Windows/SSH: Difference between revisions
< Windows
No edit summary |
|||
| (3 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
== Enable SSH == | |||
Install service (powershell): | |||
Add-WindowsCapability -Online -Name OpenSSH.Server* | |||
Start service (powershell): (is this step needed?) | |||
Start-Service sshd | |||
(Optional) Set SSH Service to Start Automatically: | |||
Set-Service -Name sshd -StartupType 'Automatic' | |||
Verify Service: | |||
Get-Service sshd | |||
Enable Firewall Rule (powershell): | |||
New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22 | |||
References: | |||
* How to SSH into Windows 10 or 11? - https://gist.github.com/teocci/5a96568ab9bf93a592d7a1a237ebb6ea | |||
* Setting Up SSH Server and Opening Port 22 on Windows | by Liliane Konissi | Medium - https://medium.com/@lilnya79/setting-up-ssh-server-and-opening-port-22-on-windows-ff9f324823b7 | |||
== Chocolatey == | == Chocolatey == | ||
| Line 25: | Line 46: | ||
=== SSH Keys === | === SSH Keys === | ||
For standard users: | |||
%USERPROFILE%/.ssh/authorized_keys | |||
For users who are administrators, they must put their keys in | |||
C:\ProgramData\ssh\administrators_authorized_keys | C:\ProgramData\ssh\administrators_authorized_keys | ||
%PROGRAMDATA%\ssh\administrators_authorized_keys | |||
%ALLUSERSPROFILE%\ssh\administrators_authorized_keys | |||
Fix the permissions with Powershell: | Fix the permissions with Powershell: | ||
Latest revision as of 02:27, 5 September 2025
Enable SSH
Install service (powershell):
Add-WindowsCapability -Online -Name OpenSSH.Server*
Start service (powershell): (is this step needed?)
Start-Service sshd
(Optional) Set SSH Service to Start Automatically:
Set-Service -Name sshd -StartupType 'Automatic'
Verify Service:
Get-Service sshd
Enable Firewall Rule (powershell):
New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22
References:
- How to SSH into Windows 10 or 11? - https://gist.github.com/teocci/5a96568ab9bf93a592d7a1a237ebb6ea
- Setting Up SSH Server and Opening Port 22 on Windows | by Liliane Konissi | Medium - https://medium.com/@lilnya79/setting-up-ssh-server-and-opening-port-22-on-windows-ff9f324823b7
Chocolatey
Set-ExecutionPolicy Bypass -Scope Process -Force
[System.Net.ServicePointManager]::SecurityProtocol = 3072
iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))
$env:chocolateyUseWindowsCompression = 'true'
choco install -y openssh -params '"/SSHServerFeature"'
Config
C:\ProgramData\ssh
sshd_config: AuthorizedKeysFile .ssh/authorized_keys
Match Group administrators
AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys
SSH Keys
For standard users:
%USERPROFILE%/.ssh/authorized_keys
For users who are administrators, they must put their keys in
C:\ProgramData\ssh\administrators_authorized_keys
%PROGRAMDATA%\ssh\administrators_authorized_keys %ALLUSERSPROFILE%\ssh\administrators_authorized_keys
Fix the permissions with Powershell:
$acl = Get-Acl C:\ProgramData\ssh\administrators_authorized_keys
$acl.SetAccessRuleProtection($true, $false)
$administratorsRule = New-Object system.security.accesscontrol.filesystemaccessrule("Administrators","FullControl","Allow")
$systemRule = New-Object system.security.accesscontrol.filesystemaccessrule("SYSTEM","FullControl","Allow")
$acl.SetAccessRule($administratorsRule)
$acl.SetAccessRule($systemRule)
$acl | Set-Acl
ref: https://www.concurrency.com/blog/may-2019/key-based-authentication-for-openssh-on-windows
Ansible
- name: Install openssh
win_chocolatey:
name: openssh
package_params: /SSHServerFeature
state: present
tags: openssh