Secure Shell abbreviated as SSH is a tool used to perform secure file transfers, system administration, and other communication across the Internet or other untrusted network. It provides a secure and encrypted communication framework that prevents eavesdropping and theft of sensitive information
OpenSSH is an open-source suite of secure networking utilities that implements the Secure Shell (SSH) protocol. It was first developed by Tatu Ylonen and later developed by the OpenBSD team. OpenSSH is used to provide a secure and encrypted channel for remote login, file transfer, and other network services between two computers.
The features ad benefits offered by OpenSSH are:
- Port forwarding: It provides a powerful port forwarding capability, allowing users to securely access services on a remote server as if they were running locally, without exposing the service to the internet.
- X11 forwarding: OpenSSH also allows users to securely forward X11 (graphical) applications over an SSH connection, allowing remote access to graphical applications running on a remote server.
- Agent forwarding: agent forwarding, allows users to securely forward their authentication credentials to a remote server, eliminating the need to enter passwords from time to time.
- Public key authentication: This provides a secure and convenient way to authenticate users without requiring a password.
- Secure remote access: users are able to access and manage remote network devices securely using the SSH protocol, which provides encryption and authentication of data in transit.
- Encrypted file transfer: It also includes the SFTP (Secure File Transfer Protocol) and SCP (Secure Copy) utilities for transferring files securely between two computers, ensuring that data is encrypted during transit.
Overall, the importance of OpenSSH in the IT industry cannot be overstated, as it plays a crucial role in securing critical infrastructure and maintaining the confidentiality and integrity of sensitive data.
Is there OpenSSH Server for Windows?
The big question is, are we able to install and use OpenSSH Server on Windows Server 2022?
The answer is Yes, OpenSSH server can be installed and used on a Windows Server 2022 to enable secure remote access and file transfer capabilities.
Microsoft provides an OpenSSH server implementation for Windows Server 2019 and later versions. This can be installed through the Windows PowerShell or the Server Manager GUI. The package includes the SSHD service (SSH Daemon), which provides SSH server functionality, and several other SSH client utilities such as SSH, SCP, and SFTP. Once the installation is done, it can be configured to allow users can connect to the Windows server remotely.
Today, I will demonstrate how to configure OpenSSH Server on Windows Server 2022.
Prerequisites
For this guide, you need:
- A device running at least Windows Server 2019 or Windows 10 (build 1809).
- PowerShell 5.1 or later.
- An account that is a member of the built-in Administrators group.
To confirm if you are a member of the built-in Administrators group, use the command:
(New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent())).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)This command should return True if you are a member of the built-in Administrators group.
#1. Install OpenSSH Server on Windows Server 2022
Before we proceed to configure it, we need to ensure that the OpenSSH Server has been installed on Windows Server 2022. There are two ways of achieving this.
- Using the GUI
- Using PowerShell
Method 1 – Install OpenSSH Server on Windows Server 2022 using the GUI
This method involves launching Settings from the Start Menu. Then select apps.
Select Optional Features and scan to see if OpenSSH has been installed.
If not, click on Add a feature search and select it, then install it.
Once installed, return to Apps->Optional Features and confirm OpenSSH is listed.
Now configure the service under the services tab. Press Win+R and type services.msc in the box to launch the services windows.
Find and double-click on OpenSSH SSH Server to open the configuration tab.
On the General tab, switch the Startup type to Automatic and start the service by selecting Start.
Method 2 – Install OpenSSH Server on Windows Server 2022 using PowerShell
You can easily install OpenSSH Server on Windows Server 2022 from PowerShell. First, check if OpenSSH is available using the below command:
Get-WindowsCapability -Online | Where-Object Name -like 'OpenSSH*'Sample Output:
You can then install the OpenSSH Server/Client using the below command:
# Install the OpenSSH Client
Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0
# Install the OpenSSH Server
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0Sample Output:
Now Open Powershell with elevated privileges(administrator) to start the service:
# Start the sshd service
Start-Service sshd
# Configure Automatic start(recommended):
Set-Service -Name sshd -StartupType 'Automatic'Though the Firewall rule is configured automatically during the installation, we can still confirm by running the below command:
if (!(Get-NetFirewallRule -Name "OpenSSH-Server-In-TCP" -ErrorAction SilentlyContinue | Select-Object Name, Enabled)) {
Write-Output "Firewall Rule 'OpenSSH-Server-In-TCP' does not exist, creating it..."
New-NetFirewallRule -Name 'OpenSSH-Server-In-TCP' -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22
} else {
Write-Output "Firewall rule 'OpenSSH-Server-In-TCP' has been created and exists."
}Sample Output:
#2. Connect to OpenSSH Server on Windows Server 2022
Now that you have installed and configured the OpenSSH Server on Windows Server 2022, we can test to validate that it is working as desired.
You can connect to your Windows Server 2022 using the SSH protocol from any OpenSSH client. The command has the below syntax:
ssh domain\username@servernameFor example:
Use SSH Key-Pair Authentication on Windows Server 2022
You can generate and use SSH keys to connect to your Windows Server 2022. Generate the SSH keys from your OpenSSH client
ssh-keygen -t ed25519For example on my Ubuntu Linux client:
Once generated, copy the keys generated on the OpenSSH client to your Windows 2022 OpenSSH server using the SCP protocol:
##From Your OpenSSH Client
scp ~/.ssh/id_ed25519.pub username@window22_host:/Users/username/.ssh/authorized_keys For example:
$ scp ~/.ssh/id_ed25519.pub klinsmann@192.168.205.20:/Users/klinsmann/.ssh/authorized_keys
[email protected]'s password:
id_ed25519.pub 100% 108 102.5KB/s 00:00 Now try connecting to Windows Server 2022 using SSH keys.
It works! From the above output, we have not been requested to provide a password to be authenticated.
#3. Configure OpenSSH on Windows Server 2022
Once installed, OpenSSH stores its configuration file at %programdata%\ssh\sshd_config by default. You can also specify the config path by launching sshd.exe with the -f parameter. To view the program data folder in your C drive, click on view->hidden items:
Now find ssh\sshd_config, and open the file for editing using your desired tool.
This configuration file bears all the required OpenSSH settings, this includes the AllowGroups, AllowUsers, DenyGroups, DenyUsers, AuthenticationMethods etc.
Since we have enabled SSH keys, we can disable password authentication by making the below change:
PasswordAuthentication noSample:
Save the changes, stop and start the OpenSSH server. Then test if you can connect to it using a password.
The above output shows that e can only connect using SSH keys.
Verdict
Today we have learnt how to configure OpenSSH Server on Windows Server 2022. I hope this was significant to you.
See more:
- How to Install and Run the Linux Bash Shell on Windows
- How To Configure DNS Server on Windows Server 2022
- How To Enable Remote Desktop on Windows Server 2022
- Install Active Directory Domain Services in Windows Server 2022
- Join Windows System to FreeIPA Realm without Active Directory
