Windows OS Hub
  • Windows Server
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Group Policies
  • Windows Clients
    • Windows 10
    • Windows 8
    • Windows 7
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
  • PowerShell
  • Exchange
  • Home
  • About

Windows OS Hub

  • Windows Server
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Group Policies
  • Windows Clients
    • Windows 10
    • Windows 8
    • Windows 7
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
  • PowerShell
  • Exchange

 Windows OS Hub / Windows 10 / Connecting Windows via SSH Using Built-in OpenSSH Server

June 5, 2020 Windows 10Windows Server 2019

Connecting Windows via SSH Using Built-in OpenSSH Server

Windows 10 1809 and Windows Server 2019 have got a built-in SSH server based on OpenSSH. In this article we’ll show how to install and configure an OpenSSH server on Windows 10 and connect to it remotely over protected SSH protocol (just like in Linux 🙂 ).

You can install an OpenSSH server in previous Windows versions as well, but you must manually download and install OpenSSH for win32 port from GitHub (https://github.com/powershell/Win32-OpenSSH). The example of how to install and configure Win32-OpenSSH is given in the article “How to Install & Configure SFTP Server (SSH FTP) on Windows?”.

Contents:
  • How to Install OpenSSH Server on Windows?
  • Configure SSH Server on Windows 10/Windows Server 2019
  • OpenSSH Server Configuration File (sshd_config)
  • How to Connect to Windows 10 via SSH?

How to Install OpenSSH Server on Windows?

Let’s see on how to install OpenSSH Server feature on Windows 10 1903 (in Windows Server 2019 the procedure is the same).

The OpenSSH package (like RSAT) is added to these (and newer) Windows versions as the Feature on Demand (FoD).

If you have a direct Internet access, you can install OpenSSH using PowerShell:

Add-WindowsCapability -Online -Name OpenSSH.Server*

Or using DISM:

dism /Online /Add-Capability /CapabilityName:OpenSSH.Server~~~~0.0.1.0

You can also install OpenSSH on Windows 10 through the Settings panel (Apps -> Apps&Features -> Manage optional features -> Add a feature). Find Open SSH Server in the list and click Install.

install openssh server feature on windows 10

To make sure the OpenSSH server has been installed, run the command:
Get-WindowsCapability -Online | ? Name -like 'OpenSSH.Ser*'

State : Installed

check openssh server feature installed on windows Get-WindowsCapability

Configure SSH Server on Windows 10/Windows Server 2019

After you have installed OpenSSH server in Windows, you must change sshd service startup type to automatic and start the service using PowerShell:
Set-Service -Name sshd -StartupType 'Automatic'
Start-Service sshd

start sshd service on windows 10
Using netstat, make sure that the SSH server is running and waiting for the connections on TCP port 22:
netstat -na| find ":22"
check ssh tcp port 22 listening on windows 10
Make sure that Windows Defender Firewall allows inbound connections to Windows through TCP port 22:
Get-NetFirewallRule -Name *OpenSSH-Server* |select Name, DisplayName, Description, Enabled

Name DisplayName Description Enabled
---- ----------- ----------- -------
OpenSSH-Server-In-TCP OpenSSH SSH Server (sshd) Inbound rule for OpenSSH SSH Server (sshd) True

open inbound ssh port in windows defender firewall

If the rule is disabled (Enabled=False) or missing, you can create a new inbound rule using the New-NetFirewallRule cmdlet:

New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22

By default, important OpenSSH components are located in these folders:

  • OpenSSH Server executables: C:\Windows\System32\OpenSSH\
  • The sshd_config file (created after the first service startup): C:\ProgramData\ssh
  • OpenSSH log: C:\windows\system32\OpenSSH\logs\sshd.log
  • The authorized_keys file and keys: %USERPROFILE%\.ssh\

After OpenSSH installation, a new local user (sshd) is created on the computer.

OpenSSH Server Configuration File (sshd_config)

You can change your OpenSSH server settings in the config file: %programdata%\ssh\sshd_config.

For example, to deny SSH connection for the specific domain user account (or all domain users), add these directives to the end of the file:

DenyUsers woshub\admin@192.168.1.10
DenyUsers corp\*

To allow SSH connection to the specific domain group only:

AllowGroups woshub\sshadmins

Or you can allow access to a local group:

AllowGroups sshadmins

You can deny access to the accounts with the administrator privileges. In this case, if you need to perform any privileged actions in your SSH session, you will have to use runas.

DenyGroups Administrators

The following directives allow SSH access using RSA keys and passwords (we’ll look on how to use RSA keys to access Windows through SSH in the next article in detail):

PubkeyAuthentication yes
PasswordAuthentication yes

You can change the port OpenSSH receives connections to in the Port directive of the sshd_config file.

%programdata%\ssh\sshd_config file in windows

After making any changes to sshd_config file, you need to restart the sshd service:

restart-service sshd

How to Connect to Windows 10 via SSH?

Now you can try to connect to your Windows 10 through the SSH client (I am using PuTTY, but you can use a built-in Windows SSH client instead).

At the first connection, a standard request to add the host to the list of known SSH hosts will appear.

putty accept rsa key for a ssh server

Click Yes, and logon to your Windows 10 under Windows user.

login windows 10 via ssh like in linux

If the SSH connection is successful, the cmd.exe shell will start with a prompt string.

admin@win10pc C:\Users\admin>

cmd.exe shell in windows ssh session

You can run different commands, scripts or apps in the command prompt.

run command in windows 10 via ssh

I prefer working in the PowerShell console. To start it, run this command:

powershell.exe

run powershell in windows ssh

In order to change the default cmd.exe shell to PowerShell for OpenSSH, make changes to the registry using the following PowerShell command:

New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell -Value "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -PropertyType String –Force

New-ItemProperty replacing ssh shell from cmd.exe to powershell.exe

Restart your SSH connection and make sure that PowerShell is now used as a default SSH shell (this is shown by PS C:\Users\admin>).

powershell console in windows 10 ssh session

The PowerShell console has been started in your SSH session, and familiar features work in it: tab autocompletion, PSReadLine color highlighting, command history, etc. If the current user is a member of the local administrators group, all session commands are executed elevated even if UAC is enabled.

2 comments
4
Facebook Twitter Google + Pinterest
previous post
MBR2GPT: Converting MBR to GPT Disk in Windows 10
next post
How to Clear RDP Connections History in Windows?

Related Reading

How to Disable NetBIOS and LLMNR Protocols in...

April 9, 2021

Enable Windows Lock Screen after Inactivity via GPO

April 8, 2021

Running Multiple IIS Websites on the Same Port...

April 1, 2021

Can’t Copy and Paste via Remote Desktop (RDP)...

March 31, 2021

UAC: This App Has Been Blocked for Your...

March 30, 2021

2 comments

Dan Rhodes June 5, 2020 - 9:51 am

Wow – didnt even know that was a thing!

Reply
Peter September 25, 2020 - 12:21 pm

Troubleshooting: Add-WindowsCapability (after PowerShell was run as administrator, not mentioned in the article) did response: Path: Online: True and no error is thrown. Then Get-WindowsCapability said Name: OpenSSH.Server~~~~0.0.1.0 Status: Not Present . This is the first step and I am already stuck. How to fix this?

Reply

Leave a Comment Cancel Reply

Categories

  • Active Directory
  • Group Policies
  • Exchange
  • Windows 10
  • Windows 8
  • Windows 7
  • Windows Server 2016
  • Windows Server 2012 R2
  • Windows Server 2008 R2
  • PowerShell
  • VMWare
  • MS Office

Recent Posts

  • How to Disable NetBIOS and LLMNR Protocols in Windows Using GPO?

    April 9, 2021
  • Enable Windows Lock Screen after Inactivity via GPO

    April 8, 2021
  • How to Create and Manage Scheduled Tasks with PowerShell?

    April 7, 2021
  • Updating Windows VM Templates on VMWare with PowerShell

    April 5, 2021
  • Running Multiple IIS Websites on the Same Port or IP Address

    April 1, 2021
  • Can’t Copy and Paste via Remote Desktop (RDP) Clipboard

    March 31, 2021
  • UAC: This App Has Been Blocked for Your Protection on Windows 10

    March 30, 2021
  • How to Unlock a File Locked by Any Process or SYSTEM?

    March 29, 2021
  • Configuring a Domain Password Policy in the Active Directory

    March 26, 2021
  • Using Native Package Manager (WinGet) on Windows 10

    March 24, 2021

Follow us

woshub.com
  • Facebook
  • Twitter
  • RSS
Popular Posts
  • How to Allow Multiple RDP Sessions in Windows 10?
  • How to Repair EFI/GPT Bootloader on Windows 10?
  • How to Restore Deleted EFI System Partition in Windows 10?
  • Network Computers are not Showing Up in Windows 10
  • How to Run Program without Admin Privileges and to Bypass UAC Prompt?
  • Error Code: 0x80070035 “The Network Path was not found” after Windows 10 Update
  • How to Configure Google Chrome Using Group Policy ADMX Templates?
Footer Logo

@2014 - 2018 - Windows OS Hub. All about operating systems for sysadmins


Back To Top