Connecting Windows via SSH Using Built-in OpenSSH Server

Windows 10 1809 and Windows Server 2019 have gotten a built-in SSH server primarily based on OpenSSH. In this text we’ll present easy methods to set up and configure an OpenSSH server on Windows 10 and hook up with it remotely over protected SSH protocol (similar to in Linux 🙂 ).

How to Install OpenSSH Server on Windows?

Let’s see on easy methods to set up OpenSSH Server function on Windows 10 1903 (in Windows Server 2019 the process is identical).

The OpenSSH package deal (like ) is added to those (and newer) Windows variations because the Feature on Demand (FoD).

If you may have a direct Internet entry, you may set up OpenSSH utilizing PowerShell:

Add-WindowsCapability -Online -Name OpenSSH.Server*

Or utilizing DISM:

dism /Online /Add-Capability /

You may also set up OpenSSH on Windows 10 by the Settings panel (Apps -> Apps&Features -> Manage non-obligatory options -> Add a function). Find Open SSH Server within the record and click on Install.

install openssh server feature on windows 10

To be sure that the OpenSSH server has been put in, run the command:
Get-WindowsCapability -Online | ? Name -like 'OpenSSH.Ser*'

State : Installed

check openssh server feature installed on windows Get-WindowsCapability

Configure SSH Server on Windows 10/Windows Server 2019

After you may have put in OpenSSH server in Windows, you have to change sshd service startup kind to computerized and :
Set-Service -Name sshd -StartupType 'Automatic'
Start-Service sshd

start sshd service on windows 10
Using netstat, guarantee that the SSH server is working and ready for the connections on TCP port 22:
netstat -na| discover ":22"
check ssh tcp port 22 listening on windows 10
Make positive that Windows Defender Firewall permits inbound connections to Windows by TCP port 22:
Get-WebFirewallRule -Name *OpenSSH-Server* |choose Name, ShowName, Description, Enabled

Name ShowName Description Enabled
---- ----------- ----------- -------
OpenSSH-Server-In-TCP OpenSSH SSH Server (sshd) Inbound rule for OpenSSH SSH Server (sshd) True

open inbound ssh port in windows defender firewall

If the rule is disabled (Enabled=False) or lacking, you may :

New-WebFirewallRule -Name sshd -ShowName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -NativePort 22

By default, necessary OpenSSH elements are situated in these folders:

  • OpenSSH Server executables: C:WindowsSystem32OpenSSH
  • The sshd_config file (created after the primary service startup): C:ProgramDatassh
  • OpenSSH log: C:windowssystem32OpenSSHlogssshd.log
  • The authorized_keys file and keys: %USERPROFILE%.ssh

After OpenSSH set up, a brand new (sshd) is created on the pc.

OpenSSH Server Configuration File (sshd_config)

You can change your OpenSSH server settings within the config file: %programdatapercentsshsshd_config.

For instance, to disclaim SSH connection for the precise area consumer account (or all area customers), add these directives to the tip of the file:

DenyUsers [email protected]
DenyUsers corp*

To enable SSH connection to the precise area group solely:

AllowTeams woshubsshadmins

Or you may enable entry to a neighborhood group:

AllowTeams sshadmins

You can deny entry to the accounts with the administrator privileges. In this case, if it is advisable to carry out any privileged actions in your SSH session, you’ll have to use .

DenyGroups Administrators

The following directives enable SSH entry utilizing RSA keys and passwords (we’ll look on easy methods to use RSA keys to entry Windows by SSH within the subsequent article intimately):

PubkeyAuthentication sure
PasswordAuthentication sure

You can change the port OpenSSH receives connections to within the Port directive of the sshd_config file.

%programdata%sshsshd_config file in windows

After making any adjustments to sshd_config file, it is advisable to restart the sshd service:

restart-service sshd

How to Connect to Windows 10 via SSH?

Now you may strive to hook up with your Windows 10 by the SSH consumer (I’m utilizing PuTTY, however you need to use a built-in Windows SSH consumer as an alternative).

At the primary connection, an ordinary request so as to add the host to the record of identified SSH hosts will seem.

putty accept rsa key for a ssh server

Click Yes, and logon to your Windows 10 underneath Windows consumer.

login windows 10 via ssh like in linux

If the SSH connection is profitable, the cmd.exe shell will begin with a immediate string.

[email protected] C:Usersadmin>

cmd.exe shell in windows ssh session

You can run completely different instructions, scripts or apps within the command immediate.

run command in windows 10 via ssh

I favor working within the PowerShell console. To begin it, run this command:


run powershell in windows ssh

In order to vary the default cmd.exe shell to PowerShell for OpenSSH, make :

New-ItemProperty -Path "HKLM:SOFTWAREOpenSSH" -Name DefaultShell -Value "C:WindowsSystem32WindowsPowerShellv1.0powershell.exe" -PropertyType String –Force

New-ItemProperty replacing ssh shell from cmd.exe to powershell.exe

Restart your SSH connection and guarantee that PowerShell is now used as a default SSH shell (that is proven by PS C:Usersadmin>).

powershell console in windows 10 ssh session

The PowerShell console has been began in your SSH session, and acquainted options work in it: tab autocompletion, PSReadLine shade highlighting, , and many others. If the present consumer is a member of the native directors group, all session instructions are executed elevated even when UAC is enabled.

Check Also

How to Enable and Configure MPIO on Windows Server 2016/2012R2?

In this text we’ll contemplate how to set up and configure MPIO on Windows Server …

Leave a Reply

Your email address will not be published. Required fields are marked *