How to configure OpenSSH in Windows

Introduction #

OpenSSH is the open-source version of the Secure Shell (SSH) tools used by administrators of Linux and other non-Windows for cross-platform management of remote systems. OpenSSH has been added to Windows as of autumn 2018, and is included in Windows 10 and Windows Server 2019. The master OpenSSH open source project is managed by developers at the OpenBSD Project. The Microsoft fork of this project is in GitHub.

The instructions below are applicable for installing the native version of OpenSSH in Windows Server 2019 and Windows 10 1809 onwards. The Microsoft github version of OpenSSH has different installation instructions as per https://github.com/PowerShell/OpenSSH-Portable.

Install OpenSSH in Windows 10 1809 onwards #

To install OpenSSH, start Settings then go to Apps --> Apps and Features --> Manage Optional Features. Scan this list to see if OpenSSH client is already installed. If not, then at the top of the page select "Add a feature", then:

  • To install the OpenSSH client, locate "OpenSSH Client", then click "Install".
  • To install the OpenSSH server, locate "OpenSSH Server", then click "Install".

By using Powershell #

Get-WindowsCapability -Online | ? Name -like 'OpenSSH*'

# Install the OpenSSH Client
Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0

# Install the OpenSSH Server
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0

The following output should be returned by the above installation cmdlets:

Install OpenSSH in Windows Server 2019 #

Run the following Powershell cmdlets (elevated prompt) in order to perform the basic configuration of the OpenSSH deamon on Windows Server.

# Install the OpenSSH Server
Add-WindowsCapability -Online -Name  OpenSSH.Server~~~~0.0.1.0
Start-Service sshd
# OPTIONAL but recommended:
Set-Service -Name sshd -StartupType 'Automatic'
# Confirm the Firewall rule is configured. It should be created automatically by setup.
Get-NetFirewallRule -Name *ssh*
# There should be a firewall rule named "OpenSSH-Server-In-TCP", which should be enabled
# If the firewall does not exist, create one
New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22

The cmdlet output should be as follows.

Connect to OpenSSHD via the native OpenSSH client in Windows #

After both the OpenSSH server and client have been configured, run the following command from the client's windows cmd terminal:

Ssh username@servername
# ssh [email protected]@192.168.1.100

Advanced OpenSSH server configuration and ssh key management #

Refer to the following Microsoft articles for details on more advanced OpenSSH server configuration and ssh key management:

Sources #

https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_overview

https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_server_configuration

Powered by BetterDocs