-
Notifications
You must be signed in to change notification settings - Fork 767
Install Win32 OpenSSH
-
Note these considerations and project scope first.
-
Download the latest build of OpenSSH. To get links to latest downloads this wiki page.
-
Extract contents of the latest build to
C:\Program Files\OpenSSH
(Make sure binary location has the Write permissions to just to SYSTEM, Administrator groups. Authenticated users should and only have Read and Execute.) -
In an elevated Powershell console, run the following
powershell.exe -ExecutionPolicy Bypass -File install-sshd.ps1
-
Open the firewall for sshd.exe to allow inbound SSH connections
New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22
Note:
New-NetFirewallRule
is for Windows 2012 and above servers only. If you're on a client desktop machine (like Windows 10) or Windows 2008 R2 and below, try:netsh advfirewall firewall add rule name=sshd dir=in action=allow protocol=TCP localport=22
-
Start
sshd
(this will automatically generate host keys under %programdata%\ssh if they don't already exist)net start sshd
-
Migrate sshd configuration from 0.0.X.X versions (optional):
- To use existing customized sshd_config, you need to copy it from binary location to %programdata%\ssh\sshd_config (Note that %programdata% is a hidden directory).
- To use existing host keys, you need to copy them from binary location to %programdata%\ssh\
- Prior versions required SSHD resources (sshd_config, host keys and authorized_keys) to have READ access to "NT Service\SSHD". This is no longer a requirement and the corresponding ACL entry should be removed. You may run
Powershell.exe -ExecutionPolicy Bypass -Command '. .\FixHostFilePermissions.ps1 -Confirm:$false'
(Note the first "." is a call operator.) to fix up these permissions.
-
Setup
sshd
andssh-agent
to auto-start (optional)Set-Service sshd -StartupType Automatic
Set-Service ssh-agent -StartupType Automatic
-
To configure a default shell (optional) see here
- Start Windows Powershell as Administrator
- Navigate to the OpenSSH directory
cd 'C:\Program Files\OpenSSH'
- Run the uninstall script
powershell.exe -ExecutionPolicy Bypass -File uninstall-sshd.ps1
- MSI Install Instructions
- Script Install Instructions
- Alternative installation using the universal installer
- Retrieving download links for the latest packages