FlexDeploy Cygwin Install Guide

FlexDeploy utilizes OpenSSH within a Unix shell for communicating to all endpoints.  For Microsoft Windows, Cygwin is required to provide the Unix-like environment containing the required SSH libraries. The following instructions can be used to install the Cygwin on a Windows client.


Install Steps

Download Cygwin from the following location: https://www.cygwin.com/

Run the installer and follow the prompts:











3. Type "openssh" into the search dialog.

4. Drill down to Net>openssh . Click on the version number and it will check the Binary box.

5. Click Next.





6. Navigate to the location you installed Cygwin and run Cygwin.bat as administrator.

7. Once the bash window opens, run:  ssh-host-config

8. Follow the prompts and enter the information as indicated below:

  • Query: Should StrictModes be used? (yes/no) yes
  • Query: Should privilege separation be used? (yes/no) yes
  • Query: new local account 'sshd'? (yes/no) yes
  • Query: Do you want to install sshd as a service?
  • Query: (Say "no" if it is already installed as a service) (yes/no) yes
  • Query: Enter the value of CYGWIN for the daemon: []  <PRESS ENTER>
  • Query: Do you want to use a different name? (yes/no) no
  • Query: Create new privileged user account 'SYS\cyg_server' (Cygwin name: 'cyg_server')? (yes/no) yes

If you will be running build / deploy operations on this Endpoint as user other than cyg_server, you can say no to this answer and use existing account instead. Ideally, CYGWIN sshd service running as cyg_server should allow to connect as any other user if configured properly, but we have seen issues in this space due to various restrictions on Servers and Windows versions. If you decide to still continue with cyg_server, you can make the change later as well.

  • Query: Please enter the password: <ENTER PASSWORD>
  • Query: Reenter: <ENTER PASSWORD>
  • Info: Host configuration finished. Have fun!

9. Start the Cygwin SSH service from the services console (Computer Management>Services)


10. Verify your Firewall configuration is compatible with the new service; You may need to open port 22 if you have a firewall enabled.

11. Using a SSH client (such as PuTTY) attempt to log in to the host with user that has local access to the machine. If successful then the environment is setup and ready for use.


Troubleshooting Tips

  • If you installed CYGWIN sshd as cyg_server user, it should be able to allow Endpoint connection as any user on the server, but that may not work always. In this situation you can try these options.
    1. Make sure that cyg_server account is added to Replace a process level token policy using gpedit.msc. Reference - https://technet.microsoft.com/en-us/library/dn221975(v=ws.11).aspx, https://technet.microsoft.com/en-us/library/cc957225.aspx
    2. Another option is to run CYGWIN sshd as user that you want to connect as from FlexDeploy Endpoint. Here are the steps to make that change.
      1. Make sure the account you want to connect as is Administrator account. See my example of flexuser that I used instead of cyg_server


      2. Stop CYGWIN sshd service. 
      3. Edit CYGWIN sshd service and make it use user that you want to connect as from FlexDeploy Endpoint. See example below.


      4. Click OK.
      5. Run Cygwin terminal as Administrator.
      6. Run ssh-host-config option and follow prompts.


      7. Now start CYGWIN sshd service.


If you experience problems starting sshd, check the sshd.log in Cygwin64/var/log. That will indicate the issue that is occurring and should help with resolution.

If you receive an error like the permissions are too big for some folder or file, then you should perform a command in the bash window to reduce the permissions. An example would be chmod 700 /var/empty

If you receive a wrong password error, and are using a username in the format domain\user, try is without the domain.

Adding public key in authorized_keys file also works fine similar to Unix systems, make sure to use proper case user name in Endpoint configuration. i.e. if home folder is /home/Administrator then use Administrator as user name in endpoint configuration, otherwise ssh public key will not be found.