OpenSSH : Configure SSH Server2024/11/27

It's easy to setup OpenSSH Server on Windows Server.

On CUI configuration, set like follows.

[1]

Run PowerShell with Admin Privilege and Configure SSH Server.

PowerShell
Copyright (C) Microsoft Corporation. All rights reserved.

# get available name of OpenSSH (generally OpenSSH is installed by default)
PS C:\Users\Administrator> Get-WindowsCapability -Online | ? Name -like 'OpenSSH*' 

Name  : OpenSSH.Client~~~~0.0.1.0
State : Installed

Name  : OpenSSH.Server~~~~0.0.1.0
State : Installed

# if OpenSSH Server is not installed, install it like follows
PS C:\Users\Administrator> Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0 

Path          :
Online        : True
RestartNeeded : False

# start sshd service
PS C:\Users\Administrator> Start-Service -Name "sshd" 

# set [Automatic] for Startup
PS C:\Users\Administrator> Set-Service -Name "sshd" -StartupType Automatic 

# verify settings
PS C:\Users\Administrator> Get-Service -Name "sshd" | Select-Object * 

Name                : sshd
RequiredServices    : {}
CanPauseAndContinue : False
CanShutdown         : False
CanStop             : True
DisplayName         : OpenSSH SSH Server
DependentServices   : {}
MachineName         : .
ServiceName         : sshd
ServicesDependedOn  : {}
ServiceHandle       : SafeServiceHandle
Status              : Running
ServiceType         : Win32OwnProcess
StartType           : Automatic
Site                :
Container           :

# by default, Windows Firewall is set to allow port [22/TCP], 
# however, the profile is applied only to Private
PS C:\Users\Administrator> Get-NetFirewallRule -Name OpenSSH-Server-In-TCP 

Name                          : OpenSSH-Server-In-TCP
DisplayName                   : OpenSSH SSH Server (sshd)
Description                   : Inbound rule for OpenSSH SSH Server (sshd)
DisplayGroup                  : OpenSSH Server
Group                         : OpenSSH Server
Enabled                       : True
Profile                       : Private
Platform                      : {}
Direction                     : Inbound
Action                        : Allow
EdgeTraversalPolicy           : Block
LooseSourceMapping            : False
LocalOnlyMapping              : False
Owner                         :
PrimaryStatus                 : OK
Status                        : The rule was parsed successfully from the store. (65536)
EnforcementStatus             : NotApplicable
PolicyStoreSource             : PersistentStore
PolicyStoreSourceType         : Local
RemoteDynamicKeywordAddresses : {}
PolicyAppId                   :
PackageFamilyName             :

# to add Public profile, set like follows
PS C:\Users\Administrator> Set-NetFirewallRule -Name OpenSSH-Server-In-TCP -Profile "Private,Public" 

# by default, only the groups [administrators] and [openssh users] are allowed ssh access
PS C:\Users\Administrator> Get-Content C:\ProgramData\ssh\sshd_config | Select-String "AllowGroups" 

AllowGroups administrators "openssh users"

# to allow ssh access to all users, comment out the target line
PS C:\Users\Administrator> (Get-Content C:\ProgramData\ssh\sshd_config).Replace("AllowGroups","#AllowGroups") | Set-Content C:\ProgramData\ssh\sshd_config 
PS C:\Users\Administrator> Restart-Service -Name "sshd"

OpenSSH : Configure SSH Server (GUI)

	On GUI configuration, set like follows.
[2]	Open [Server Manager] - [Services].

[3]	Start [OpenSSH Server] service and also set Startup type to [Automatic].

[4]	By default, Windows Firewall is set to allow incoming ports [22/TCP]. However, by default, this applies only to the [Private] profile, so if you cannot connect to the SSH server, review the profile scope. This completes the installation of the OpenSSH server.

[5]	By default, the OpenSSH Server on Windows Server allows ssh access only to users who belong to the [administrators] and [openssh users] groups. Therefore, you must add users to the [openssh users] group to allow ssh access, or comment out the corresponding line if you want to allow all users.

Matched Content