ssh in Windows
| Introduction | |
| Check version | |
| Install with Windows Settings | |
| Install with PowerShell | |
| Start | |
| Connect | |
| Configs | |
| Uninstall with Settings | |
| Uninstall with PowerShell | |
| Related Articles |
Intro
If you are interested in using SSH in Linux as well, find manual in «ssh in Linux» article
Check version
In PowerShell you can use the following command
ssh -V
Install OpenSSH using Windows Settings
Both OpenSSH components can be installed using Windows Settings on Windows Server 2019 and Windows 10 devices.
To install the OpenSSH components:
Open Settings, select Apps > Apps & Features, then select Optional Features. Scan the list to see if the OpenSSH is already installed. If not, at the top of the page, select Add a feature, then: Find OpenSSH Client, then click Install Find OpenSSH Server, then click Install
Once setup completes, return to Apps > Apps & Features and Optional Features and you should see OpenSSH listed.
Install OpenSSH using PowerShell
To install OpenSSH using PowerShell, run PowerShell as an Administrator.
To make sure that OpenSSH is available, run the following cmdlet:
Get-WindowsCapability -Online | Where-Object Name -like 'OpenSSH*'
This should return the following output if neither are already installed:
Name : OpenSSH.Client~~~~0.0.1.0 State : NotPresent Name : OpenSSH.Server~~~~0.0.1.0 State : NotPresent
Then, install the server or client components as needed:
# Install the OpenSSH Client
Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0
# Install the OpenSSH Server
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
Both of these should return the following output:
Path : Online : True RestartNeeded : False
Start and configure OpenSSH Server
To start and configure OpenSSH Server for initial use, open PowerShell as an administrator, then run the following commands to start the sshd service:
# Start the sshd service Start-Service sshd # OPTIONAL but recommended: Set-Service -Name sshd -StartupType 'Automatic' # Confirm the Firewall rule is configured. It should be created automatically by setup. Run the following to verify if (!(Get-NetFirewallRule -Name "OpenSSH-Server-In-TCP" -ErrorAction SilentlyContinue | Select-Object Name, Enabled)) { Write-Output "Firewall Rule 'OpenSSH-Server-In-TCP' does not exist, creating it..." New-NetFirewallRule -Name 'OpenSSH-Server-In-TCP' -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22 } else { Write-Output "Firewall rule 'OpenSSH-Server-In-TCP' has been created and exists." }
Connect to OpenSSH Server
Once installed, you can connect to OpenSSH Server from a Windows 10 or Windows Server 2019 device with the OpenSSH client installed using PowerShell as follows. Be sure to run PowerShell as an administrator:
ssh username@servername
Once connected, you get a message similar to the following:
The authenticity of host 'servername (10.00.00.001)' can't be established. ECDSA key fingerprint is SHA256:(). Are you sure you want to continue connecting (yes/no)?
Selecting yes adds that server to the list of known SSH hosts on your Windows client.
You are prompted for the password at this point. As a security precaution, your password will not be displayed as you type.
Once connected, you will see the Windows command shell prompt:
domain\username@SERVERNAME C:\Users\username>
OpenSSH configuration files
OpenSSH has configuration files for both server and client settings. OpenSSH is open-source and is added to Windows Server and Windows Client operating systems, starting with Windows Server 2019 and Windows 10 (build 1809). As a result, documentation for OpenSSH configuration files is not repeated here. Client configuration files and can be found on the ssh_config manual page and for OpenSSH Server configuration files can be found on the sshd_config manual page. Further Windows-specific OpenSSH Server configuration is detailed in OpenSSH Server configuration for Windows.
In Windows, the OpenSSH Client (ssh) reads configuration data from a configuration file in the following order:
- By launching ssh.exe with the -F parameter, specifying a path to a configuration file and an entry name from that file.
- A user's configuration file at %userprofile%\.ssh\config.
- The system-wide configuration file at %programdata%\ssh\ssh_config.
Open SSH Server (sshd) reads configuration data from %programdata%\ssh\sshd_config by default, or a different configuration file may be specified by launching sshd.exe with the -f parameter. If the file is absent, sshd generates one with the default configuration when the service is started.
Uninstall OpenSSH using Windows Settings
To uninstall OpenSSH using Windows Settings:
Open Settings, then go to Apps > Apps & Features.
Go to Optional Features.
In the list, select OpenSSH Client or OpenSSH Server.
Select Uninstall.
Uninstall OpenSSH using PowerShell
To uninstall the OpenSSH components using PowerShell, use the following commands:
# Uninstall the OpenSSH Client Remove-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0 # Uninstall the OpenSSH Server Remove-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
You may need to restart Windows afterwards if the service was in use at the time it was uninstalled.
Check certificate with certutil
Certutil -verify -urlfetch cert_filename
WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!
При попытке подключения к, казалось бы, известному хосту можно получить ошибку
ssh user@host
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: POSSIBLE DNS SPOOFING DETECTED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ The ED25519 host key for host has changed, and the key for the corresponding IP address 12.123.123.123 is unknown. This could either mean that DNS SPOOFING is happening or the IP address for the host and its host key have changed at the same time. @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the ED25519 key sent by the remote host is SHA256:pEhSoIzdqkEiaBE/pBc4ttgVJtohNCZDcoqNSuNDa94. Please contact your system administrator. Add correct host key in C:\\Users\\Andrei/.ssh/known_hosts to get rid of this message. Offending ED25519 key in C:\\Users\\Andrei/.ssh/known_hosts:8 ED25519 host key for host has changed and you have requested strict checking. Host key verification failed.
From the line
Offending ED25519 key in C:\\Users\\Andrei/.ssh/known_hosts:8
It can be understood that the problem is caused by the third line of the file /home/user/.ssh/known_hosts
If you are confident in the reliability of the host you are connecting to, then you can simply delete this line and
connect again
For example from Git Bash
sed -i 8d /c/Users/Andrei/.ssh/known_hosts
sed -i 8d /c/Users/$USERNAME/.ssh/known_hosts
| Windows | |
| Windows Firewall | |
| pstools | |
| Удалённый рабочий стол | |
| SSH в Linux |