Install and configure OpenSSH Server on Windows

We can install and configure OpenSSH server on Windows, so that we can take access of it’s command prompt from another device.

Installation

Method 1 : Using Winget

Open PowerShell or CMD as Administrator (Press Windows + A key as shortcut), and run below command to install OpenSSH server using Winget:

winget install Microsoft.OpenSSH.Beta

Enter y if it prompt for any confirmation/agreement.

Method 2 : Using pure PowerShell method

Run this command in an elevated PowerShell prompt:

Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0

Run OpenSSH Server

Start the SSHD service:

Start-Service sshd

Set SSHD service start type automatic so that it starts when you power on your system:

Set-Service -Name sshd -StartupType 'Automatic'

Create a firewall rule for OpenSSH Server:

New-NetFirewallRule -Name 'OpenSSH-Server-In-TCP' -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22

Optional: Change default Shell

When you take SSH of your system, the default shell if Command prompt, however you can change it to PowerShell. Below command will change it to PowerShell:

New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell -Value "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -PropertyType String -Force

Setup authorized keys for Admin:

If your account have admin privileges, you need to put your public SSH keys to C:\ProgramData\ssh\administrators_authorized_keys file.

First create SSH keys if you don’t have:

ssh-keygen

Hit enter, by default SSH keys will be saved in .ssh folder in your home directory.

Now create C:\ProgramData\ssh\administrators_authorized_keys file

New-Item "C:\ProgramData\ssh\administrators_authorized_keys"

Open it in Notepad:

Notepad "C:\ProgramData\ssh\administrators_authorized_keys"

Go to your home directory, navigate to .ssh/id_rsa.pub file, open the file with a text editor, copy the contents and paste to C:\ProgramData\ssh\administrators_authorized_keys file.

Now you can access the shell of your Windows PC using SSH, you need to copy ~.ssh\id_rsa file to the source machine.

Troubleshooting

C:\ProgramData\ssh\administrators_authorized_keys file permission issue:

Navigate to C:\ProgramData\ssh\administrators_authorized_keys file in explorer, go to Properties -> Security -> Advanced -> Change Permissions -> Disable inheritance -> Convert inherited permissions into explicit permissions on this object. Remove all the permissions execpt SYSTEM and add your user account in it. There must be only two pwemission: SYSTEM and your User account.