First of all, you may be asking why do we even need an SSH server on a Windows server? In a Windows environment, SSH may not seem very useful. After all, we have RDP and PowerShell Remoting with WinRM, which already provide powerful remote management capabilities. However, SSH on Windows definitely has its benefits. Among them are such things as:
- Easily connect and manage Windows servers from Linux or MacOS with built-in tools.
- Connecting from Windows systems to Linux servers is a simple solution with an integrated SSH client. There are many Linux administrators who need to manage servers at work using the Windows OS and always need to install some extra tools like PuTTY or WinSCP. Now they can use familiar SSH commands right from the Windows command line.
- The same remote management tools for Linux and Windows servers are used (SSH, SCP, public key authentication, etc.).
- Cross-platform PowerShell Remoting. PowerShell Core uses SSH to enable remote PowerShell session on Windows, MacOS, and Linux. Unlike WinRM PowerShell Remoting, Windows PowerShell only works on Windows.
- Along with the Windows Subsystem for Linux, you can get Linux-like SSH sessions with Bash and regular Linux tools also on a Windows server, which allows Linux administrators to use their knowledge to manage Windows systems.
- Conversely, Windows administrators can use PowerShell to manage a Linux server if it has the appropriate shell from Microsoft.
- Just another option for remote control that gives you even more flexibility.
Installing OpenSSH on Windows Server 2019
- Using the GUI
Open Settings – Apps & features – Manage optional features :
Click Add a feature , look for OpenSSH Server – Install :
On the previous screen, we are waiting for the end of the installation process. OpenSSH server can be considered installed.
Please note that installation by this method will automatically create a Windows Firewall rule called “OpenSSH-Server-In-TCP” that opens port 22 for incoming connections.
Let’s check if the built-in OpenSSH is present on our system:
Get-WindowsCapability -Online | ? Name -like 'OpenSSH*'
In response you should receive:
Name : OpenSSH.Client~~~~0.0.1.0
State : NotPresent #или Install, если клиент уже установлен
Name : OpenSSH.Server~~~~0.0.1.0
State : NotPresent
Install the client if it is not installed:
Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0
To install the server, enter:
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
In both cases, the output should be:
Online : True
RestartNeeded : False
SSH Server Primary Configuration
By default, when connecting to the OpenSSH server, the Windows command line is used. You can use almost any shell on your Windows machine via an SSH connection. It is even possible to use Bash when the Windows Subsystem for Linux (WSL) is also installed on the target machine. It is also possible to change the default shell on the SSH server to something other than a command shell. To do this, the “DefaultShell” registry key must be changed.
This can be done both through the registry editor regedit.exe, opening the following path in it: HKEY_LOCAL_MACHINESOFTWAREOpenSSH and changing the DefaultShell parameter in it, specifying the full path to the executable file of the required command line, for example:
The same can be done using PowerShell:
New-ItemProperty -Path "HKLM:SOFTWAREOpenSSH" -Name DefaultShell -Value "C:WindowsSystem32WindowsPowerShellv1.0powershell.exe" -PropertyType String -Force
Let’s check the Windows Firewall settings using PowerShell for this:
Get-NetFirewallRule -Name *ssh*
By entering this command, we will receive the parameters of the rule that allows an SSH connection to the server. If the rule does not exist, enter the following command to create it:
New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22
Starting the OpenSSH Service
After installing the SSH server function, we just have to start it:
Optionally, you can set the sshd service to start automatically:
Set-Service -Name sshd -StartupType 'Automatic'
Now we are ready to go and can connect through the installed application to our host. This can be done either from a Windows 10 Linux machine, putty.exe on an older Windows machine, or Bash on a Microsoft desktop operating system. All you need is to find some SSH client, enter your username, your server name or IP address into it and connect.
For an SSH client in PowerShell, the syntax would be:
The first time you connect from an unknown host, you will see the following message:
By answering yes to it, the connection host will be added to the list of known server hosts. After that, you must enter the user password (for security reasons, the entered characters will not be displayed). After a successful connection, the command line interface used will be displayed:
Just like with an OpenSSH server on any *nix system, you can use SCP to copy files to or from the server.
For example, a Linux administrator can quickly retrieve a log file from a Windows server using the same command as for a Linux server.
scp username@servername:C:/inetpub/logs/LogFiles/W3SVC1/u_ex191017.log u_ex191017.log
When you connect from Bash/*nix to a Windows machine, remember that Windows paths must also be specified with regular Unix slashes instead of backslashes. For example, C:/Windows instead of C:Windows.
Similar to the operating systems of the Linux family, OpenSSH Server in Windows includes a special file where all the parameters are stored to perform more detailed settings. For example, to restrict entry .
By default, the configuration file is located in “%programdata%sshsshd_config”.
A wide variety of settings applicable to this file can be found at https://man.openbsd.org/sshd_config .
In addition, Microsoft has documentation for specific Windows settings .
For more information about OpenSSH on Windows, visit docs.microsoft.com or the GitHub project for Microsoft’s OpenSSH fork.
Welcome to the world of DomainRooster, where roosters (and hens) rule the roost! We're a one-stop shop for all your entrepreneurial needs, bringing together domain names and website hosting, and all the tools you need to bring your ideas to life. With our help, you'll soar to new heights and hatch great success. Think of us as your trusty sidekick, always there to lend a wing and help you navigate the sometimes-complex world of domain names and web hosting. Our team of roosters are experts in their fields and are always on hand to answer any questions and provide guidance. So why wait? Sign up today and join the ranks of the world's greatest entrepreneurs. With DomainRooster, the sky's the limit! And remember, as the saying goes, "Successful people do what unsuccessful people are not willing to do." So don't be afraid to take that leap of faith - DomainRooster is here to help you reach for the stars. Caw on!