FlexDeploy utilizes OpenSSH within a Unix shell for communicating to all endpoints. For Microsoft Windows, Cygwin is required to provide the Unix-like environment containing the required SSH libraries. The following instructions can be used to install the Cygwin on a Windows client.
| Table of Contents |
|---|
...
Installation Steps
Download Cygwin from the following location: https://www.cygwin.com/.
| Tip |
|---|
Installation will download necessary packages, so if your server does not have Internet access you will have to use Download Without Installing on a server to gather necessary packages, then transfer that folder to server where you want to install Cygwin and select Install from Local Directory option. Another option is to just install Cygwin on your laptop which also download packages in Local Package Directory which you can transfer to server where you want to install Cygwin. |
Run the installer (setup-x86_64.exe) and follow the prompts:
...
. Make sure to run this as Administrator user, because this allows to set up the Cygwin environment so that all users can start a Cygwin shell out of the box.
As explained earlier, select appropriate option for Download Source.
Make sure to select All Users as that will allow you to connect as any user on the system.
This is most important step, as FlexDeploy requires SSH connectivity and that is the reason we are installing Cygwin. Type "openssh" into the search dialog
...
. Drill down to
...
Net > openssh. Click on the
...
Skip and it will
...
5. Click Next.
...
change to some version number. This process may be slightly different depending on Cygwin version being installed.
| Info |
|---|
Make sure that you select a version. Don't click next if it still says Skip. |
Click Finish.
Next you will need to setup CYGWIN sshd service.
Setup sshd Service
Navigate to the location you installed Cygwin and run Cygwin.bat as administrator.
...
Once the bash window opens, run: ssh-host-config
...
Follow
...
- Query: Should StrictModes be used? (yes/no) yes
- Query: Should privilege separation be used? (yes/no) yes
- Query: new local account 'sshd'? (yes/no) yes
- Query: Do you want to install sshd as a service?
- Query: (Say "no" if it is already installed as a service) (yes/no) yes
- Query: Enter the value of CYGWIN for the daemon: [] <PRESS ENTER>
- Query: Do you want to use a different name? (yes/no) no
- Query: Create new privileged user account 'SYS\cyg_server' (Cygwin name: 'cyg_server')? (yes/no) yes
| Tip |
|---|
If you will be running build / deploy operations on this Endpoint as user other than cyg_server, you can say no to this answer and use existing account instead. Ideally, CYGWIN sshd service running as cyg_server should allow to connect as any other user if configured properly, but we have seen issues in this space due to various restrictions on Servers and Windows versions. If you decide to still continue with cyg_server, you can make the change later as well. |
- Query: Please enter the password: <ENTER PASSWORD>
- Query: Reenter: <ENTER PASSWORD>
- Info: Host configuration finished. Have fun!
...
as shown below. These steps may be slightly different based on version of Cygwin.
Verify your Firewall configuration as you may need to open port 22 if you have a firewall enabled.
Start the CYGWIN sshd service from the services console (Computer
...
Management > Services)
10. Verify your Firewall configuration is compatible with the new service; You may need to open port 22 if you have a firewall enabled.
...
Using a SSH client (such as PuTTY) attempt to log in to the host with user that has local access to the machine. If successful then the environment is setup and ready for use.
Troubleshooting Tips
- If you get permissions issue, launch cygwin terminal on target server as user that you will be connecting from FlexDeploy, then adjust .bashrc file in home folder to have following entry.
- umask 022
- If you installed CYGWIN sshd as cyg_server user, it should be able to allow Endpoint connection as any user on the server, but that may not work always. In this situation you can try these options.
- Make sure that cyg_server account is added to Replace a process level token policy using gpedit.msc. Reference - https://technet.microsoft.com/en-us/library/dn221975(v=ws.11).aspx, https://technet.microsoft.com/en-us/library/cc957225.aspx
- Another option is to run CYGWIN sshd as user that you want to connect as from FlexDeploy Endpoint. Here are the steps to make that change.
- Make sure the account you want to connect as is Administrator account. See my example of flexuser that I used instead of cyg_server
- Stop CYGWIN sshd service.
- Edit CYGWIN sshd service and make it use user that you want to connect as from FlexDeploy Endpoint. See example below.
- Click OK.
- Run Cygwin terminal as Administrator.
- Run ssh-host-config option and follow prompts.
- Now start CYGWIN sshd service.
- Make sure the account you want to connect as is Administrator account. See my example of flexuser that I used instead of cyg_server
...
If you receive a wrong password error, and are using a username in the format domain\user, try is without the domain.
| Tip |
|---|
Adding public key in authorized_keys file also works fine similar to Unix systems, make sure to use proper case user name in Endpoint configuration. i.e. if home folder is /home/Administrator then use Administrator as user name in endpoint configuration, otherwise ssh public key will not be found. You can do this using Cygwin terminal (instead of Windows Explorer or other tools) to make sure that file is created in proper folder. Alternatively, you can copy file from remote server to Cygwin server using command like. ssh-copy-id -i <path to pub file> username@cygwinserverhost There will .ssh folder similar to Unix. For example, /home/<user>/.ssh/authorized_keys. In one situation noticed /home/<user>/.ssh folder path which worked and adding file to c:/users/<user>/.ssh/authorized_keys did not work. |