The latest builds of Windows 10 include a build-in SSH server and client that are based on OpenSSH. This means that now you can remotely connect to Windows 10 (Windows Server 2019) using any SSH client, like to Linux distro. In this article, we’ll show you how to configure OpenSSH in Windows 10 and connect to it using Putty or any other SSH client.
Make sure your build of Windows 10 is 1809 or newer. The easiest way to do this is by running the command:
winver
Note If you have an older Windows 10 build installed, you can update it through Windows Update or using an ISO image with a newer version of Windows 10 (you can create image using the Media Creation Tool). If you don’t want to update your Windows 10 build, you can manually install the Win32-OpenSSH port for Windows with GitHub (https://github.com/PowerShell/Win32-OpenSSH).
You can enable OpenSSH server in Windows 10 through graphical Settings panel:
- Go to the Settings > Apps > Optional features;
- Click Add a feature, select OpenSSH Server (OpenSSH-based secure shell (SSH) server, for secure key management and access from remote machines), and click Install
You can also install sshd server using PowerShell:
Add-WindowsCapability -Online -Name OpenSSH.Server*
Or using DISM:
dism /Online /Add-Capability /CapabilityName:OpenSSH.Server~~~~0.0.1.0
If you want to make sure that the OpenSSH server is installed, run the following PS command:
Get-WindowsCapability -Online | ? Name -like 'OpenSSH.Server*'
Name : OpenSSH.Server~~~~0.0.1.0
State : Installed
Check the status of ssh-agent and sshd services using the PowerShell command Get-Service:
Get-Service -Name *ssh*
As you can see, both services are in Stopped state and are not added to automatic startup list. To start services and configure autostart for them, run the following commands:
Start-Service sshd Set-Service -Name sshd -StartupType 'Automatic' Start-Service ‘ssh-agent’ Set-Service -Name ‘ssh-agent’ -StartupType 'Automatic'
You also need to allow incoming connections to TCP port 22 in the Windows Defender Firewall:
netsh advfirewall firewall add rule name=”SSHD service” dir=in action=allow protocol=TCP localport=22
Now you can connect to Windows 10 using any SSH client. To connect from Linux, use the command:
ssh -p 22 admin@192.168.1.90
where, admin is the local Windows user you want to connect under
192.168.1.90 – IP address of your Windows 10 computer
After that, a new Windows command prompt window will open in SSH session.
Hint. In order to run the PoweShell console instead of cmd.exe shell when logging in via SSH on Windows 10, you need to run the following command in Windows 10 (under admin account):
New-ItemProperty -Path “HKLM:\SOFTWARE\OpenSSH” -Name DefaultShell -Value “C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe” -PropertyType String –Force
So you change the default OpenSSH shell. Now, when connecting to Windows via SSH, you will immediately see PowerShell prompt instead of cmd.exe.
If you want to use key-based ssh authentication instead of password authentication, you need to generate a key using ssh-keygen on your client.
Then, the contents of the id_rsa.pub file must be copied to the c:\users\admin\.ssh\authorized_keys file in Windows 10.
After that, you can connect from your Linux client to Windows 10 without a password. Use the command:
ssh -l admin@192.168.1.90
You can configure various OpenSSH server settings in Windows using the %programdata%\ssh\sshd_config configuration file.
For example, you can disable password authentication and leave only key-based auth with:
PubkeyAuthentication yes PasswordAuthentication no
