Skip to content

Install Win32 OpenSSH

Jump to bottom
Yanbing edited this page May 11, 2017 · 121 revisions

Install Win32 OpenSSH (test release)

  • Download the latest build. To get links to latest downloads - see here. A Chocolatey package is also available if you prefer. For compat issues on Nano see issues on Nano. See here for PS script to automate installation and configuration.
  • Extract contents to C:\Program Files\OpenSSH
  • Start Powershell as Administrator
    • cd 'C:\Program Files\OpenSSH'
  • On Windows 10, in developer mode, a different implementation of SSH exists in-box. Look for TCP port bindings on port 22 and these processes - “SSH Server Broker” and “SSH Server Proxy”
    • netstat -anop TCP
    • If you do see 22 occupied, #610 has workarounds to deal with port conflict.
  • Install sshd and ssh-agent services.
    • powershell -executionpolicy bypass -file install-sshd.ps1
  • Setup SSH host keys (This will generate all the 'host' keys that sshd expects when its starts. The 'host' keys have current user as file owner and granted full control access starting from build v0.0.13.0.)
    • .\ssh-keygen.exe -A
  • (Required starting build v0.0.13.0. ) Grant "NT service\sshd" read access the host private key files: 
       Get-ChildItem -Path 'C:\Program Files\OpenSSH\ssh_host_*_key' | % {    
   $acl = get-acl $_.FullName
   $ar = New-Object  System.Security.AccessControl.FileSystemAccessRule("NT Service\sshd", "Read", "Allow")
   $acl.SetAccessRule($ar)
   Set-Acl $_.FullName $acl
}
  • Secure SSH host keys (optional)
    • Start-Service ssh-agent
    • download psexec from here
    • launch cmd.exe as SYSTEM - psexec.exe -i -s cmd.exe
    • register host keys in above cmd.exe
    • ssh-add ssh_host_dsa_key
    • ssh-add ssh_host_rsa_key
    • ssh-add ssh_host_ecdsa_key
    • ssh-add ssh_host_ed25519_key
    • host private keys are now securely stored by ssh-agent, private key files can be removed at this point.
  • Open Firewall
    • New-NetFirewallRule -Protocol TCP -LocalPort 22 -Direction Inbound -Action Allow -DisplayName SSH
  • Set sshd in auto-start mode and open up firewall (optional)
    • Set-Service sshd -StartupType Automatic
    • Set-Service ssh-agent -StartupType Automatic
    • Make the service start on boot (PowerShell): Set-Service sshd -StartupType Automatic

New-NetFirewallRule is for servers only. If you're on a workstation try:

netsh advfirewall firewall add rule name='SSH Port' dir=in action=allow protocol=TCP localport=22

Uninstall Win32 OpenSSH

  • Start Powershell as Administrator
  • Uninstall
    • powershell.exe -executionpolicy bypass -file uninstall-sshd.ps1

Manuals

Installation

Usage

Project

Developing and Contributing to Win32-OpenSSH

Clone this wiki locally