-
Notifications
You must be signed in to change notification settings - Fork 767
Install Win32 OpenSSH
-
Note these considerations and project scope first.
-
Download the latest build of OpenSSH. To get links to latest downloads this wiki page.
-
Extract contents of the latest build to
C:\Program Files\OpenSSH
-
Start Windows Powershell as Administrator
-
Navigate to the OpenSSH directory
cd 'C:\Program Files\OpenSSH'
-
On Windows 10, if you've enabled Developer Mode, you probably have another implementation of SSH installed on your machine. To figure out if this is the case, look for TCP port bindings on port 22 and these services: “SSH Server Broker” and “SSH Server Proxy”
netstat -anop TCP
- If you do see 22 occupied, #610 has workarounds to deal with port conflict.
-
Install
sshd
andssh-agent
services.powershell -ExecutionPolicy Bypass -File install-sshd.ps1
-
Only when you migrate from releases before 1.0.0.0:
- To use existing customized sshd_config, you need to copy it from binary location to %programdata%\ssh\sshd_config (Note that %programdata% is a hidden directory).
- To use existing host keys, you need to copy them from binary location to %programdata%\ssh\
- Prior versions required SSHD resources (sshd_config, host keys and authorized_keys) to have READ access to "NT Service\SSHD". This is no longer a requirement and the corresponding ACL entry should be removed. You may run Powershell.exe -ExecutionPolicy Bypass -Command '. .\FixHostFilePermissions.ps1 -Confirm:$false' (Note the first "." is a call operator.) to fix up these permissions.
-
Open the firewall for sshd.exe to allow inbound SSH connections
New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH Server (sshd)' -Service sshd -Enabled True -Direction Inbound -Protocol TCP -Action Allow
Note:
New-NetFirewallRule
is for Windows 2012 and above servers only. If you're on a client desktop machine (like Windows 10) or Windows 2008 R2 and below, try:netsh advfirewall firewall add rule name=sshd dir=in action=allow protocol=TCP service=sshd
-
Setup
sshd
andssh-agent
to auto-start (optional)Set-Service sshd -StartupType Automatic
Set-Service ssh-agent -StartupType Automatic
-
Start
sshd
net start sshd
-
Configuring the default ssh shell (optional)
On the server side, configure the default ssh shell in the windows registry.
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\OpenSSH\DefaultShell
- Full path (case sensitive) of the shell executable
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\OpenSSH\DefaultShellCommandOption
- The switch that the configured default shell requires to execute a command and immediately exit and return to the calling process. It is used for executing the remote ssh commands. Example- ssh user@ip hostname
If you are configuring the powershell.exe/cmd.exe/WSL-bash.exe as default ssh shell then you can ignore Computer\HKEY_LOCAL_MACHINE\SOFTWARE\OpenSSH\DefaultShellCommandOption
. Your registry should look like this.
If you want to configure default shell (Ex- cygwin) other than powershell/cmd/WSL-bash then your registry should look like this
- Start Windows Powershell as Administrator
- Navigate to the OpenSSH directory
cd 'C:\Program Files\OpenSSH'
- Run the uninstall script
powershell.exe -ExecutionPolicy Bypass -File uninstall-sshd.ps1
- MSI Install Instructions
- Script Install Instructions
- Alternative installation using the universal installer
- Retrieving download links for the latest packages