Install OpenSSH Server on Windows Server
Back in 2017 Microsoft made OpenSSH available on Windows 10. Shorty after OpenSSH was also available for Windows Server, version 1709. This blog post should give you a simple step by step guy how you install OpenSSH Server on Windows Server. OpenSSH is available for Windows Server, version 1709 and higher. If you are running Windows Server 2016, and you want to stay in the long-term servicing branch, you will need to wait for the next Windows Server LTSC build.
Install OpenSSH Server on Windows Server
If you are running a Windows Server 1709 or higher, you can simply use PowerShell to install the OpenSSH Client and Server.
You can use the following PowerShell commands to install the OpenSSH Server on the server.
Get-WindowsCapability -Online | ? Name -like 'OpenSSH*' # Install the OpenSSH Server Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0 # Install the OpenSSHUtils helper module, which is needed to fix the ACL for ths host keys. Install-Module -Force OpenSSHUtils
After the installation you can find the OpenSSH Server files and some more configuration options under “C:\Windows\System32\OpenSSH”
Next you need to configure the OpenSSH Server (sshd)
To enable authentication into an SSH server on Windows, you first have to generate host keys and repair the ACL on the host keys.
To configure the OpenSSH Server, just run the following PowerShell commands:
Start-Service ssh-agent cd C:\Windows\System32\OpenSSH # Generate Key .\ssh-keygen -A # Add Key .\ssh-add ssh_host_ed25519_key # Repair SSH Host Key Permissions Repair-SshdHostKeyPermission -FilePath C:\Windows\System32\OpenSSH\ssh_host_ed25519_key # Open firewall port New-NetFirewallRule -Protocol TCP -LocalPort 22 -Direction Inbound -Action Allow -DisplayName SSH # Consider to configure the Profile for the Firewall rule
Now you should be able to access your Windows Server using an SSH client.
Remember if you run your server in Microsoft Azure, you might also need to configure the Network Security Group to allow SSH Remoting on port 22.
I hope this post help you and if you have any questions, please let me know in the comments.
You failed to mention that Windows Server, version 1709 and higher not available yet and not stable. I have wasted several hours believing your blog. Total useless.
Sad your experience was not good.
Windows Server, version 1709 is available since September last year! (2017) We now even have version 1803 and 1809 as well as the LTSC version Windows Server 2019, available!
Is there any easy way to set PowerShell as default SSH shell instead of cmd? Thanks!
I got this error when starting the service:
PS C:\windows\system32\OpenSSH> Start-Service ssh-agent
Start-Service : Service ‘OpenSSH Authentication Agent (ssh-agent)’ cannot be started due to the following error: Cannot start
service ssh-agent on computer ‘.’.
At line:1 char:1
+ Start-Service ssh-agent
+ ~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OpenError: (System.ServiceProcess.ServiceController:ServiceController) [Start-Service], ServiceCommand
Exception
+ FullyQualifiedErrorId : CouldNotStartService,Microsoft.PowerShell.Commands.StartServiceCommand
You need to copy \sources\sxs directory into \Windows directory before adding OpenSSH.Server~~~~0.1.0.0 feature
robocopy E:\sources\sxs C:\Windows\sxs
After that, you may add openssh.server capability into existing installation.
Thanks for putting these instructions together Thomas, I found them very helpful. I needed a couple of extra steps to make everything work:
Before I could run the Start-Service ssh-agent command, I first needed to start the service in Windows (https://stackoverflow.com/questions/52113738/starting-ssh-agent-on-windows-10-fails-unable-to-start-ssh-agent-service-erro)
Get-Service -Name ssh-agent | Set-Service =StartupType Manual
Generating the keys (.\ssh-keygen -A) resulted in a ‘no such file or directory\ error until I created an ssh directory off of C:\programData.
I just tried the latest build of Win32 OpenSSH (v8.0.0.0p1) on an up-to-date Windows 2016 LTSC (1607) and it is working, so I guess whatever limitation preventing earlier releases of the program have now been fixed.