Skip to content
Dev0 Docs

Windows Ssh

Enabling

Both OpenSSH components can be installed using Windows Settings on Windows Server 2019 and Windows 10 devices.

To install the OpenSSH components:

  1. Open Settings, select Apps, then select Optional Features.
  2. Scan the list to see if the OpenSSH is already installed. If not, at the top of the page, select Add a feature, then:
    • Find OpenSSH Client, then select Install
    • Find OpenSSH Server, then select Install
  3. Once setup completes, return to Apps and Optional Features and confirm OpenSSH is listed.
  4. Open the Services desktop app. (Select Start, type services.msc in the search box, and then select the Service app or press ENTER.)
  5. In the details pane, double-click OpenSSH SSH Server.
  6. On the General tab, from the Startup type drop-down menu, select Automatic.
  7. To start the service, select Start.
Note

Installing OpenSSH Server will create and enable a firewall rule named OpenSSH-Server-In-TCP. This allows inbound SSH traffic on port 22. If this rule is not enabled and this port is not open, connections will be refused or reset.

User keyfiles

The default is ~/.ssh/authorized_keys. If the user belongs to the administrator group, %programdata%/ssh/administrators_authorized_keys is used instead.

Disabling shared admin files

In order to use the authorized_keys file from a user profile and not to move the public key info to the administrators_authorized_keys file, you can comment out a line in the OpenSSH configuration file.

#Match Group administrators
# AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys

Server configuration

All configuration is done in %programdata%\ssh\sshd_config, the file is just like that seen on Linux.

Default Config

A default configuration is located at C:\Windows\System32\OpenSSH\sshd_config_default

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.


# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options override the
# default value.


#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::


#HostKey __PROGRAMDATA__/ssh/ssh_host_rsa_key
#HostKey __PROGRAMDATA__/ssh/ssh_host_dsa_key
#HostKey __PROGRAMDATA__/ssh/ssh_host_ecdsa_key
#HostKey __PROGRAMDATA__/ssh/ssh_host_ed25519_key


# Ciphers and keying
#RekeyLimit default none


# Logging
#SyslogFacility AUTH
#LogLevel INFO


# Authentication:


#LoginGraceTime 2m
#PermitRootLogin prohibit-password
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10


#PubkeyAuthentication yes


# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile      .ssh/authorized_keys


#AuthorizedPrincipalsFile none


# For this to work you will also need host keys in %programData%/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes


# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no


# GSSAPI options
#GSSAPIAuthentication no


#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#PermitTTY yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#PermitUserEnvironment no
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none


# no default banner path
#Banner none


# override default of no subsystems
Subsystem       sftp    sftp-server.exe


# Example of overriding settings on a per-user basis
#Match User anoncvs
#       AllowTcpForwarding no
#       PermitTTY no
#       ForceCommand cvs server


Match Group administrators
       AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys
Sources:
  • https://learn.microsoft.com/en-us/windows-server/administration/openssh/openssh_install_firstuse?tabs=gui
  • https://learn.microsoft.com/en-us/windows-server/administration/openssh/openssh_server_configuration
  • https://learn.microsoft.com/en-us/windows-server/administration/openssh/openssh_keymanagement