Windows SSH Server¶
Sometime you need to connect to a remote server via SSH. Usually it's the main connection to linux servers. But you can also connect to a windows server via SSH. At this guide we will show you how to install and configure a windows ssh server, including SSH Keys authentication.
SSH Server Installation on Windows¶
We will be using PowerShell to install the SSH server inculding the SSH client.
Open PowerShell Terminal as Administrator.
Run the following commands to install the SSH server and client.
Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
After the installaton you can check the Windows SSH server and client are installed.
Get-WindowsCapability -Online | Where-Object Name -like 'OpenSSH*'
The output will be something like this:
To start the Windows SSH server service
Start-Service sshd
Enable Windows SSH Server on Windows Boot
Set-Service -Name sshd -StartupType 'Automatic'
Add a Firewall rule to allow the SSH port
if (!(Get-NetFirewallRule -Name "OpenSSH-Server-In-TCP" -ErrorAction SilentlyContinue | Select-Object Name, Enabled)) { Write-Output "Firewall Rule 'OpenSSH-Server-In-TCP' does not exist, creating it..." New-NetFirewallRule -Name 'OpenSSH-Server-In-TCP' -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22 } else { Write-Output "Firewall rule 'OpenSSH-Server-In-TCP' has been created and exists." }
At this point you should be able to connect via SSH to the Windows server with your username and password.
Adding SSH Keys¶
Administrator User¶
Create the file: administrators_authorized_keys at the following location:
C:\ProgramData\ssh\administrators_authorized_keys
Edit the file and add you SSH public key to the file.
Now we need to import the SSH public key to the Windows SSH server. We can do this by using the following command:
icacls.exe "C:\ProgramData\ssh\administrators_authorized_keys" /inheritance:r /grant "Administrators:F" /grant "SYSTEM:F"
Test the SSH connection to the Windows server from remote machine with the SSH Key.
You should be able to connect to the Windows server with your SSH key
Regular User (non-administrator)¶
Create a .ssh directory in the home directory of the user.
```path
C:\Users\<username>\.ssh\
Create the file: authorized_keys at the following location:
C:\Users\<username>\.ssh\authorized_keys
Edit the file and add you SSH public key to the file.
Test the SSH connection to the Windows server from remote machine with the SSH Key.
You should be able to connect with non-administrator user to the Windows server with your SSH key
PowerShell as Default Shell for SSH¶
By default the SSH client uses the Windows command prompt as the default shell.
We can change the default shell to PowerShell running the following PowerShell command:
New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell -Value "C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell.exe" -PropertyType String -Force
Next to you connet to the Windows SSG server it should start the PowerShell shell.
It should look something like this:
