In this tutorial, I will explain how to install the OpenSSH (SSH) server on Windows Server in order to administer it remotely as you would do for a Linux server and also transfer files.
There are several reasons to use OpenSSH on Windows Server, here are just a few:
- Standardizing remote connections as we are in a mixed Windows/Linux environment
- Easier use of automation tools like Ansible, Jenkins, Rundeck….
- Less “complicated” to configure
- Using a private/public key pair to authenticate…
For my part, what first pushed me to deploy OpenSSH on Windows Server was the use of Ansible, which is easier in SSH on Windows than going through WinRM, which can be a pain to install and configure.
Subsequently, administration via SSH is also faster than using Remote PowerShell
In this tutorial, we will see several installation methods, for servers before Windows Server 2019 and for servers from Windows Server 2019, version since which, OpenSSH is included in Windows as an optional feature.
Table of Content
Install OpenSSH on Windows Server 2012R2 and Windows Server 2016
To make installation easier, we will use the Chocolatey utility.
Start by launching a PowerShell window.
If you don’t have it yet, install Chocolatey:
Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1'))To install OpenSSH server:
choco install openssh -yTo install the latest version:
choco install openssh --pre -yAt the moment the files have been uploaded and copied to the server.
Go to the folder where the OpenSSH server files are located:
Set-Location "C:\Program Files\OpenSSH-Win64"Run the following file to install the service:
.\install-sshd.ps1Once the service is installed, we will configure it to start automatically:
Set-Service sshd -StartupType "Automatic"Start the OpenSSH service:
Start-Service sshdInstall OpenSSH on Windows Server 2019 and newer
Since this feature is built into Windows Server, we will use the Add-WindowsCapability Cmdlet.
Launch a PowerShell command prompt and enter this command:
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
Configure the service to start automatically:
Set-Service sshd -StartupType "Automatic"Start the service:
Start-Service sshdConnect to Windows Server via SSH
The connection works as for a Linux server:
From an SSH client enter the following command:
ssh user@ipIn the case of an Active Directory user account:
ssh '[email protected]'@ipConfigure OpenSSH to use a private/public key pair
To finish this tutorial, I will explain how to configure the SSH server on Windows to use a private/public key pair to avoid having to enter the password.
This configuration is also practical when you want to use Ansible or Rundeck for example.
To begin, we will configure the SSH server, we find the SSH server configuration on Windows in the sshd_config file at the following location: C:\ProgramData\ssh.
Open the file and make the following changes:
Uncomment the StrictModes parameter and set it to no.
StrictModes noUncomment PubkeyAuthentication to enable key authentication:
PubkeyAuthentication yesComment out the following lines at the end of the file:
#Match Group administrators
# AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keysSave the file and close it.
Restart the service to take the configuration into account:
Restart-Service sshdNow we will configure the public key on the server, the operation is the same as on Linux.
In the folder of the user with whom you will connect remotely, create a .ssh folder:
C:\Users\<User>\.sshIf the folder does not exist, go to the command line, the explorer does not want to create a file that starts with a .
Then in the .ssh folder create a file named authorized_keys and paste the public key (id_rsa.pub) into it.
You now know how to configure an openSSH server on Windows Server to administer it remotely.
