Cygwin - Create and Add Users

Written: 03/25/12

Last Updated: 03/23/14

This guide is the fifth part of my Cygwin SSH server series and assumes that the first four guides have already been completed. If you have not yet completed those article, click here to go to the first article. This article is broken up into two sections – Creating a Windows User and Adding New Users to the Server. The first part is by no means Cygwin specific and can be followed to create new Windows users. The second part will go over how to sync the Windows users with the server.

Creating a Windows User

As with the previous tutorial, we will be using the Computer Management utility. This can be accessed by opening the start menu and typing “%windir%\system32\compmgmt”. In the items that appear, click on “compmgmt.msc”.

cygwin-create-and-add-users-1

Expand the “Local Users and Groups” category.

cygwin-create-and-add-users-2

Click on “Users”.

cygwin-create-and-add-users-3

In the white-space in the central section where all of the users are listed, right-click and then click “New User…”.

cygwin-create-and-add-users-4

You will see the screen shown below. Take note of the default settings.

cygwin-create-and-add-users-5

Give your user a username and password. Make sure that the password is secure, as weak passwords (like the one used below) create entry points that can be broken into. If you wish to have fixed passwords set by the admin only, you may check the fields shown below. The settings you choose are completely optional, just make sure that the “Account is disabled” option is left unchecked.

cygwin-create-and-add-users-6

At this point, a new Windows user has been created. To add the newly created user to the user group, read on.

Adding New Users to the Server

Part I – Add user to user group

Now that your user has been creating, you need to add the user to the previously created sshUsers user group. To do this, right-click on the user you just added and click on “Properties”.

cygwin-create-and-add-users-7

In the window that appears, click on the “Member Of” tab.

cygwin-create-and-add-users-8

Click on “Add…”.

cygwin-create-and-add-users-9

Click “Advanced…”.

cygwin-create-and-add-users-10

Click “Find Now”.

cygwin-create-and-add-users-11

Click on the user group you created for the server in the previous tutorial, sshUsers. Click on “OK” once the group name is selected.

cygwin-create-and-add-users-12

Click “OK”.

cygwin-create-and-add-users-13

If you wish to separate your SSH users from your local users, you may remove the “Users” group by selecting it and click on “Remove”; otherwise, click “OK”.

cygwin-create-and-add-users-14

At this point a user has been created and added to the user group; however, the user will still not be able to login to the server. To synchronize the Windows users with the server read on.

Part II – Sync ALL Windows user(s) to the server

Before we continue, some notes should be made about this next step. By running these next set of commands you will grant access to ALL users on your computer to your SSH server. Before executing this command you should make sure that you fully understand what that entails. In other words, if you have local users with insecure passwords do NOT do this next step. You should only do this if all of the users have secure passwords and you wish to grant all users access to your server. Limiting the commands to only adding the users in the sshUsers user group will not be covered; however, detailed explanation of the two commands can be found here and here.

Now that all of the warnings have been stated, and hopefully at this point you have at least looked at the referenced links above, it is time to sync the Windows users to the server. To do this, type the commands shown below in the terminal.

mkpasswd --local > /etc/passwd
mkgroup --local > /etc/group

cygwin-create-and-add-users-15

This concludes the fifth part of my Cygwin SSH server series. The next article covers how to configure the Windows Firewall. Click here to link to that article.

Discussion (13)

There are 13 responses to “Cygwin – Create and Add Users”.

  1. SshDemon responded:

    · Reply

    Warning:
    (1) There is no point in running both mkpasswd commands as written above, since the second overwrites the first.
    (2) Using mkpasswd overrides the Cygwin setup defaults by enabling the /bin/bash shells on all users, whereas in the Cygwin server setup script, many users shells are replaced by /bin/false.

    • 1) Nice catch. I fixed that in my article.
      2) That’s true. I was assuming that the followers of this guide would want all users to have proper SSH access. Obviously, if that were not desired, a different approach would need to be used for granting / limiting access.

  2. Denis Bergeron responded:

    · Reply

    And if mkgroup doesn’t show the user I created how to manual add it in /etc/passwd ?

    • Denis Bergeron responded:

      · Reply

      We should read : And if mkpasswd doesn’t show the user I created in windows how to manual add it in /etc/passwd ?

    • Assuming your user exists for the current domain you are using, it should have found it, correctly. Regardless, you can append users individually to the files by doing something like this:

      mkpasswd -l -u username >> /etc/passwd

      In the above code, change “username” to the username you want to add.

      Note that this assumes the user is on the current domain. If the user is on a different domain, use the “-d” option to specify the domain, instead of the “-l” option.

  3. Denis Bergeron responded:

    · Reply

    Unfortunately, this command, with the existing domain user that I will like to have in cygwin, give me a empty answer line

    • That command doesn’t return any output, it simply writes to /etc/passwd. If you look at the last line in the file, you should see the entry containing the user you want to add:

      cat /etc/passwd

      If you don’t see the user in that file, try doing the following:

      net users

      If you don’t see the user in that list, it means that you did not create the user correctly.

  4. PRADEEP responded:

    · Reply

    Hey this is an excellent document. Have a couple of questions though.

    1) how can i add users who are global across the network. i am trying to configure a user to access two servers using SFTP.

    2) i also need to configure the users with keys and not passwords. can you please help me with these two questions

    • 1) If I understand correctly you have two separate servers and you want a common user to be able to access both? Typically this is something that you would use LDAP for. Cygwin does have support for LDAP. This is something that I haven’t experimented with, yet, so I can’t comment on how well it works. Alternatively, if this is a small-scale thing you are managing, you could write some scripts to help you out. As an aside, if you are doing something that involves many users and multiple systems, you should probably be using a native *nix box instead of Cygwin.

      2) You can use PKA once you have made the users. This is a process that is typically done by the actual user. If you look at this comment I provide some directions on how to generate a key. These steps are not specific to Cygwin and should look very similar to how you would do things on a normal *nix box.

  5. yaro responded:

    · Reply

    Do you know of a way of adding a specified domain group foe ssh access rather than mapping all?

    • You can try using this, but replacing username with usergroup. I haven’t tested this, but it might work. If not, you could write a simple script to call that command with each user in your group.

  6. Larry responded:

    · Reply

    My question is, I have added a user “grok” and I’m thinking I’ve mangled the password as that user cannot ssh into the box, while the ‘Administrator’ account can. The /etc/passwd file is non-existent. [net users] command lists the user “grok” and the user is listed in Windows 2008 (non-domain server) properly.

    So nor can I log in to cygwin and use [ssh-user-config] in an attempt to change the password that way. Changing it in Windows (naturally) doesn’t do anything except make things worse.

    Any suggestions/instructions? I have seen {zero} information on the net about deleting users…

  7. If you want to delete the user, do so in the same manner that you would normally delete a Windows user. For instance, in the control panel, navigate to “Control Panel\User Accounts\User Accounts\Manage Accounts”. Click on the account you want to modify (in your case “grok”) and then click on “Delete the account”.

    If you know the password, you can follow the steps in the above comment to allow the user to have SSH permissions.

Leave a Reply