Welcome to the world of seamless and secure remote access on your Windows 10 machine! If you’ve ever felt the need to effortlessly connect to other devices or servers using SSH (Secure Shell) without the hassle of third-party applications, you’re in for a treat. In this joyful guide, we’ll take you on a journey through the process of setting up OpenSSH Server and OpenSSH Client on your Windows 10 system.
Whether you’re an IT enthusiast looking to bolster your system’s security or an upper management professional interested in streamlining your team’s remote work capabilities, this guide is designed to make the installation and configuration process a breeze. You won’t need to be a tech wizard to follow along – our step-by-step instructions are tailored to ensure that everyone can harness the power of OpenSSH, no matter their technical background. (at least you must know what you are doing, really).
So, get ready to embark on this joyful adventure as we unveil the secrets of OpenSSH on Windows 10. By the end of this guide, you’ll have a fully functional SSH setup that will enable you to securely and efficiently manage your Windows 10 system from anywhere in the world. Let’s dive in and unlock the full potential of your Windows 10 machine with a smile!
What you really-really need is:
- Windows 10 pro (for home user, figure it by yourself. Sorry!!)
Before we begin, let’s infuse a sense of joy by distinguishing between OpenSSH-Client and OpenSSH-Server setup. The choice depends on your specific goals and how you wish to achieve them.
Let’s kick things off with OpenSSH Server. The OpenSSH Server package is seamlessly integrated into all modern versions of Windows 10 (starting with 1803), Windows 11, and Windows Server 2022/2019 as a Feature on Demand (FoD). To install, simply open an elevated PowerShell prompt and execute the following command:
Get-WindowsCapability -Online | Where-Object Name -like ‘OpenSSH.Server*’ | Add-WindowsCapability –Online
You can also install OpenSSH on Windows 10 through the modern Settings panel (Settings -> Apps and features -> Optional features -> Add a feature). Locate Open SSH Server in the list and click Install with ease.
To ensure that the OpenSSH server has been successfully installed, run the command with a sense of joy:
Get-WindowsCapability -Online | ? Name -like 'OpenSSH.Serv*'
After successfully installing the OpenSSH server on Windows, two services are added:
- OpenSSH – Authentication Agent (ssh-agent)
- OpenSSH – SSH Server (sshd)
To ensure smooth operation, modify the startup type of the sshd service to automatic and initiate the service using PowerShell:
Set-Service -Name sshd -StartupType 'Automatic'
And start the OpenSSH SSH Server services (sshd):
Run netstat command to see your port is listening:
netstat -an | select-string ":22"
TCP 0.0.0.0:22 0.0.0.0:0 LISTENING TCP [::]:22 [::]:0 LISTENING
And then! Whitelist the port to your firewall
New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH SSH Server' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22
By default, key OpenSSH components are located in these folders:
- OpenSSH Server executables: C:\Windows\System32\OpenSSH Such as:
- The sshd_config file (created after the first service start of the service): C:\ProgramData\ssh
- The authorized_keys file and keys can be stored in the user profile folder: %USERPROFILE%\.ssh\
OpenSSH Server Configuration
You can infuse a touch of joy into your OpenSSH server settings by modifying the config file: %programdata%\ssh\sshd_config. This is a plain text file filled with a set of directives. Feel free to use any text editor for editing.
You can do customization with the config file, such as:
- Deny SSH connection for a specific domain user account
- Allow SSH connection to the specific domain security group
- Allow access to a local user group
- Deny SSH login for the accounts with administrator privileges
- Change the default SSH TCP/22 port to any of your liking
- Enable/Disable StrictModes option
- By default, this mode is enabled and prevents SSH key-based authentication if private and public keys are not properly protected.
- And soo much more…
Note: After joyfully making any changes to the sshd_config file, you need to restart the sshd service.
Add SSH public key to the server
The public key can be stored in the user profile folder: %USERPROFILE%\.ssh\authorized_keys
For OpenSSH Client. By default if you are using correct version of Windows edition, you will have OpenSSH already installed by default.
Generating SSH Key Pair
Generate two SSH keys (a public and a private key) on the client computer. The private key, a cherished secret, is securely stored on the client side (protect it with care and never share it with anyone!), while the public key is happily added to the authorized_keys file on the SSH server.
How to generate? You asked..
Open a standard (non-elevated) PowerShell session with a smile while generating a pair of RSA256 keys using this command:
Then just enter all the way, and you’ll prompt similar like this:
Generating public/private rsa key pair. Enter file in which to save the key (%USERPROFILE%\.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in %USERPROFILE%\.ssh/id_rsa. Your public key has been saved in %USERPROFILE%\.ssh/id_rsa.pub. The key fingerprint is: SHA256:<some random gibberish word here> username@hostname The key's randomart image is: +---[RSA 3072]----+ | random | | random | | random | | random | | random | | random | | random | | random | | random | +----[SHA256]-----+
Head to your ssh folder (%USERPROFILE%\.ssh), and you will see 2 files in that folder
Now, you must understand this and do not ever forget.
- id_rsa is your PRIVATE KEY (Do not share this with anyone ever!)
- id_rsa.pub is your Public key, this is the key to be placed in the server
Connect to your server from your computer (client)
To connect to a remote host using a native SSH client, simply brighten your day with the following command:
ssh (username)@(SSH server name or IP address of the SSH server) example: ssh [email protected]
For the first time (everyone does ;D), you need to add the fingerprint of the SSH server key to the trusted list. Just press the enter key. Example:
The authenticity of host '192.168.1.15 (192.168.1.15)' can't be established. RSA key fingerprint is SHA256:<some random gibberish word here>. Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Congrats! Now you have setup OpenSSH server and OpenSSH Client.
May force be with you on this one.