Back in 2017 Microsoft made OpenSSH available on Windows 10. Shortly after OpenSSH was also available for Windows Server, version 1709. This blog post should give you a simple step by step guy how you install OpenSSH Server on Windows Server. OpenSSH is available for Windows Server, version 1709 and higher. If you are running Windows Server 2016, and you want to stay in the long-term servicing branch, you will need to wait for the next Windows Server LTSC build.
Install OpenSSH Server on Windows Server
If you are running a Windows Server 1709 or higher, you can simply use PowerShell to install the OpenSSH Client and Server.
You can use the following PowerShell commands to install the OpenSSH Server on the server.
Get-WindowsCapability -Online | ? Name -like 'OpenSSH*'
# Install the OpenSSH Server
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
After the installation you can find the OpenSSH Server files and some more configuration options under “C:\Windows\System32\OpenSSH”
Next you need to configure the OpenSSH Server (sshd)
To start and configure the OpenSSH Server, just run the following PowerShell commands:
# Start the sshd service
Start-Service sshd
# OPTIONAL but recommended:
Set-Service -Name sshd -StartupType 'Automatic'
# Confirm the Firewall rule is configured. It should be created automatically by setup. Run the following to verify
if (!(Get-NetFirewallRule -Name "OpenSSH-Server-In-TCP" -ErrorAction SilentlyContinue | Select-Object Name, Enabled)) {
Write-Output "Firewall Rule 'OpenSSH-Server-In-TCP' does not exist, creating it..."
New-NetFirewallRule -Name 'OpenSSH-Server-In-TCP' -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22
} else {
Write-Output "Firewall rule 'OpenSSH-Server-In-TCP' has been created and exists."
}
Now you should be able to access your Windows Server using an SSH client.
Remember if you run your server in Microsoft Azure, you might also need to configure the Network Security Group to allow SSH Remoting on port 22.
I hope this post help you and if you have any questions, please let me know in the comments.
Tags: Linux, LTSC, Microsoft, OpenSSH, OpenSSH Server, OpenSSH Windows, PowerShell, SSH, SSH Windows, SSH Windows Server, Windows, Windows 10, Windows Server, Windows Server 1709, Windows Server 1803, Windows Server 2016 Last modified: November 24, 2021
You failed to mention that Windows Server, version 1709 and higher not available yet and not stable. I have wasted several hours believing your blog. Total useless.
Sad your experience was not good.
Windows Server, version 1709 is available since September last year! (2017) We now even have version 1803 and 1809 as well as the LTSC version Windows Server 2019, available!
Is there any easy way to set PowerShell as default SSH shell instead of cmd? Thanks!
I got this error when starting the service:
PS C:\windows\system32\OpenSSH> Start-Service ssh-agent
Start-Service : Service ‘OpenSSH Authentication Agent (ssh-agent)’ cannot be started due to the following error: Cannot start
service ssh-agent on computer ‘.’.
At line:1 char:1
+ Start-Service ssh-agent
+ ~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OpenError: (System.ServiceProcess.ServiceController:ServiceController) [Start-Service], ServiceCommand
Exception
+ FullyQualifiedErrorId : CouldNotStartService,Microsoft.PowerShell.Commands.StartServiceCommand
You need to copy \sources\sxs directory into \Windows directory before adding OpenSSH.Server~~~~0.1.0.0 feature
robocopy E:\sources\sxs C:\Windows\sxs
After that, you may add openssh.server capability into existing installation.
Thanks for putting these instructions together Thomas, I found them very helpful. I needed a couple of extra steps to make everything work:
Before I could run the Start-Service ssh-agent command, I first needed to start the service in Windows (https://stackoverflow.com/questions/52113738/starting-ssh-agent-on-windows-10-fails-unable-to-start-ssh-agent-service-erro)
Get-Service -Name ssh-agent | Set-Service =StartupType Manual
Generating the keys (.\ssh-keygen -A) resulted in a ‘no such file or directory\ error until I created an ssh directory off of C:\programData.
I just tried the latest build of Win32 OpenSSH (v8.0.0.0p1) on an up-to-date Windows 2016 LTSC (1607) and it is working, so I guess whatever limitation preventing earlier releases of the program have now been fixed.