-
Notifications
You must be signed in to change notification settings - Fork 767
Install Win32 OpenSSH
-
Note these considerations and project scope first.
-
Download the latest build of OpenSSH. To get links to latest downloads this wiki page.
-
Extract contents of the latest build to
C:\Program Files\OpenSSH
(Make sure binary location has the Write permissions to just to SYSTEM, Administrator groups. Authenticated users should and only have Read and Execute.) -
In an elevated Powershell console, run the following
powershell.exe -ExecutionPolicy Bypass -File install-sshd.ps1
-
Open the firewall for sshd.exe to allow inbound SSH connections
New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22
Note:
New-NetFirewallRule
is for Windows 2012 and above servers only. If you're on a client desktop machine (like Windows 10) or Windows 2008 R2 and below, try:netsh advfirewall firewall add rule name=sshd dir=in action=allow protocol=TCP localport=22
-
Start
sshd
(this will automatically generate host keys under %programdata%\ssh if they don't already exist)net start sshd
-
Migrate sshd configuration from 0.0.X.X versions (optional):
- To use existing customized sshd_config, you need to copy it from binary location to %programdata%\ssh\sshd_config (Note that %programdata% is a hidden directory).
- To use existing host keys, you need to copy them from binary location to %programdata%\ssh\
- Prior versions required SSHD resources (sshd_config, host keys and authorized_keys) to have READ access to "NT Service\SSHD". This is no longer a requirement and the corresponding ACL entry should be removed. You may run
Powershell.exe -ExecutionPolicy Bypass -Command '. .\FixHostFilePermissions.ps1 -Confirm:$false'
(Note the first "." is a call operator.) to fix up these permissions.
-
Setup
sshd
andssh-agent
to auto-start (optional)Set-Service sshd -StartupType Automatic
Set-Service ssh-agent -StartupType Automatic
-
Configuring the default ssh shell (optional)
On the server side, configure the default ssh shell in the windows registry.
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\OpenSSH\DefaultShell
- Full path (case sensitive) of the shell executable
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\OpenSSH\DefaultShellCommandOption
- The switch that the configured default shell requires to execute a command and immediately exit and return to the calling process. It is used for executing the remote ssh commands. Example- ssh user@ip hostname
Example - Powershell cmdlets to set powershell bash as default shell
-
New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell -Value "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -PropertyType String -Force
-
New-ItemProperty -Path $registryPath -Name DefaultShellCommandOption -Value "/c" -PropertyType String -Force
If you are configuring the powershell.exe/cmd.exe/WSL-bash.exe as default ssh shell then you can ignore Computer\HKEY_LOCAL_MACHINE\SOFTWARE\OpenSSH\DefaultShellCommandOption
. Your registry should look like this.
If you want to configure default shell (Ex- cygwin) other than powershell/cmd/WSL-bash then your registry should look like this
- Start Windows Powershell as Administrator
- Navigate to the OpenSSH directory
cd 'C:\Program Files\OpenSSH'
- Run the uninstall script
powershell.exe -ExecutionPolicy Bypass -File uninstall-sshd.ps1
- MSI Install Instructions
- Script Install Instructions
- Alternative installation using the universal installer
- Retrieving download links for the latest packages