SSH into Windows
I use SSH extensively to manage my Mac, Linux, AIX, very occasionally IBM i, but also I find it useful to be able to remotely and securely access Windows this way. Enabling SSH also allows you to protect an RDP session or use Ansible to manage your machine.
The setup for an OpenSSH Server on Windows 10 or the server variants isn’t as easy as I would like, with lots of documentation scattered all over the internet. I’ve summarised it here for convenience.
Do all of the following from an Elevated PowerShell prompt
Install OpenSSH Server and Client
# Install the OpenSSH Client
Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0
# Install the OpenSSH Server
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0Start OpenSSH Server and SSH Agent
Start-Service sshd
# OPTIONAL but recommended:
Set-Service -Name sshd -StartupType 'Automatic'
# Confirm the Firewall rule is configured. It should be created automatically by setup.
Get-NetFirewallRule -Name *ssh*
# There should be a firewall rule named "OpenSSH-Server-In-TCP", which should be enabled
# If the firewall does not exist, create one
New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22
Get-Service -Name ssh-agent | Set-Service -StartupType automatic
Start-Service ssh-agentIf you’re connecting to an Administrator account, or one that is part of the Administrator group, you’ll need to place those credentials in the following location:
C:\ProgramData\ssh\administrators_authorized_keysOnce that’s done, you’ll need to assign the correct permissions and restart the service.
Secure the Administrator Credentials
$acl = Get-Acl C:\ProgramData\ssh\administrators_authorized_keys
$acl.SetAccessRuleProtection($true, $false)
$administratorsRule = New-Object system.security.accesscontrol.filesystemaccessrule("Administrators","FullControl","Allow")
$systemRule = New-Object system.security.accesscontrol.filesystemaccessrule("SYSTEM","FullControl","Allow")
$acl.SetAccessRule($administratorsRule)
$acl.SetAccessRule($systemRule)
$acl | Set-Acl
Restart-Service sshd