Deploying and using SSH on Windows
Working from home -- Habib Dadkhah @ unsplash
What if I told you, you could SSH into your Windows PCs and just powershell as your login shell?
Here’s how:
Install Dependencies
Windows supports installing SSH as a capability Check if it’s available for your Windows version (run as admin user):
Get-WindowsCapability -Online | Where-Object Name -like 'OpenSSH*'
This should give you:
Name : OpenSSH.Client~~~~0.0.1.0
State : Installed
Name : OpenSSH.Server~~~~0.0.1.0
State : Installed
Install the Packages if they are available:
# Install the OpenSSH Client
Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0
# Install the OpenSSH Server
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
Should give you:
PS C:\Users\andreas> Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0
Path :
Online : True
RestartNeeded : False
PS C:\Users\andreas> Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
Path :
Online : True
RestartNeeded : False
Configuration
Once installed we need to configure sshd as a service
Server
Start the service:
# Start the sshd service
Start-Service sshd
Enable running sshd automatically at system start
# OPTIONAL but recommended:
Set-Service -Name sshd -StartupType 'Automatic'
Open the firewall port to get access to port 22/tcp:
# Confirm the Firewall rule is configured. It should be created automatically by setup. Run the following to verify
if (!(Get-NetFirewallRule -Name "OpenSSH-Server-In-TCP" -ErrorAction SilentlyContinue | Select-Object Name, Enabled)) {
Write-Output "Firewall Rule 'OpenSSH-Server-In-TCP' does not exist, creating it..."
New-NetFirewallRule -Name 'OpenSSH-Server-In-TCP' -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22
} else {
Write-Output "Firewall rule 'OpenSSH-Server-In-TCP' has been created and exists."
}
Agent
As an Add-On, enable SSH-Agent to be able to use your agent registered keys:
# By default the ssh-agent service is disabled. Allow it to be manually started for the next step to work.
# Make sure you're running as an Administrator.
Get-Service ssh-agent | Set-Service -StartupType Manual
# Start the service
Start-Service ssh-agent
# This should return a status of Running
Get-Service ssh-agent