SSH into a Windows computer

So you’re cruising along in Linux, happily using SSH to tunnel into every server you have access to, and suddenly you realize you need to get a file on your Windows computer. Sure, you could set up a remote desktop client like LogMeIn or GoToMyPC, but it’s just so simple to use SSH. But Windows only has telnet, which is not only disabled by default but horribly insecure to boot.

The solution is simple: Cygwin.

Cygwin provides access to a plethora tools you might find on your average Linux system, including an SSH server and related tools. I won’t go into the gory details of getting it up and running, as Gina Trapani of Lifehacker fame has already written a wonderful tutorial on this very topic. It’s an old article (from 2006), but it should still be accurate as far as all the steps go.

One thing you may notice if you’re running Windows Vista or Windows 7 is the addition of a mysterious user account called Privileged Server on your login screen. When SSH was being set up in Cygwin, a separate user was created for the SSH server, presumably so you couldn’t muck up too much on your own account when tunneling into your computer. It’s supposed to be there, but it may be kind of annoying to have a user account you’re never going to directly access taking up space on your login page. This can be fixed using the registry, but don’t edit it if you’re not entirely sure what you’re doing. Screwing up the registry can potentially result in irreparable damage to your Windows installation, computer hardware, and personal relationships. Yes, it’s that powerful. (I’m kidding.)

First things first, open up regedit via either the search box in the Start menu or the Run dialog. Once it’s open, navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon. Right-click on Winlogon in the tree directory (left panel) and select New>Key. Type SpecialAccounts in the box that appears and hit Enter. Again in the tree directory, right-click on SpecialAccounts and create a new key titled UserList. (Note: these keys may already exist. In that case, simply click to enter them.)

Now, in UserList, right-click in the right panel and select New>DWORD (32-bit) Value. Name it cyg_server. (Note: I believe this is the account name, but you can double-check by right-clicking on My Computer, selecting Properties, then Advanced Properties, and clicking the Settings button under User Profiles. There may be a number of profiles there other than your personal account, but the SSH server likely has cyg somewhere in the name.)

Double-clicking on the value name will allow you to modify the data contained within. The default of 0 hides the account from the login screen, but you can show it again by changing that to 1.

Now you can exit out of regedit and log out or restart your computer to see the login screen sans Privileged Server! Congratulations, you are now a computer wizard. You may now put on your robe and hat.

  • marina dubai

    Honestly good blog I’ll definitely be coming back to have a look at it day-to-day from now on

  • Wally Thompson

    Thank you, very useful!

  • Ryanleedavies

    Sweet!  I have always just used winscp which is a bit of a pain.  I figured I could install an ssh server but never bothered until the other day I found and ran through that cygwin tutorial but didn’t really pay attention so I was confused when I saw Privileged Server user on my login screen.  So I googled windows 7 “privileged server” and found your blog.  My favorite part was the idea of seeing myself in a wizard hat and robe…  :D

  • isomorphisms

    For my use case (Amazon EC2) I thought I needed to “SSH” into a remote Windows machine, because to me “SSH” is synonymous with “log into a remote machine”. But actually “RDP” = “Remote DesktoP” is the preferred way to remotely interact with Windows machines, since they’re so GUI-centric (as opposed to a Linux terminal where you can do many things with a SHell).

  • AndyDontCare

    Thanks! This was a real pain and bothered me a lot. Your usual “how to hide users from logon screen” tutorial didn’t cover that “Privileged server” should be “cyg_server”.

April 2011
« Mar    
Support Wikipedia