Install and Configure OpenSSH Server on Windows 10 and Windows Server 1709
A couple of weeks ago I already wrote about how OpenSSH is now available on Windows 10. In this blog post I will cover how to install and configure OpenSSH Server on Windows 10 and Windows Server 1709.
Today, OpenSSH Client and Server on Windows are still in Beta, so they should only be used in secure test environments and not in production.
First you have to install the OpenSSH feature on your Windows machine. Remember that it needs to be the Windows 10 Fall Creators Update (1709) or Windows Server version 1709 or higher.
Get-WindowsCapability -Online | ? Name -like 'OpenSSH*' # Install the OpenSSH Server Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0 # Install the OpenSSHUtils helper module, which is needed to fix the ACL for ths host keys. Install-Module -Force OpenSSHUtils
On Windows 10 you can also use the UI to install it.
After the installation you can find the OpenSSH Server files and some more configuration options under C:\Windows\System32\OpenSSH
Now you need to configure the OpenSSH Server (sshd)
To enable authentication into an SSH server on Windows, you first have to generate host keys and repair the ACL on the host keys.
Start-Service ssh-agent cd C:\Windows\System32\OpenSSH # Generate Key .\ssh-keygen -A # Add Key .\ssh-add ssh_host_ed25519_key # Repair SSH Host Key Permissions Repair-SshdHostKeyPermission -FilePath C:\Windows\System32\OpenSSH\ssh_host_ed25519_key # Open firewall port New-NetFirewallRule -Protocol TCP -LocalPort 22 -Direction Inbound -Action Allow -DisplayName SSH # Concider to configure the Profile for the Firewall rule
Now you should be able to connect to the Windows Machine using SSH for an SSH client. Of course this can be the OpenSSH client or the SSH client which comes with the Windows Subsystem for Linux on Windows 10.
If you are running OpenSSH Server on a Windows 10 or Windows Server 1709 virtual machine in Microsoft Azure, don’t forget to also configure the Network Security Group (NSG) to allow SSH inbound access on port 22.
Also check out how you can do SSH from PowerShell: Using SSH with PowerShell