Setting up backups to Windows Server using OpenSSH or Solarwinds SFTP/SCP Server


Vectra Support offers the following article as a general guide to set up an SCP/SFTP server on a Windows server.  The guide below is not exhaustive and will need to be adjusted for individual Windows versions and permissions.

An exhaustive guide for setting up OpenSSH on Windows is out of the scope of this article.

To allow Cognito backup to a Windows server you will need to configure your SCP/SFTP server:

  • To permit key authentication for user access.
  • To permit file upload, download, listing and deletion.
  • To allow file upload and download without size constraints.

Setting up OpenSSH on Windows

To configure automated backups to a Windows-based machine, the following steps need to be taken to first install OpenSSH service:

  • Download the latest OpenSSH Windows binaries:
  • As the Administrator, extract the package to C:\Program Files\OpenSSH
  • Go to Control Panel > System and Security > Windows Firewall > Advanced Settings > Inbound Rules
    • add a new rule for port 22/TCP
  • Create a .ssh folder in the Windows account profile folder(i.e C:\Users\User_Name\.ssh\). The user where .ssh is located must be the one which will be used by the Brain to connect and perform the backups
  • Create a file in the .ssh folder called authorized_keys
  • Copy the Public key from the backup show command on the brain to the authorized_keys file in the Users profile folder.
    • Include ssh-rsa at the beginning of the key string when copying.
    • The line should be similar to the following:
      • ssh-rsa AAAAB3NzaC1yc2..........................<trimmed output>.....................................KAbtRHh3
  • Open PowerShell as Administrator and paste following commands which will install and start the sshd and ssh-agent services:
powershell.exe -ExecutionPolicy Bypass -File 'C:\Program Files\OpenSSH\install-sshd.ps1'
powershell.exe -ExecutionPolicy Bypass -File 'C:\Program Files\OpenSSH\install-sshd.ps1'
powershell.exe -ExecutionPolicy Bypass -File 'C:\Program Files\OpenSSH\FixHostFilePermissions.ps1'
powershell.exe -ExecutionPolicy Bypass -File 'C:\Program Files\OpenSSH\FixUserFilePermissions.ps1'
Set-Service sshd -StartupType Automatic
Set-Service ssh-agent -StartupType Automatic
Start-Service sshd
Start-Service ssh-agent

Windows SSH server permissions

Vectra has observed situations where key authentication does not operate as expected on Windows SSH servers.  This issue is well documented and discussed online and may be found easily using your preferred search engine.

Configuration issues worth investigating include:

  • Unexpected file locations or default file names for the authorized_keys file
    • If you are going to use a user that is member of the Administrators group, the authorized_keys file may be at other locations, including C:\ProgramData\ssh\administrators_authorized_keys or C:\Program Data\administrators_authorized_keys
    • If you are using a regular user, the authorized_key_file is at C:\Users\User_Name\.ssh\authorized_keys
  • Key authentication is disabled by default
  • Permissions issues for the authorized_keys file or one of its parent directories
    • The authorized_key files should not have permission for "Authenticated Users"
  • SSH server "service" account issues, in particular where the SSH server "service" is running as an unexpected user unable to access the authorized_keys file or one of its parent directories
  • The SSH server service may not start automatically immediately after installation and may need to be started manually or the Windows server itself may need to be rebooted.
  • SSH key generation on the Windows server itself may require further investigation to operate as expected.

Windows SSH logging

OpenSSH will, by default, send logging to windows event viewer. To increase log verbosity, change the parameter "LogLevel" to Debug in "C:\ProgramData\ssh\sshd_config" and restart sshd. Click here for more info.

Installing and Running SolarWinds SFTP & SCP Server

Note: SFTP & SCP Server only supports files up to 4GB. 

You can modify the installation location and other settings using the SolarWinds SFTP & SCP Server setup program.

Note: The Windows user account used to install SolarWinds SFTP & SCP Server must have administrator rights.

To install SolarWinds SFTP & SCP Server:

  1. Run the setup program (SolarWindsSCPServer.exe).
  2. Complete the setup wizard, providing the appropriate information as necessary.

To run SolarWinds SFTP & SCP Server:

Start SFTP & SCP Server in the SolarWinds SFTP & SCP Server folder.

To start SolarWinds SFTP & SCP Server when Windows starts:

  1. Right-click in the Taskbar Notification Area.
  2. Click Options.
  3. Check Start When Windows Starts.

More information can be found in the SFTP & SCP Server window, under the help menu. 


Configuring automated backups on Cognito Detect

Create a folder where the backups should be stored in the Windows account profile folder.

The above folder must be used on Brain side when configuring --target-path <pathname> 

Follow the instructions in the Automated Backups to an SCP/SFTP server guide for Brain side configuration:


Was this article helpful?
0 out of 0 found this helpful

Download PDF


Article is closed for comments.