Dup Goto 📝

Enable sshd on Windows

PT2/windows/net windows network ssh sshd 12-06 22:11:16
To Pop
76 lines, 261 words, 2821 chars Saturday 2025-12-06 22:11:16

See this page at microsoft.com for setting up sshd and this page for setting up key based authentication

$PSVersionTable.PSVersion

to check major version is at least 5.

(New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent())).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)

to check you're and administrator.

Get-WindowsCapability -Online | Where-Object Name -like 'OpenSSH*'

to check openssh is available. It should output

Name  : OpenSSH.Client~~~~0.0.1.0
State : NotPresent

Name  : OpenSSH.Server~~~~0.0.1.0
State : NotPresent

Then 

# Install the OpenSSH Server
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0

Finally

# Start the sshd service
Start-Service sshd

# OPTIONAL but recommended:
Set-Service -Name sshd -StartupType 'Automatic'

# Confirm the Firewall rule is configured. It should be created automatically by setup. Run the following to verify
if (!(Get-NetFirewallRule -Name "OpenSSH-Server-In-TCP" -ErrorAction SilentlyContinue | Select-Object Name, Enabled)) {
    Write-Output "Firewall Rule 'OpenSSH-Server-In-TCP' does not exist, creating it..."
    New-NetFirewallRule -Name 'OpenSSH-Server-In-TCP' -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22
} else {
    Write-Output "Firewall rule 'OpenSSH-Server-In-TCP' has been created and exists."
}

authorized_keys

Put this file in %USERPROFILE%\.ssh.

Edit C:\ProgramData\ssh\sshd_config and comment out the line

Match Group administrators
       AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys

so that administrators can use their own authorized_keys file. And restart sshd:

Stop-Service sshd
Start-Service sshd

OR

Put the authorized_keys in C:\ProgramData\ssh\administrators_authorized_keys and then in Powershell

Use this sequence of commands in PowerShell to correct permission of administrators_authorized_keys

$acl = Get-Acl C:\ProgramData\ssh\administrators_authorized_keys
$acl.SetAccessRuleProtection($true, $false)
$administratorsRule = New-Object system.security.accesscontrol.filesystemaccessrule("Administrators","FullControl","Allow")
$systemRule = New-Object system.security.accesscontrol.filesystemaccessrule("SYSTEM","FullControl","Allow")
$acl.SetAccessRule($administratorsRule)
$acl.SetAccessRule($systemRule)
$acl | Set-Acl

and then stop-service sshd and start-service sshd if needed.