OpenSSH Install on Windows 2016/2019

Knowledge Base

Overview

In this article, we will go over how to install OpenSSH on Windows 2016 and 2019

Note for Windows 2012

The Windows 2016 install instructions “should” work on Windows 2012, but have NOT been tested. Please use at you own risk.

Considerations

We will assume you have internet access on your Windows 2016 and/or Windows 2019 server where you’re doing the install. Windows 2019 requires the latest cumulative update in order to run the command to install OpenSSH.

Windows 2016/2019 (Script)

*Disclaimer: Please carefully review and use this script at your own risk

Windows 2016 (Manual)

Step 1: Download and Install OpenSSH

  1. Connect to your server and download the latest release of OpenSSH.
  2. Extract the downloaded file to C:\Program Files\OpenSSH-Win64 or another location of your choosing
  3. To configure the OpenSSH server for initial use on Windows, launch PowerShell as an administrator, then run the following commands:

Modify the Path system environment variable by running the command:

setx PATH "$env:path;C:\Program Files\OpenSSH-Win64" -m
  • Output (Successful)
    SUCCESS: Specified value was saved.

Next, change to the OpenSSH directory:

cd "C:\Program Files\OpenSSH-Win64"

Then run the install script:

.\install-sshd.ps1
  • Output (Successful)
    sshd and ssh-agent services successfully installed

Next, enable automatic startup and start sshd and ssh-agent:

Set-Service sshd -StartupType Automatic
Set-Service ssh-agent -StartupType Automatic
Start-Service sshd
Start-Service ssh-agent

Step 2: Allow Access in Windows Firewall

  1. Start by opening Control Panel > Windows Firewall
  2. Select Advanced settings on the left-hand side, then select Inbound Rules > New Rule…
  3. Under Rule Type, select Custom > Next
  4. Under Program, select All programs > Next.
  5. Under Protocols and Ports, enter your desired SSH port. (Default port is 22)
  6. Under Scope, let the rule apply to Any IP address for remote and local IP addresses, then Next
  7. Under Action, select Allow the connection > Next
  8. Under Profile, leave DomainPrivate, and Public checked > Next
  9. Lastly, name the rule and select Finish

Now you can access your Windows server using SSH!


Windows 2019 (Manual)

Step 1: Installing OpenSSH with PowerShell

Note: All of the instructions/commands below were pulled directly from the Microsoft Install Doc for OpenSSH on Windows 2019 (Link in the Additional Information Section below)

To install OpenSSH using PowerShell, first launch PowerShell as an Administrator

To make sure that the OpenSSH features are available for install, run the following command

Get-WindowsCapability -Online | ? Name -like 'OpenSSH*' 
  • Output
    Name  : OpenSSH.Client~~~~0.0.1.0
    State : NotPresent
    Name  : OpenSSH.Server~~~~0.0.1.0
    State : NotPresent

Install the server and/or client features:

Install the OpenSSH Client

Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0

Install the OpenSSH Server

Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
  • Output (Successful)
    Path          :                                                             Online        : True                                                 RestartNeeded : False
  • Output (Failure)
    Add-WindowsCapability failed. Error code = 0x800f0954

If you receive the failure above, please try and download the latest Windows Updates and run the install again

Step 2: Initial Configuration of SSH Server

To configure the OpenSSH server for initial use on Windows, launch PowerShell as an administrator, then run the following commands:

Start the SSHD service:

Start-Service sshd

Set the Startup Type for SSHD to Automatic (Optional)

Set-Service -Name sshd -StartupType 'Automatic'

Confirm the Firewall Rule was created

Get-NetFirewallRule -Name *ssh*

There should be a firewall rule named “OpenSSH-Server-In-TCP”, which should be enabled
If the Firewall Rules does NOT exist, create one

New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22

Step 3: Initial use of SSH

Once you have installed the OpenSSH Server on Windows, you can quickly test it using PowerShell from any Windows device with the SSH Client installed.

In PowerShell type the following command:

Ssh username@servername

The first connection to any server will result in a message similar to the following:

The authenticity of host 'servername (10.00.00.001)' can't be established.
ECDSA key fingerprint is SHA256:(<a large string>).
Are you sure you want to continue connecting (yes/no)?

The answer must be either “yes” or “no”. Answering Yes will add that server to the local system’s list of known ssh hosts.

You will be prompted for the password at this point. As a security precaution, your password will not be displayed as you type.

Once you connect you will see a command shell prompt similar to the following:

domain\username@SERVERNAME C:\Users\username>

Additional Information

Installation of OpenSSH For Windows Server

Questions or comments? Visit our

Comments are closed.

Skip to toolbar