Windows SSH on WSL

Install and Configure OpenSSH Server on Windows 10 and Windows Server 1709

A couple of weeks ago I already wrote about how OpenSSH is now available on Windows 10. In this blog post I will cover how to install and configure OpenSSH Server on Windows 10 and Windows Server 1709.

Today, OpenSSH Client and Server on Windows are still in Beta, so they should only be used in secure test environments and not in production.

First you have to install the OpenSSH feature on your Windows machine. Remember that it needs to be the Windows 10 Fall Creators Update (1709) or Windows Server version 1709 or higher.

Windows OpenSSH Server

 
Get-WindowsCapability -Online | ? Name -like 'OpenSSH*'
 
# Install the OpenSSH Server
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
 
# Install the OpenSSHUtils helper module, which is needed to fix the ACL for ths host keys.
Install-Module -Force OpenSSHUtils

On Windows 10 you can also use the UI to install it.

Windows OpenSSH Server Folder

After the installation you can find the OpenSSH Server files and some more configuration options under C:\Windows\System32\OpenSSH

Now you need to configure the OpenSSH Server (sshd)

To enable authentication into an SSH server on Windows, you first have to generate host keys and repair the ACL on the host keys.

Configure OpenSSH Server on Windows

 
Start-Service ssh-agent
 
cd C:\Windows\System32\OpenSSH
 
# Generate Key
.\ssh-keygen -A
 
# Add Key
.\ssh-add ssh_host_ed25519_key
 
# Repair SSH Host Key Permissions
Repair-SshdHostKeyPermission -FilePath C:\Windows\System32\OpenSSH\ssh_host_ed25519_key
 
# Open firewall port
New-NetFirewallRule -Protocol TCP -LocalPort 22 -Direction Inbound -Action Allow -DisplayName SSH
# Concider to configure the Profile for the Firewall rule

Windows SSH on WSL

Now you should be able to connect to the Windows Machine using SSH for an SSH client. Of course this can be the OpenSSH client or the SSH client which comes with the Windows Subsystem for Linux on Windows 10.

Azure Network Security Group SSH

If you are running OpenSSH Server on a Windows 10 or Windows Server 1709 virtual machine in Microsoft Azure, don’t forget to also configure the Network Security Group (NSG) to allow SSH inbound access on port 22.

Also check out how you can do SSH from PowerShell: Using SSH with PowerShell