How to configure OpenSSH Server on Windows Server 2022

Estimated reading: 5 minutes 393 views

Secure Shell abbreviated as SSH is a tool used to perform secure file transfers, system administration, and other communication across the Internet or other untrusted network. It provides a secure and encrypted communication framework that prevents eavesdropping and theft of sensitive information

OpenSSH is an open-source suite of secure networking utilities that implements the Secure Shell (SSH) protocol. It was first developed by Tatu Ylonen and later developed by the OpenBSD team. OpenSSH is used to provide a secure and encrypted channel for remote login, file transfer, and other network services between two computers.

The features and benefits offered by OpenSSH are:

  • Port forwarding: It provides a powerful port forwarding capability, allowing users to securely access services on a remote server as if they were running locally, without exposing the service to the internet.
  • X11 forwarding: OpenSSH also allows users to securely forward X11 (graphical) applications over an SSH connection, allowing remote access to graphical applications running on a remote server.
  • Agent forwarding: agent forwarding, allows users to securely forward their authentication credentials to a remote server, eliminating the need to enter passwords from time to time.
  • Public key authentication: This provides a secure and convenient way to authenticate users without requiring a password.
  • Secure remote access: users can access and manage remote network devices securely using the SSH protocol, which provides encryption and authentication of data in transit.
  • Encrypted file transfer: It also includes the SFTP (Secure File Transfer Protocol) and SCP (Secure Copy) utilities for transferring files securely between two computers, ensuring that data is encrypted during transit.

Overall, the importance of OpenSSH in the IT industry cannot be overstated, as it plays a crucial role in securing critical infrastructure and maintaining the confidentiality and integrity of sensitive data.

Is there an OpenSSH Server for Windows?

The big question is, are we able to install and use OpenSSH Server on Windows Server 2022?

The answer is Yes, The OpenSSH server can be installed and used on a Windows Server 2022 to enable secure remote access and file transfer capabilities.

Microsoft provides an OpenSSH server implementation for Windows Server 2019 and later versions. This can be installed through the Windows PowerShell or the Server Manager GUI. The package includes the SSHD service (SSH Daemon), which provides SSH server functionality, and several other SSH client utilities such as SSH, SCP, and SFTP. Once the installation is done, it can be configured to allow users can connect to the Windows server remotely.

Today, I will demonstrate how to configure OpenSSH Server on Windows Server 2022.

Prerequisites

For this guide, you need:

  • A device running at least Windows Server 2019 or Windows 10 (build 1809).
  • PowerShell 5.1 or later.
  • An account that is a member of the built-in Administrators group.

1 – Install OpenSSH Server on Windows Server 2022 using PowerShell

You can easily install OpenSSH Server on Windows Server 2022 from PowerShell. First, check if OpenSSH is available using the below command:

Get-WindowsCapability -Online | Where-Object Name -like 'OpenSSH*'

Sample Output:

You can then install the OpenSSH Server/Client using the below command:

# Install the OpenSSH Client
Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0

# Install the OpenSSH Server
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0

Sample Output:

Now Open Powershell with elevated privileges(administrator) to start the service:

# Start the sshd service
Start-Service sshd

# Configure Automatic start(recommended):
Set-Service -Name sshd -StartupType 'Automatic'

Though the Firewall rule is configured automatically during the installation, we can still confirm by running the below command:

if (!(Get-NetFirewallRule -Name "OpenSSH-Server-In-TCP" -ErrorAction SilentlyContinue | Select-Object Name, Enabled)) {
    Write-Output "Firewall Rule 'OpenSSH-Server-In-TCP' does not exist, creating it..."
    New-NetFirewallRule -Name 'OpenSSH-Server-In-TCP' -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22
} else {
    Write-Output "Firewall rule 'OpenSSH-Server-In-TCP' has been created and exists."
}

Sample Output:

#2. Connect to OpenSSH Server on Windows Server 2022

Now that you have installed and configured the OpenSSH Server on Windows Server 2022, we can test to validate that it is working as desired.

You can connect to your Windows Server 2022 using the SSH protocol from any OpenSSH client. The command has the below syntax:

ssh domain\username@servername

For example:

Use SSH Key-Pair Authentication on Windows Server 2022

You can generate and use SSH keys to connect to your Windows Server 2022. Generate the SSH keys from your OpenSSH client

ssh-keygen 
  • Open the Explorer and go to C:\Users\<Username>\
  • Open a folder .ssh
  • Copy  id_rsa.pub to C:\ProgramData\ssh windows server 2022
  • Then change the name to administrators_authorized_keys

#3. Configure OpenSSH on Windows Server 2022

Once installed, OpenSSH stores its configuration file at %programdata%\ssh\sshd_config by default. You can also specify the config path by launching sshd.exe with the -f parameter. To view the program data folder in your C drive, click on view->hidden items:

Now find ssh\sshd_config, and open the file for editing using your desired tool.

This configuration file bears all the required OpenSSH settings, this includes the AllowGroups, AllowUsers, DenyGroups, DenyUsers, AuthenticationMethods, etc.

Configuring SSH Public Key Authentication on Windows Server 2022. We need to open the sshd_config file with Notepad and uncomment the line:

StrictModes no
PubkeyAuthentication yes

Now try connecting to Windows Server 2022 using SSH keys.