SSH Server Configuration | Windows Server 2019 | Practonet

OpenSSH Configuration

An SSH server is a software program which uses the secure shell protocol to accept connections from remote computers. SFTP/SCP file transfers and remote terminal connections are popular use cases for an SSH server. OpenSSH has been supported on Windows Server 2019. It's easy to setup OpenSSH Server now. (OpenSSH Client is installed by default OS Installation)

SSH Server Configuration
SSH Client Configuration
SSH Key-Pair Authentication
Use SSH Agent

SSH Server Configuraton

Step 1: Open Start -> Settings.



Step 2: Click Apps.



Step 3: Click Manage optional features.



Step 4: Click Add a feature.



Step 5: Select OpenSSH Server and click Install button.



Step 6: After finishing installation, OpenSSH Server has beed added in services. Start it and also change Startup to Automatic.



Step 7: If Windows Firewall is running, allow SSH service port. (22/TCP). That's OK to setup OpenSSH Server.

SSH Server Configuration
SSH Client Configuration
SSH Key-Pair Authentication
Use SSH Agent

SSH Client Configuraton

Configure SSH Client to connect to SSH Server.

Step : On Windows Server 2019, OpenSSH Client is installed by default. But if it has not been installed, Install from Start -> Settings -> Apps -> Manage optional features -> Add a feature -> OpenSSH Client.

SSH Server Configuration
SSH Client Configuration
SSH Key-Pair Authentication
Use SSH Agent

SSH Key-Pair Authentication

Step 1: By default setting of OpenSSH on Windows, only Administrators group is configured as that authorized_keys file is not the default location of OpenSSH like follows, but if you'd like to set it on default location for all users, it needs to comment out these 2 lines.
⇒ Conf file [C:\ProgramData\ssh\sshd_config]



Step 2: Logon with any user you'd like to set SSH key-pair.
Run ssh-keygen command to generate SSH key-pair.



Step 3: Move to .ssh folder and rename puiblic-key file to authorized_keys.
PS > cd .ssh
PS > mv id_rsa.pub authorized_keys



Step 4: Change Security setting for authorized_keys file. Because Everyone:(RX) is added to the file by default, but it prevents SSH key-pair authentication normally, so remove the right.
PS > icacls authorized_keys /remove Everyone
That's OK all for Server side settings. Move to Client side Host.



Step 5: Logon with any user you'd like to set SSH secret key on Client Host and run PowerShell or Command prompt.
Next, create .ssh folder under the Home Folder of the user, and next, transfer secret key under .ssh folder like follows.

PS > mkdir .ssh
PS > cd .ssh
PS > sftp (username)@(SSH server's Hostname or IP address)
sftp > cd .ssh
sftp > get id_rsa
sftp > exit



Step 6: That's OK. Make sure possible login with key-pair authentication.
PS > ssh (username)@(SSH server's Hostname or IP address)



Step 7: If transfer secret key on Linux Host, it's also possbile to connect from Linux Host to Windows Host with SSH key-pair auth.

SSH Server Configuration
SSH Client Configuration
SSH Key-Pair Authentication
Use SSH Agent

Use SSH Agent

Use SSH-Agent to automate inputting passphrase on key-pair authentication.

Step 1: SSH-Agent is installed by default with OpenSSH Client programs but it is disabled by default, so turn to enabled and also Start the service.



Step 2: Logon with a user that set SSH key-pair and add secret key like follows.
PS > ssh-add (secret key's PATH)
# display added identity list
PS > ssh-add -l
# if remove all identities, run like follows (if remove a specific identity, specify [-d] option)
PS > ssh-add -D