VM System

Published by under Linux,Virtualization

Well…I managed to get a hold of an HP DL380 G3 with dual 3.06GHz Xeon processors, 2GB of RAM, and 6 36GB hard drives with a RAID 5 controller for very little cost. This has accelerated my move towards virtualizing all of my systems at home. In the process of doing so I have also decided that I’m going to upgrade my domain controllers to Server 2008 Standard.

First off I’m using as a base OS on the DL380 Ubuntu 8.04 with VMware Server 1.0.6. The reason being is that I can’t install Server 2008 with Hyper-V on the DL380 G3 — it’s only supported on the DL380 G5 (which has the Intel procs with VT). So, given that I decided to go with Ubuntu and VMware. The install of Ubuntu went easy enough and VMware was just slightly more complicated. I used the instructions here to get the VMware MUI working properly (or course, now it’s not working properly and I’ve got to figure out why).

Anyway, now that I’ve gotten VMware installed and configured I have installed two VM guests — Server 2008 Standard and Server 2008 Core Standard. I’m using both network interfaces on the machine — one for connecting to the VM host system and the other is a bridged interface for the VM guests. I configured the Server 2008 Core system’s network settings according to Dan Petri’s instructions here. In addition I enabled NetBIOS over TCP/IP using the wmic command utility. The instructions for doing that are here.

Finally, once the VMware Tools were installed on the Server 2008 Core system I had to change the display resolution. Turns out, when you install the VMware Tools on Server 2008 Core the display resolution goes from 800×600 to 640×480 (which is really annoying – see the following picture).

Server 2008 Core After VMware Tools Install

Server 2008 Core After VMware Tools Install

Changing that is not so simple though as it requires that you modify the registry. You need to find the right registry setting. The video settings can be found in HKLM\SYSTEM\CurrentControlSet\Control\Video\ where is the ID for the video card and driver currently being used. Look for the Device Description registry key (it should be VMware SVGA II). Right above it are the DefaultSettings.XResolution and the DefaultSettings.YResolution registry key. They are both DWORDs and can be input either in hexadecimal or decimal (see below)

Server 2008 Core Registry Settings for Display Resolution

Server 2008 Core Registry Settings for Display Resolution

I changed the values in both registry keys to 1024 and 768 respectively and then restarted the VM (using the command shutdown /r /t 0). The final result is shown below.

Server 2008 Core with 1024x768 Display Resolution

Server 2008 Core with 1024x768 Display Resolution

Now I need to finish migrating the rest of my VM images off the old VALinux FullOn 2240 and onto the new system. The only things I need to do to the DL380 is increase the RAM from 2GB to 12GB and buy a cabinet for it…man is it loud…I forgot just how loud the DL380s are.

No responses yet