Installing OpenSSH for Windows


In this post we will look at how to install Microsoft official version of OpenSSH for Windows. This guid was prepared for Windows 10.



  • Download the OpenSSH Windows binaries (https://github.com/PowerShell/Win32-OpenSSH/releases/) and extract it into C:\Program Files\OpenSSH
  • Open terminal as administrator and go to the folder:
    [pre class="brush:bash"]cd C:\Program Files\OpenSSH[/pre]
  • Install sshd and ssh-agent services
    [pre class="brush:bash"]powershell.exe -ExecutionPolicy ByPass -File .\install-sshd.ps1[/pre]
  • Setup SSH host keys (generate all the 'host; keys that sshd expects when it starts)
    [pre class="brush:bash"].\ssh-keygen.exe -A[/pre]
  • Securing the SSH host keys
    • Start service ssh-agent (Control Panel -> Administrative Tools -> Services -> ssh-agent -> Start the service)
    • Download PsExec.exe (https://technet.microsoft.com/en-us/sysinternals/pxexec.aspx?f=255&MSPPError=-2147217396)
    • Launch terminal as administrator and enter the following command after going into the folder [pre class="brush:bash"]psexec.exe -i -s cmd.exe[/pre]
    • A new cmd window will open and enter the following commands to encrypt the keys (after going into the OpenSSH folder) [pre class="brush:bash"]ssh-add ssh_host_dsa_key
      ssh-add ssh_host_rsa_key
      ssh-add ssh_host_ecdsa_key
      ssh-add ssh_host_ed25519_key
      [/pre]
    • Host keys are now securely stored by the ssh-agent, private key files can be now removed
  • Create an inbound firewall rule to allow ssh traffic[pre class="brush:bash"]netsh advfirewall firewall add rule name='SSH Port' dir=in action=allow protocol=TCP localport=22[/pre]
  • If you are going to be doing key-based authentication, run the following setup the key-auth package [pre class="brush:bash"]Powershell.exe -ExecutionPolicy ByPass -File .\install-sshlsa.ps1[/pre]
  • Restart the computer
  • Start the service and/or configure automatic start:
    • Go to Control Panel > System and Security > Administrative Tools and open Services. Locate SSHD service.
    • If you want the server to start automatically when your machine is started: Go to Action > Properties. In the Properties dialog, change Startup type to Automatic and confirm.
    • If you want to restart these services when they crash (double click on sshd -> Recovery -> Select all failures to "Restart the service"
    • Start the SSHD service by clicking the Start the service.
  • Connecting to the server
    • In Moba Xterm, Open sessions -> select SFTP and then provide the IP address and the user name and connect as usual.

You may also interested in reading:

No comments:

Post a Comment