Difference between revisions of "windows ssh server guide"
(→sshd_config) |
(→intallation) |
||
(6 intermediate revisions by one user not shown) | |||
Line 1: | Line 1: | ||
==supported windows versions== | ==supported windows versions== | ||
OpenSSH can be used to connect Window 10 clients to Windows Server 2019. OpenSSH Client is available to install on Windows 10 build 1809 and later, while OpenSSH Server is available to install on Windows Server 2019 and later. | OpenSSH can be used to connect Window 10 clients to Windows Server 2019. OpenSSH Client is available to install on Windows 10 build 1809 and later, while OpenSSH Server is available to install on Windows Server 2019 and later. | ||
− | == | + | ==installation== |
goto Settings, select Apps > Apps & Features > Manage Optional Features > Add a feature > OpenSSH Server > Install | goto Settings, select Apps > Apps & Features > Manage Optional Features > Add a feature > OpenSSH Server > Install | ||
− | |||
− | |||
− | |||
===sshd_config=== | ===sshd_config=== | ||
Line 43: | Line 40: | ||
also, start the service if you want to start using it. | also, start the service if you want to start using it. | ||
+ | |||
+ | ==test/use it== | ||
+ | |||
+ | example... | ||
+ | |||
+ | $ ssh johnsmith@192.168.1.1 | ||
+ | <br>mydomain\johnsmith@myexamplehost C:\Users\johnsmith> | ||
+ | |||
+ | ==public key auth== | ||
+ | |||
+ | windows version | ||
+ | |||
+ | this part was a beating. It didn't work out of the box. | ||
+ | |||
+ | error from ssh log file... | ||
+ | 11536 2022-08-26 17:58:35.947 debug1: attempt 1 failures 0 [preauth] | ||
+ | 11536 2022-08-26 17:58:35.963 debug1: userauth_pubkey: test pkalg ssh-ed25519 pkblob ED25519 SHA256:LJByW7AoXWuMQ1afasdfasdfasdcHLEckz73LkJ9opPo [preauth] | ||
+ | 11536 2022-08-26 17:58:35.963 debug1: trying public key file C:\\Users\\johnsmith\\.ssh\\authorized_keys | ||
+ | 11536 2022-08-26 17:58:35.963 Authentication refused. | ||
+ | |||
+ | |||
+ | |||
+ | For sshd-config do the following changes: | ||
+ | |||
+ | Comment this one: | ||
+ | #Match Group administrators | ||
+ | # AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys | ||
+ | Uncomment or add line to sshd_config: | ||
+ | PubkeyAuthentication yes | ||
+ | |||
+ | Then open PowerShell as Admin and restart service: | ||
+ | Restart-Service sshd | ||
+ | |||
+ | Then through GUI. | ||
+ | For .ssh folder and authorized_keys file do the following: | ||
+ | |||
+ | Properties -> Security -> Advanced -> Disable inheritance -> Convert inherited permissions into explicit permissions on this object. | ||
+ | Then delete all users(groups) except: | ||
+ | System | ||
+ | Administrators | ||
+ | current user | ||
+ | |||
+ | [[category:winblows]] |
Latest revision as of 15:33, 20 September 2022
Contents |
supported windows versions
OpenSSH can be used to connect Window 10 clients to Windows Server 2019. OpenSSH Client is available to install on Windows 10 build 1809 and later, while OpenSSH Server is available to install on Windows Server 2019 and later.
installation
goto Settings, select Apps > Apps & Features > Manage Optional Features > Add a feature > OpenSSH Server > Install
sshd_config
edit sshd_config
location %programdata%\ssh\sshd_config i.e. C:\ProgramData\ssh\sshd_config
add allow and/or deny directive lines to the file
a simple example...
AllowUsers mydomain\johnsmith@*
this will allow the domain account johnsmith to ssh in from any IP address (due to the * after the @)
and because I hate Event viewer, I want ssh to log to a file
to configure, add or modify a line as follows...
SyslogFacility LOCAL0
then it logs to the directory %programdata%\ssh\logs or c:\ProgramData\ssh\logs\sshd.log file.
RESTART ssh service after every change for it to take effect!!!
for more complete instructions see OpenSSH Server Configuration for Windows 10 1809 and Server 2019
service startup
for automatic start on boot...
go to Computer Management > Services > OpenSSH SSH Server
set startup type to Automatic.
also, start the service if you want to start using it.
test/use it
example...
$ ssh johnsmith@192.168.1.1
mydomain\johnsmith@myexamplehost C:\Users\johnsmith>
public key auth
windows version
this part was a beating. It didn't work out of the box.
error from ssh log file...
11536 2022-08-26 17:58:35.947 debug1: attempt 1 failures 0 [preauth] 11536 2022-08-26 17:58:35.963 debug1: userauth_pubkey: test pkalg ssh-ed25519 pkblob ED25519 SHA256:LJByW7AoXWuMQ1afasdfasdfasdcHLEckz73LkJ9opPo [preauth] 11536 2022-08-26 17:58:35.963 debug1: trying public key file C:\\Users\\johnsmith\\.ssh\\authorized_keys 11536 2022-08-26 17:58:35.963 Authentication refused.
For sshd-config do the following changes:
Comment this one:
#Match Group administrators # AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys
Uncomment or add line to sshd_config:
PubkeyAuthentication yes
Then open PowerShell as Admin and restart service:
Restart-Service sshd
Then through GUI. For .ssh folder and authorized_keys file do the following:
Properties -> Security -> Advanced -> Disable inheritance -> Convert inherited permissions into explicit permissions on this object. Then delete all users(groups) except: System Administrators current user