windows ssh server guide
Contents |
supported windows versions
OpenSSH can be used to connect Window 10 clients to Windows Server 2019. OpenSSH Client is available to install on Windows 10 build 1809 and later, while OpenSSH Server is available to install on Windows Server 2019 and later.
intallation
goto Settings, select Apps > Apps & Features > Manage Optional Features > Add a feature > OpenSSH Server > Install
sshd_config
edit sshd_config
location %programdata%\ssh\sshd_config i.e. C:\ProgramData\ssh\sshd_config
add allow and/or deny directive lines to the file
a simple example...
AllowUsers mydomain\johnsmith@*
this will allow the domain account johnsmith to ssh in from any IP address (due to the * after the @)
and because I hate Event viewer, I want ssh to log to a file
to configure, add or modify a line as follows...
SyslogFacility LOCAL0
then it logs to the directory %programdata%\ssh\logs or c:\ProgramData\ssh\logs\sshd.log file.
RESTART ssh service after every change for it to take effect!!!
for more complete instructions see OpenSSH Server Configuration for Windows 10 1809 and Server 2019
service startup
for automatic start on boot...
go to Computer Management > Services > OpenSSH SSH Server
set startup type to Automatic.
also, start the service if you want to start using it.
test/use it
example...
$ ssh johnsmith@192.168.1.1
mydomain\johnsmith@myexamplehost C:\Users\johnsmith>
public key auth
this part was a beating. It didn't work out of the box.
error from ssh log file...
11536 2022-08-26 17:58:35.947 debug1: attempt 1 failures 0 [preauth] 11536 2022-08-26 17:58:35.963 debug1: userauth_pubkey: test pkalg ssh-ed25519 pkblob ED25519 SHA256:LJByW7AoXWuMQ1afasdfasdfasdcHLEckz73LkJ9opPo [preauth] 11536 2022-08-26 17:58:35.963 debug1: trying public key file C:\\Users\\johnsmith\\.ssh\\authorized_keys 11536 2022-08-26 17:58:35.963 Authentication refused.
For sshd-config do the following changes:
Comment this one:
#Match Group administrators # AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys
Uncomment or add line to sshd_config:
PubkeyAuthentication yes
Then open PowerShell as Admin and restart service:
Restart-Service sshd
Then through GUI. For .ssh folder and authorized_keys file do the following:
Properties -> Security -> Advanced -> Disable inheritance -> Convert inherited permissions into explicit permissions on this object. Then delete all users(groups) except: System Administrators current user