Microsoft Windows OS Tooling Ssh

How to enable sshd on Windows

Shell into your Windows computer like a boss

Posted by Chris on Thu, Feb 15, 2024

If you come from a ’nix background you are used to working with ssh in order to connect to remote computers. This is kind of an alien concept in the Windows world. Sure, there’s ‘Windows remoting’ but it is kind of klunky in comparison to the elegance of ssh.

With WSL installed on Windows you can even shell into a remote Windows machine and arrive at a bash (or other) ’nix shell.

Installing and starting Windows services

In order to enable sshd we first have to install the features — in this case the standard OpenSSH Server. Running Powershell as Administrator:

Get-WindowsCapability -Online | Where-Object Name -like 'OpenSSH*'
Add-WindowsCapability -Online -Name OpenSSH.Server

Once the software is installed we start the sshd Windows service and set it to start up automatically. Again in Administrator Powershell:

Start-Service sshd
Set-Service -Name sshd -StartupType 'Automatic'

Verify Windows firewall rules

While we still have our Powershell open let’s confirm that the Windows firewall rules were updated.

if (!(Get-NetFirewallRule -Name "OpenSSH-Server-In-TCP" -ErrorAction SilentlyContinue | Select-Object Name, Enabled)) {
    Write-Output "Firewall Rule 'OpenSSH-Server-In-TCP' does not exist, creating it..."
    New-NetFirewallRule -Name 'OpenSSH-Server-In-TCP' -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22
} else {
    Write-Output "Firewall rule 'OpenSSH-Server-In-TCP' has been created and exists."
}

Default login shell

Now we can set the default session when you ssh into the Windows computer. This is literally just adding the path to the configration sshd uses to start a session.

New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell -Value "C:/Program Files/Git/bin/bash.exe"  -PropertyType String -Force

In the example above it was set to bash as intalled with Git for Windows. It can also be set to whatever shell is installed via WSL.

Key exchange

One of the best things about ssh is the ability to connect to remote services using key exchange instead of passwords.

First we enable key exchange in the sshd configuration file on the Windows hosts. Open C:\ProgramData\ssh\ssd_config and make sure there is a setting like this:

StrictMode no PasswordAuthentication yes

The remote host’s public key needs to be added to C:\ProgramData\ssh\administrators_authorized_keys.

Finally, we need to set the file’s permissions correctly:

get-acl "$env:programdata\ssh\ssh_host_rsa_key" | set-acl "$env:programdata\ssh\administrators_authorized_keys"

Now, a remote host has the ability to remote ssh into the Windows host using passwordless key exchange.

Thanks for reading.

CONTENT
    TAG CLOUD
    Adblock Admin AI Apps Archive Bash Carputer Charmap Containers Data Sovereignty Desktop Docker Embedded Firefox Flatpak FOSS/FLOSS GNOME Google GTK HTML ICE Linux MacOS Mediawiki Microsoft OS Podman Privacy Recall Shell Ssh Theming Tooling Tweaks Vi/Vim Website Window Manager Windows
    LINKS