Posted inUS_1

Getting Started with SSH Server on Windows: A Comprehensive Guide

No Comments

OpenSSH is an essential connectivity tool that utilizes the SSH protocol for secure remote logins. It provides robust encryption for all communication between clients and servers, effectively preventing eavesdropping, connection hijacking, and various other cyberattacks. An Ssh Server allows you to remotely access and manage your Windows Server or client devices from any system with an SSH client. This guide will walk you through the process of setting up and using an SSH server on Windows, ensuring secure and efficient remote management.

Prerequisites for SSH Server on Windows

Before you begin installing and configuring your SSH server, ensure your system meets the following prerequisites:

  • Operating System: You need to be running at least Windows Server 2019, Windows Server 2022, Windows Server 2025, Windows 10 (build 1809 or later), or Windows 11. These operating systems natively support OpenSSH.
  • PowerShell Version: PowerShell 5.1 or a later version is required. PowerShell is crucial for executing commands necessary for OpenSSH installation and configuration.
  • Administrator Privileges: The account you are using must be a member of the built-in Administrators group. Administrative rights are necessary to install and configure system-level features like OpenSSH.

Verifying Prerequisites

To quickly check if your system meets these requirements, follow these steps in an elevated PowerShell session:

  1. Check Windows Version: Type winver.exe and press Enter. A window will pop up displaying detailed information about your Windows version and build number. Verify that your build is compatible with OpenSSH.

  2. Check PowerShell Version: Run the command $PSVersionTable.PSVersion. This command outputs the PowerShell version installed on your system. Ensure the major version is 5 or higher, and the minor version is at least 1. For instructions on upgrading PowerShell, refer to the official documentation.

  3. Verify Administrator Rights: Execute the following command to confirm your account has administrator privileges:

    (New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent())).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)

    If you are an administrator, the command will return True.

Enabling SSH Server on Windows Server 2025

For Windows Server 2025 and later, OpenSSH comes pre-installed, simplifying the setup process significantly. You can easily enable the sshd service, which is the core component of the SSH server, using Server Manager or PowerShell.

Enabling SSH Server via Server Manager

Server Manager provides a graphical interface to manage server roles and features, including OpenSSH. Here’s how to enable the SSH server using Server Manager:

  1. Open Server Manager: Launch Server Manager from the Start Menu.
  2. Navigate to Local Server: In the Server Manager dashboard, select Local Server from the left navigation pane.
  3. Locate Remote SSH Access: In the Properties window for your local server, find the Remote SSH Access property. It will likely be set to Disabled by default.
  4. Enable SSH: Click on Disabled next to Remote SSH Access. This action will enable the OpenSSH service, and the status will change to Enabled.

Alt text: Enabling SSH Server using Server Manager on Windows Server 2025: Navigate to Local Server properties and click “Disabled” next to Remote SSH Access to enable the OpenSSH service.

User Access Control: To manage user access to the SSH server, you can add specific users or groups to the OpenSSH Users user group. This allows you to control who can utilize SSH for remote connections to your server.

Enabling SSH Server via PowerShell

PowerShell offers a command-line approach to enable the SSH server, which is often preferred for automation and scripting. Follow these steps to enable SSHD using PowerShell:

  1. Open PowerShell as Administrator: Right-click on the Start Menu and select “Windows PowerShell (Admin)” or “Windows Terminal (Admin)” to open an elevated PowerShell session.
  2. Start SSHD Service: Execute the following command to start the SSHD service: 
    Start-Service sshd
  3. Set SSHD to Automatic Startup (Recommended): To ensure the SSH server starts automatically whenever the server reboots, run this command: 
    Set-Service -Name sshd -StartupType 'Automatic'
  4. Verify Firewall Rule: The SSH server setup should automatically configure a firewall rule to allow SSH traffic. To confirm this, run the following script: 
    if (!(Get-NetFirewallRule -Name "OpenSSH-Server-In-TCP" -ErrorAction SilentlyContinue | Select-Object Name, Enabled)) {
    Write-Output "Firewall Rule 'OpenSSH-Server-In-TCP' does not exist, creating it..."
    New-NetFirewallRule -Name 'OpenSSH-Server-In-TCP' -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22
} else {
    Write-Output "Firewall rule 'OpenSSH-Server-In-TCP' has been created and exists."
}

    This script checks for the “OpenSSH-Server-In-TCP” firewall rule and creates it if it doesn’t exist, ensuring that inbound SSH traffic on port 22 is allowed.

Installing SSH Server on Older Windows Versions

For Windows Server 2022, Windows Server 2019, Windows 11, and Windows 10, OpenSSH is not installed by default but is available as an optional feature. You can install both the OpenSSH Client and SSH Server components through the Settings app or using PowerShell.

Installing SSH Server via Settings App

The Settings app provides a user-friendly interface to manage optional features. Here’s how to install the SSH Server using the Settings app on different Windows versions:

For Windows 10 & Windows Server 2019/2022:

  1. Open Settings: Click on the Start Menu and select the “Settings” icon (gear icon).
  2. Navigate to Optional Features: Go to System and then select Optional Features. On Windows Server, this might be labeled as Manage optional features.
  3. Check for OpenSSH: Scan the list of installed features to see if OpenSSH is already present.
  4. Add Feature (If Not Installed): If OpenSSH is not listed, click on Add a feature at the top of the page.
  5. Install OpenSSH Server:
    • Find OpenSSH Client and click Install.
    • Find OpenSSH Server and click Install.

Alt text: Installing OpenSSH Server using Optional Features in Windows Settings: Navigate to Optional Features, click “Add a feature,” and select both OpenSSH Client and OpenSSH Server to install.

For Windows 11:

  1. Open Settings: Open the Settings app from the Start Menu.
  2. Navigate to Optional Features: Go to System and then Optional Features.
  3. Check for OpenSSH: Look through the installed features for OpenSSH.
  4. View Features (If Not Installed): If OpenSSH is not installed, click on View Features.
  5. Install OpenSSH Server:
    • Search for OpenSSH Client, select it, click Next, and then Install.
    • Search for OpenSSH Server, select it, click Next, and then Install.

After installation, you need to configure the SSH Server service to start automatically.

  1. Open Services App: Press Win + R, type services.msc, and press Enter to open the Services desktop app.
  2. Find OpenSSH SSH Server: In the Services window, locate OpenSSH SSH Server in the list of services.
  3. Configure Startup Type: Double-click on OpenSSH SSH Server to open its properties.
  4. Set Startup to Automatic: In the General tab, change the Startup type dropdown menu to Automatic. Click Apply and then OK.
  5. Start the Service: Back in the Services window, select OpenSSH SSH Server and click on Start to start the service immediately.

Installing SSH Server via PowerShell

PowerShell provides a more direct and scriptable method to install OpenSSH components.

  1. Run PowerShell as Administrator: Open PowerShell with administrative privileges.

  2. Check OpenSSH Availability: Run the following command to check if OpenSSH capabilities are available:

    Get-WindowsCapability -Online | Where-Object Name -like 'OpenSSH*'

    If OpenSSH is not installed, the output will show State : NotPresent for both Client and Server components.

  3. Install OpenSSH Components: Use the Add-WindowsCapability cmdlet to install the server and client components:

    # Install OpenSSH Client
Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0

# Install OpenSSH Server
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0

    Each command should return output confirming successful installation with Online : True and RestartNeeded : False.

  4. Start and Configure SSH Server: After installation, start the SSHD service and configure the firewall rule using these commands in an elevated PowerShell prompt:

    # Start the sshd service
Start-Service sshd

# OPTIONAL but recommended: Set-Service -Name sshd -StartupType 'Automatic'

# Confirm the Firewall rule is configured
if (!(Get-NetFirewallRule -Name "OpenSSH-Server-In-TCP" -ErrorAction SilentlyContinue | Select-Object Name, Enabled)) {
    Write-Output "Firewall Rule 'OpenSSH-Server-In-TCP' does not exist, creating it..."
    New-NetFirewallRule -Name 'OpenSSH-Server-In-TCP' -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22
} else {
    Write-Output "Firewall rule 'OpenSSH-Server-In-TCP' has been created and exists."
}

Connecting to Your Windows SSH Server

Once the SSH server is installed and running, you can connect to it from any SSH client, whether it’s on another Windows machine, Linux, or macOS.

  1. Open an SSH Client: On your client machine, open a terminal or PowerShell prompt.

  2. Use the SSH Command: Use the ssh command followed by your username and the server’s address (hostname or IP address). Replace domainusername with your Windows username and servername with the target Windows server’s hostname or IP address.

    ssh domainusername@servername

    If you are using a local account instead of a domain account, you can simply use username@servername.

  3. Host Key Verification: The first time you connect to the SSH server, you will see a message like this:

    The authenticity of host 'servername (10.00.00.001)' can't be established.
ECDSA key fingerprint is SHA256:(<a large="" string="">).
Are you sure you want to continue connecting (yes/no)?

    Type yes and press Enter to continue. This adds the server’s host key to your client’s known hosts file, and you won’t be prompted again for the same server.

  4. Enter Password: You will then be prompted to enter your Windows password. For security reasons, the password characters are not displayed as you type. Enter your password and press Enter.

  5. Successful Connection: Upon successful authentication, you will see the Windows command shell prompt, indicating you are now remotely connected to your Windows SSH server.

    domainusername@SERVERNAME C:Usersusername>

Uninstalling OpenSSH Server

If you no longer need the SSH server, you can easily uninstall the OpenSSH components from your Windows system.

Uninstall via Windows Settings

  1. Open Settings: Navigate to System and then Optional Features (or Manage optional features on Windows Server).
  2. Select OpenSSH Components: In the list of installed features, find OpenSSH Client or OpenSSH Server.
  3. Uninstall: Select either OpenSSH Client or OpenSSH Server and click the Uninstall button. Repeat for both components if you wish to remove both.

Alt text: Uninstalling OpenSSH Server using Optional Features in Windows Settings: Locate OpenSSH Client or OpenSSH Server in the list and click the “Uninstall” button to remove them.

Uninstall via PowerShell

PowerShell provides commands to quickly uninstall OpenSSH components.

  1. Run PowerShell as Administrator: Open an elevated PowerShell session.

  2. Uninstall Components: Use the Remove-WindowsCapability cmdlet to uninstall the client and server:

    # Uninstall OpenSSH Client
Remove-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0

# Uninstall OpenSSH Server
Remove-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0

Restart Recommendation: If the SSH service was actively in use during uninstallation, it is recommended to restart Windows to ensure a clean removal.

Next Steps After Installing SSH Server

Congratulations! You have successfully set up an SSH server on your Windows system. To further enhance your SSH server experience and security, consider exploring these next steps:

  • Configure SSH Server Settings: Learn how to customize the sshd_config file to adjust settings such as port number, authentication methods, and more.
  • Set up SSH Key Authentication: Enhance security by configuring SSH key-based authentication instead of password-based logins.
  • Explore Advanced OpenSSH Features: Investigate features like port forwarding, SSH tunneling, and more to leverage the full potential of OpenSSH for secure remote access and network management.

By following this guide, you have successfully installed and configured an SSH server on Windows, enabling secure remote access and management of your systems.

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *