Windows SSH server

Since Windows 10 1809, OpenSSH client and server are built into Windows. The setup procedure is easier than using Cygwin. RDP (Remote Desktop) over SSH can be significantly more secure than RDP alone, assuming SSH is well configured.

  1. Enable OpenSSH Server: Go to Windows Settings → Apps → Apps & features → Optional features → Add a feature → OpenSSH Server. This also sets Windows Firewall to allow inbound SSH TCP connections. 2 . Edit c:/ProgramData/ssh/sshd_config on the OpenSSH server PC. At least set PasswordAuthentication no to require SSH public key for better security.

  2. A minimal SSH keypair can be created for the SSH client by:

    ssh-keygen -t ed25519 -f ~/.ssh/my_server
    
  3. Copy the contents of client laptop file ~/.ssh/my_server.pub to the Windows SSH server computer, creating or adding a line to file ~/.ssh/authorized_keys. The location of this file is defined in sshd_config as AuthorizedKeysFile. Use a unique key for each connecting client–do not reuse SSH keypairs between servers or clients.

  4. if the user is a Windows Administrator on the OpenSSH server computer, add the SSH public key to c:/ProgramData/ssh/administrators_authorized_keys

  5. Start the SSH server (for this session only) from PowerShell:

    Start-Service sshd
    

    If this gives an error and/or you wish to always start OpenSSH, type services.msc and in Properties of OpenSSH server → General set “Startup Type: Automatic”

  6. As on Linux, the “authorized_keys” file must have the correct file permissions ACL. Run this PowerShell script from Concurrency.com:

  7. now the SSH client should be able to connect to the SSH server. If this doesn’t work, try using SSH locally on the OpenSSH server computer to troubleshoot.

  8. To use RDP (remote desktop) over SSH do this one-step setup

Tips

  • Edit text files from Windows console over SSH in the Terminal by using WSL:

    wsl
    

    then enter commands like nano foo.txt just like in Linux as it’s the WSL shell.

  • Change the default SSH shell. Assuming you have PowerShell 7 on the SSH server, the commands would be like (from pwsh PowerShell):

    New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell -Value "C:\Program Files\PowerShell\7\pwsh.exe" -PropertyType String -Force