OpenSSH Server and customer included in Windows 10 v.1809 and late and in Windows Server 2019
so let ‘s start ! !
- How to Identify if Windows 10 Open SSH Server installed from GUI
- How to Identify if OpenSSH Server installed from Powershell
- How to Install in Windows 10 the OpenSSH Server from GUI
- How to Install in Windows 10 the OpenSSH Server from Powershell
- How to start and Configure in Windows 10 the OpenSSH Server
- How to connect with ssh from Linux to Windows 10 OpenSSHServer
- How to disable password authentication in OpensshServer
How to Identify if Windows 10 Open SSH Server installed from GUI
Before start with the facility its better to identify if already OpenSSH Server installed.
- Click Start and Gear Icon
- Click in Apps
- From the right side select Manage Optional Features.
- if you see Open SSH Server then it means that already installed.
- If you can’t see this means that you must install the Feature.
How to Identify if OpenSSH Server installed from Powershell
If you like Powershell you can use the watch command to identify if OpenSSH Server already installed
Get-WindowsCapability -Online | ? name -like "openssh*"
Check the State condition to identify if is installed or not
- State:Installed means it’s already installed
- State:Not Present means it’s not installed
How to Install in Windows 10 the OpenSSH Server from GUI
After identify that OpenSSH Server it ‘s not installed we can proceed to install the OpenSSH Server
- Click Start and Gear Icon
- Click in Apps
- From the right side select Manage Optional Features
- Click Add Feature
- Find and click Open SSH Server
- Click Install
How to Install in Windows 10 the OpenSSH Server from Powershell
If you would like to proceed the initiation of OpenSSH Server from Powershell you can do it with one command .
Type the surveil command and wait to finish the initiation
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
How to start and Configure in Windows 10 the OpenSSH Server
now it ‘s fourth dimension to Configure OpenSSH Server to start use it .
- Open Powershell command as Administrator
- Type the following command to start the Service of the OpenSSH Server
- Type the following command to add Automatic Startup in Service
Set-Service -Name sshd -StartupType 'Automatic'
- Type the following command to find the Rule for OpenSSH Server in Windows Firewall and verify that is Allow
Get-NetFirewallRule -Name *ssh*
How to connect with ssh from Linux to Windows 10 OpenSSHServer
The reality with ssh is that most of them use it with Public key authentication alternatively of password authentication because it prevent attacks.
But by default after the installation the OpenSSH Server consumption password authentication .
We will keep the password authentication to be able to connect through the configuration that must be done to use the Public key authentication
sol for the best practices and better security permit ‘s explain how can generate ssh keys and use it to connect in OpenSSH Server
- Login in Windows 10 OpenSSH Server and create the users that you want to connect.
- If you have Domain users and have already decide which should be connect then avoid the previous step
- Login in the Linux that you will use it to connect in OpenSSH Server
- Type the following command to start generate the keys
- ssh keygen
- It will ask how you would like to save the file name but you can leave it as the default and click Enter
- Also it will ask to create a passphrase.
- Just write down a passphrase and keep it in a safe place because it will ask when you will connect in OpenSSH Server.
- Now if you type ls to see the files and folder of the ssh directory you will see 2 files. These are the private key and the public key with the extension .pub
- To be able create the authentication must be copy the public key in the Openssh Server in the following path of the user which will connect from Linux. Note that we must have create the user before proceed with this step.
- The name of the public key file must be authorized_keys in the .ssh folder
- So let’s type the following command from the Linux which create the ssh keys and replace the email@example.com with your username and ip address of the opensshserver
- scp ~/.ssh/id_rsa.pub firstname.lastname@example.org:”c:\users\user1\.ssh\authorized_keys”
- Login in the Openssh server and verify that the authorized_keys created in the .ssh of the user folder.
- Now we must configure the permission of the authorized_keys because if you try to connect as it you will get an error Permission denied (publickey,keyboard-interactive)
- If we check the permissions of the authorized_keys file we will see that has access the user which will connect in my scenario is the user1 and the Domain Administrator.
- But these users must be removed.
- If you search in Google you will find most of the Blogs and forums to say that you can download the Powershell module OpenSSHUtil but this module has been deprecated and if you try you will fail to downloaded
- Before try to remove the access from users in the authorized_keys file must be disable the inheritance. If you don’t do it and try to remove the users with icacls command then you will get the info that succesfull proceed with the file but if you will check the permission will be the same without remove the users.
- Right click in authorized_keys file — Properties.
- Click Advanced button.
- Click Disable inheritance.
- Click Convert inherited permissions into explicit permissions on this object.
- Login again in Linux which will use it to connect and type the following command to connect with ssh and password authentication for now
- ssh email@example.com
- After connect type the following commands to remove the user access from the authorized_keys
- Icacls “authorized_keys” /remove user1
- Icacls “authorized_keys” /remove administrator
- Now type the following command to check the permissions in the file.
- Only these users must has access in this file
- icacls authorized_keys
- The last step is to disable the password authentication and enable the Pubkey authentication from the ssh_config file to be able authorized only with the ssh keys and not with password
How to disable password authentication in OpensshServer
After the basic shape of OpensshServer to set Automatic the Service and verify the Rule in Windows Firewall you can proceed in more advance configuration .
Let ‘s explain how can change shape of Openssh waiter .
- Open Powershell as Administrator
- Type the command notepad.exe $env:PROGRAMDATA\ssh\sshd_config to open the ssh_config file
- Change the following lines with these values.
- PubkeyAuthentication yes
- PasswordAuthentication no
- Then type the following commands to restart the Openssh Server service
- Stop-Service sshd
- Start-Service sshd
- Let’s connect in Linux and type the command to connect trough ssh.
- If all works without issues you will see that ask the passphrase before connect
- Type it and the connection will be established.
If you failed to connect with Public key authentication then the better solution is to use Logs of SSH to identify the causal agent of the write out .
This has been change from previous versions and immediately the SSH Logs located in Windows Event Logs in stead of the C:\ProgramData\ssh\logs\sshd.log and you can find it in Application and Services Logs — OpenSSH Logs
I hope my article to help you or explore something new or resolve a trouble.
Read more: Best Free Karaoke Software for Windows
Have a courteous weekend ! !
I invite you to follow me on Twitter or Facebook. If you have any questions, send me an electronic mail at i nfo @ askme4tech.com