Windows SSH server

OpenSSH client and server are built into Windows. The setup procedure is easier than using Cygwin. RDP (Remote Desktop) over SSH can be significantly more secure than RDP alone, assuming SSH is well configured.

Enable OpenSSH Server: Go to Windows Settings → Apps → Apps & features → Optional features → Add a feature → OpenSSH Server. This also sets Windows Firewall to allow inbound SSH TCP connections.

Edit c:/ProgramData/ssh/sshd_config on the OpenSSH server PC. At least set PasswordAuthentication no to require SSH public key for better security.

A minimal SSH keypair can be created for the SSH client by:

ssh-keygen -t ed25519 -f ~/.ssh/my_server

Copy the contents of client laptop file ~/.ssh/my_server.pub to the Windows SSH server computer, creating or adding a line to file ~/.ssh/authorized_keys. The location of this file is defined in sshd_config as AuthorizedKeysFile. Use a unique key for each connecting client–do not reuse SSH keypairs between servers or clients.

If the user is a Windows Administrator on the OpenSSH server computer, add the SSH public key to c:/ProgramData/ssh/administrators_authorized_keys

Start the SSH server (for this session only) from PowerShell:

Start-Service sshd

To always start OpenSSH on boot, type services.msc and in Properties of OpenSSH server → General set “Startup Type: Automatic”

As on Linux, the “authorized_keys” file must have the correct file permissions ACL. Run this PowerShell script:

The SSH client should be able to connect to the SSH server. If this doesn’t work, try using SSH locally on the OpenSSH server computer to troubleshoot.

To use RDP (remote desktop) over SSH do this one-step setup

Tips:

  • Edit text files from Windows console over SSH in the Terminal by using WSL:

    wsl

    then enter commands like nano foo.txt just like in Linux as it’s the WSL shell.

  • Change the default SSH shell. Assuming you have PowerShell 7 on the SSH server, the commands would be like (from pwsh PowerShell):

    New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell -Value "$Env:ProgramFiles\PowerShell\7\pwsh.exe" -PropertyType String -Force