installing minimal Cygwin on XP for ssh and rsync

Fri Jun 23 01:53:00 GMT 2006

I installed Cygwin on XP yesterday to get ssh and rsync servers running. 
I have done this before and shared my experiences on this list earlier 
as well. Specially the bit about the Zone Alarm causing a problem to 
connect to the WIndows machine via ssh after reboots. Here are the steps 
I followed, hopefully this will help others too. Comments and advise or 
explanations are welcome.

NOTE: make sure you are logged in as an administrator before installing 
and setting up the following stuff.

Installling Minimal (sort of) Cygwin:
Download the installer file from (okay to 
save it on Desktop)

Double click on setup.exe to start installation of Cygwin and follow the 
prompts with the following choices:

-> Install from Internet

-> Choose root dir: c:\cygwin
->All Users

->choose dir to download files which will be used for installation. Sort 
of like a temp dir. Chose C:\tmp\cygwin-downloads or any other of your 

->Direct Connection

Here your firewall, if you have one, will ask if you want to allow 
setup.exe to connect to the internet. In my case, ZoneAlarm asked if 
Setup should be allowed internet connection. Allowed.

->Choose a site from "Available Download Sites"

->Package lists will be shown
Leave the default packages are they are. But add the following by 
clicking on "Skip" column for these packages until that columns lists 
the version that will be installed (see Step 2b at ):
   wget (it is a handy tool)
->NEXT (it will then start downloading the package files)

->at the end, it will ask if you want icons on desktop and start menu. 
Answer yes.

You will get a Cgywin icon on your desktop. Double click on it and a 
prompt will appear. All is well. Close that window.

In Environment variable window(See Step 3 at for illustration), add 
a new System Variable: CYGWIN and give it a value of ntsec.

Then add the cygwin path,;c:\cygwin\bin, to Environment path variable. 
See Step 4 of the above web site for illustration.

Make Cygwin see users' information: Open the Cygwin terminal (double 
click on the Cygwin icon you got on your desktop) and give these 
commands ("$" below means the below):
$ mkpasswd   --local   >   /etc/passwd
$ mkgroup   --local    >   /etc/group

Cygwin is all setup now.

Setting up SSH Server:
Setup and get sshd running by giving the following commands in the 
Cygwin terminal:
$ cygrunsrv  --stop  sshd
$ cygrunsrv  --remove sshd
$ ssh-host-config  <-- (see more info below)
$ cygrunsrv  --start sshd

The third command above will give an output as shown below. Answer "yes" 
as shown in the prompts here:
Privilege separation is set to yes by default since OpenSSH 3.3.
However, this requires a non-privileged account called 'sshd'.
For more info on privilege separation read 

Should privilege separation be used? (yes/no) yes
Generating /etc/sshd_config file

Warning: The following functions require administrator privileges!

Do you want to install sshd as service?
(Say "no" if it's already installed as service) (yes/no) yes

Which value should the environment variable CYGWIN have when
sshd starts? It's recommended to set at least "ntsec" to be
able to change user context without password.
Default is "ntsec".  CYGWIN=binmode tty ntsec

The service has been installed under LocalSystem account.
To start the service, call `net start sshd' or `cygrunsrv -S sshd'.

Host configuration finished. Have fun!

Now, edit /cygwin.bat (in notepad or in vi editor) to add the CYGWIN env 
variable line as shown below (I am not sure why all these values are 
needed, if someone can explain in detail, it would be great):
$ less /cygwin.bat
@echo off
CYGWIN=binmode tty ntsec

chdir c:\cygwin\bin

bash --login -i

Now you can ssh to other machines on your network. If you try to do so, 
your firewall, if you have one, will ask if sshd should be allowed to 
connect to the internet, say yes and make sure your firewall remembers 
this choice -- make it permanent.

However, if you have zone alarm running, then after rebooting sshd won't 
be available, Zone alarm will block all its traffic unless it is run 
before zone alarm starts. To solve this, make sshd a dependency of
vsmon (the zone alarm service) and tcpip service (no point in having 
sshd running unless tcpip is also running):
root@localhost ~
$ cygrunsrv -E sshd      <-- this command stops the service

root@localhost ~
$ cygrunsrv -R sshd      <-- this command removes the service

root@localhost ~
$ cygrunsrv -I sshd -p /usr/sbin/sshd -f "Cygwin SSH Daemon" -a'-D' -e 
'CYGWIN=binmode ntsec tty' -y tcpip -y vsmon
(the above is a one long single line command. note the single quotes)

root@localhost ~
$ cygrunsrv -S sshd      <-- this command starts the service

Now, when you reboot the computer, you will be able to ssh to the 
Windows computer without any problems from zone alarm.

Rsync service is not running by default. So no need to try to stop the 
service unless you know it is already running. You can use
  "cygrunsrv --list" command to see if it is already installed. Stop it 
if it is by "cygrunsrv -E rsync" command. Then use the following 
commands to set it up:
root@localhost ~
$ cygrunsrv -I "rsyncd" -p /usr/bin/rsync -a '--daemon --no-detach'

( if /etc/rsyncd.conf already doesn't exist, see the note below, use the 
following command to create an empty file)
$ touch /etc/rsyncd.conf

$ cygrunsrv -S "rsyncd" <-- starts the service
Note: If you do not have an /etc/rsyncd.conf file, upon trying to start 
the rsyncd service you will get this error:
$ cygrunsrv -S rsyncd
cygrunsrv: Error starting a service: QueryServiceStatus:  Win32 error 1062:
The service has not been started.

If you create an empty /etc/rsyncd.conf, rsync will be happy and will 
run smoothly.

Finally, allow your firewall to remember that rsync should be allowed 
outside connections.

Good luck,

Unsubscribe info:
Problem reports:

More information about the Cygwin mailing list