OpenSSH client and server are built into Windows. The setup procedure is easier than using Cygwin. RDP (Remote Desktop) over SSH can be significantly more secure than RDP alone, assuming SSH is well configured.
Enable OpenSSH Server: Go to Windows Settings → Apps → Apps & features → Optional features → Add a feature → OpenSSH Server. This also sets Windows Firewall to allow inbound SSH TCP connections. 2 . Edit c:/ProgramData/ssh/sshd_config on the OpenSSH server PC. At least set
PasswordAuthentication noto require SSH public key for better security.
A minimal SSH keypair can be created for the SSH client by:
ssh-keygen -t ed25519 -f ~/.ssh/my_server
Copy the contents of client laptop file ~/.ssh/my_server.pub to the Windows SSH server computer, creating or adding a line to file ~/.ssh/authorized_keys. The location of this file is defined in sshd_config as AuthorizedKeysFile. Use a unique key for each connecting client–do not reuse SSH keypairs between servers or clients.
if the user is a Windows Administrator on the OpenSSH server computer, add the SSH public key to c:/ProgramData/ssh/administrators_authorized_keys
Start the SSH server (for this session only) from PowerShell:
If this gives an error and/or you wish to always start OpenSSH, type
services.mscand in Properties of OpenSSH server → General set “Startup Type: Automatic”
As on Linux, the “authorized_keys” file must have the correct file permissions ACL. Run this PowerShell script:
now the SSH client should be able to connect to the SSH server. If this doesn’t work, try using SSH locally on the OpenSSH server computer to troubleshoot.
To use RDP (remote desktop) over SSH do this one-step setup
Edit text files from Windows console over SSH in the Terminal by using WSL:
then enter commands like
nano foo.txtjust like in Linux as it’s the WSL shell.
Change the default SSH shell. Assuming you have PowerShell 7 on the SSH server, the commands would be like (from
New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell -Value "C:\Program Files\PowerShell\7\pwsh.exe" -PropertyType String -Force