Skip to content

Install Win32 OpenSSH

Manoj Ampalam edited this page Jan 20, 2018 · 121 revisions

Install Win32 OpenSSH (test release)

  1. Note these considerations and project scope first.

  2. Download the latest build of OpenSSH. To get links to latest downloads this wiki page.

  3. Extract contents of the latest build to C:\Program Files\OpenSSH

  4. Start Windows Powershell as Administrator

  5. Navigate to the OpenSSH directory

    • cd 'C:\Program Files\OpenSSH'
  6. On Windows 10, if you've enabled Developer Mode, you probably have another implementation of SSH installed on your machine. To figure out if this is the case, look for TCP port bindings on port 22 and these services: “SSH Server Broker” and “SSH Server Proxy”

    • netstat -anop TCP
    • If you do see 22 occupied, #610 has workarounds to deal with port conflict.
  7. Install sshd and ssh-agent services.

    • powershell -ExecutionPolicy Bypass -File install-sshd.ps1
  8. Only when you migrate from releases before 1.0.0.0:

    • To use existing customized sshd_config, you need to copy it from binary location to %programdata%\ssh\sshd_config (Note that %programdata% is a hidden directory).
    • To use existing host keys, you need to copy them from binary location to %programdata%\ssh\
    • Prior versions required SSHD resources (sshd_config, host keys and authorized_keys) to have READ access to "NT Service\SSHD". This is no longer a requirement and the corresponding ACL entry should be removed. You may run Powershell.exe -ExecutionPolicy Bypass -Command '. .\FixHostFilePermissions.ps1 -Confirm:$false' (Note the first "." is a call operator.) to fix up these permissions.
  9. Open the firewall for sshd.exe to allow inbound SSH connections

    • New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH Server (sshd)' -Service sshd -Enabled True -Direction Inbound -Protocol TCP -Action Allow

    Note: New-NetFirewallRule is for Windows 2012 and above servers only. If you're on a client desktop machine (like Windows 10) or Windows 2008 R2 and below, try:

    netsh advfirewall firewall add rule name=sshd dir=in action=allow protocol=TCP service=sshd
    
  10. Setup sshd and ssh-agent to auto-start (optional)

    • Set-Service sshd -StartupType Automatic
    • Set-Service ssh-agent -StartupType Automatic
  11. Start sshd

    • net start sshd
  12. Configuring the default ssh shell (optional)

On the server side, configure the default ssh shell in the windows registry.

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\OpenSSH\DefaultShell - Full path (case sensitive) of the shell executable

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\OpenSSH\DefaultShellCommandOption - The switch that the configured default shell requires to execute a command and immediately exit and return to the calling process. It is used for executing the remote ssh commands. Example- ssh user@ip hostname

If you are configuring the powershell.exe/cmd.exe/WSL-bash.exe as default ssh shell then you can ignore Computer\HKEY_LOCAL_MACHINE\SOFTWARE\OpenSSH\DefaultShellCommandOption. Your registry should look like this.

If you want to configure default shell (Ex- cygwin) other than powershell/cmd/WSL-bash then your registry should look like this

Uninstall Win32 OpenSSH

  • Start Windows Powershell as Administrator
  • Navigate to the OpenSSH directory
    • cd 'C:\Program Files\OpenSSH'
  • Run the uninstall script
    • powershell.exe -ExecutionPolicy Bypass -File uninstall-sshd.ps1
Clone this wiki locally