WatchGuard Support Center

Knowledge Base - Article

000012457
 How to configure a Windows OpenSSH server for Dimension backup

Information

With the release of Windows 10 v1809 and Windows Server 2019, the default OpenSSH server for Windows has improved security, and will require some setup to work with Dimension backup and restore.

 

Before you begin

  • These instructions are intended for OpenSSH server for Windows 10 1809 and later, and Windows Server 2019.
  • You must have a user account for Dimension to use to log in to your Windows system. This user does not require admin privileges
  • You must configure the Dimension as described at Configure Remote Backup Settings. For the directory path, For the directory path, we recommend you use /Dimension to represent a folder at C:\Dimension.
 

Configure OpenSSH for Dimension backup

Follow these steps to configure the OpenSSH server for Dimension backups.

1.      Follow the instructions for the initial install of OpenSSH server at Installing OpenSSH from the Settings UI on Windows Server 2019 or Windows 10 1809.

2.      On your Windows system, edit the OpenSSH Server configuration file located at C:\ProgramData\ssh\sshd_config and locate these two lines:
Match Group administrators
AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys

3.   Prepend a # symbol to each line. This will change these to comments which the server will ignore.
#Match Group administrators
#AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys

4.   In Windows file explorer, browse to the \Users\ folder for the user account that Dimension will use to log in. For example, if your user login is example, you will browse to C:\Users\example\

5.      In this folder, create a subfolder with the name .ssh. and browse to the new folder.
Please note that there is a period before and after the folder name, like C:\Users\example\.ssh.\

6.   In the \.ssh.\ folder, create an empty text file with the name authorized_keys. This file must not have any file extension.

7.      In File explorer, create a folder for Dimension to use for saved data. The user account your Dimension system will use must have read and write privileges for this saved data. We recommend you create the folder at C:\Dimension.

8.      Follow Microsoft's instructions to launch OpenSSH server and configure it to launch automatically at startup. You can find these instructions at Initial Configuration of SSH Server.

9.      On your Dimension system, test the configuration. For instructions, see Configure Remote Backup Settings.

 

Troubleshooting

When you test the connection, you might see these error messages:

The directory configured in Dimension was not found on the Windows system.
This message most often occurs because of a typo. Remember that Dimension displays the path in Unix format. 

ssh: connect to host: Connection refused Couldn't read packet: Connection reset by peer SSH sftp subsystem test failed.
This error message indicates Dimension was unable to connect. You must verify the SSH server is running and port 22 is open.

Permission denied (publickey,password). Couldn't read packet: Connection reset by peer SSH sftp subsystem test failed.
The Dimension public key was rejected by OpenSSH. Verify the authorized_keys file for your user has Dimension's public key on a single line.

Also, if your system is Windows 10 1809 or late:

  1. Browse to /.ssh/
  2. Right click the authorized_keys file and open Properties > Security > Advanced.
  3. Disable inheritance
  4. Select Convert inherited permissions into explicit permissions on this object
  5. Remove all entries except for SYSTEM and the user configured for Remote Backups on Dimension
  6. Confirm that both users have Full Control access for this file



File "/home/<user>/dimension/" not found. SSH sftp subsystem test failed.
The directory configured in Dimension was not found on the Windows system. This message most often occurs because of a typo. Remember that Dimension displays the path in Unix format.