Installing OpenSSH from the Settings UI on Windows Server 2019 or Windows 10 1809
OpenSSH client and server are installable features of Windows 10 1809.
To install OpenSSH, start Settings then go to Apps > Apps and Features > Manage Optional Features.
Scan this list to see if OpenSSH client is already installed. If not, then at the top of the page select "Add a feature", then:
- To install the OpenSSH client, locate "OpenSSH Client", then click "Install".
- To install the OpenSSH server, locate "OpenSSH Server", then click "Install".
Once the installation completes, return to Apps > Apps and Features > Manage Optional Features and you should see the OpenSSH component(s) listed.
备注
Installing OpenSSH Server will create and enable a firewall rule named "OpenSSH-Server-In-TCP". This allows inbound SSH traffic on port 22.
Installing OpenSSH with PowerShell
To install OpenSSH using PowerShell, first launch PowerShell as an Administrator. To make sure that the OpenSSH features are available for install:
Get-WindowsCapability -Online | ? Name -like 'OpenSSH*'
# This should return the following output:
Name : OpenSSH.Client~~~~0.0.1.0
State : NotPresent
Name : OpenSSH.Server~~~~0.0.1.0
State : NotPresent
Then, install the server and/or client features:
# Install the OpenSSH Client
Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0
# Install the OpenSSH Server
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
# Both of these should return the following output:
Path :
Online : True
RestartNeeded : False
Uninstalling OpenSSH
To uninstall OpenSSH using the Windows Settings, start Settings then go to Apps > Apps and Features > Manage Optional Features. In the list of installed features, select the OpenSSH Client or OpenSSH Server component, then select Uninstall.
To uninstall OpenSSH using PowerShell, use one of the following commands:
# Install the OpenSSH Client
Remove-WindowsCapability -Name OpenSSH.Client~~~~0.0.1.0
# Install the OpenSSH Server
Remove-WindowsCapability -Name OpenSSH.Server~~~~0.0.1.0
A Windows restart may be required after removing OpenSSH, if the service is in use at the time it was uninstalled.
Upgrading From "RS4"
Users who installed the beta version of OpenSSH in Windows RS4 should consider the making following updates.
Change the default location for administrator keys
- What is the reason for each activity?
- Are there any other changes (e.g.: authorized key file location)
Initial Configuration of SSH Server
To configure the OpenSSH server for initial use on Windows, launch PowerShell as an administrator, then run the following commands to start the SSHD service:
Start-Service sshd
# OPTIONAL but recommended:
Set-Service -Name sshd -StartupType 'Automatic'
# Confirm the Firewall rule is configured. It should be created automatically by setup.
Get-NetFirewallRule –Name *ssh*
# There should be a firewall rule named "OpenSSH-Server-In-TCP", which should be enabled
Initial use of SSH
Once you have installed the OpenSSH Server on Windows, you can quickly test it using PowerShell from any Windows device with the SSH Client installed. In PowerShell type the following command:
Ssh username@servername
The first connection to any server will result in a message similar to the following:
The authenticity of host 'servername (10.00.00.001)' can't be established.
ECDSA key fingerprint is SHA256:(<a large string>).
Are you sure you want to continue connecting (yes/no)?
The answer must be either “yes” or “no”. Answering Yes will add that server to the local system’s list of known ssh hosts.
You will be prompted for the password at this point. As a security precaution, your password will not be displayed as you type.
Once you connect you will see a command shell prompt similar to the following:
domainusername@SERVERNAME C:Usersusername>
The default shell used by Windows OpenSSH server is the Windows command shell.