title: Enable sshd on Windows tags: windows network ssh sshd See [this page at microsoft.com for setting up sshd](https://learn.microsoft.com/en-us/windows-server/administration/openssh/openssh_install_firstuse?tabs=gui) and [this page for setting up key based authentication](https://learn.microsoft.com/en-us/windows-server/administration/openssh/openssh_keymanagement) ```powershell $PSVersionTable.PSVersion ``` to check major version is at least 5. ```powershell (New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent())).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator) ``` to check you're and administrator. ```powershell Get-WindowsCapability -Online | Where-Object Name -like 'OpenSSH*' ``` to check openssh is available. It should output ```plaintext Name : OpenSSH.Client~~~~0.0.1.0 State : NotPresent Name : OpenSSH.Server~~~~0.0.1.0 State : NotPresent ``` Then ```powershell # Install the OpenSSH Server Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0 ``` Finally ```powershell # Start the sshd service Start-Service sshd # OPTIONAL but recommended: Set-Service -Name sshd -StartupType 'Automatic' # Confirm the Firewall rule is configured. It should be created automatically by setup. Run the following to verify if (!(Get-NetFirewallRule -Name "OpenSSH-Server-In-TCP" -ErrorAction SilentlyContinue | Select-Object Name, Enabled)) { Write-Output "Firewall Rule 'OpenSSH-Server-In-TCP' does not exist, creating it..." New-NetFirewallRule -Name 'OpenSSH-Server-In-TCP' -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22 } else { Write-Output "Firewall rule 'OpenSSH-Server-In-TCP' has been created and exists." } ``` ## authorized_keys Put this file in `%USERPROFILE%\.ssh`. Edit `C:\ProgramData\ssh\sshd_config` and comment out the line ```plaintext Match Group administrators AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys ``` so that administrators can use their own `authorized_keys` file. And restart `sshd`: ```powershell Stop-Service sshd Start-Service sshd ``` ### OR Put the `authorized_keys` in `C:\ProgramData\ssh\administrators_authorized_keys` and then in Powershell ``` Use this sequence of commands in PowerShell to correct permission of administrators_authorized_keys $acl = Get-Acl C:\ProgramData\ssh\administrators_authorized_keys $acl.SetAccessRuleProtection($true, $false) $administratorsRule = New-Object system.security.accesscontrol.filesystemaccessrule("Administrators","FullControl","Allow") $systemRule = New-Object system.security.accesscontrol.filesystemaccessrule("SYSTEM","FullControl","Allow") $acl.SetAccessRule($administratorsRule) $acl.SetAccessRule($systemRule) $acl | Set-Acl ``` and then `stop-service sshd` and `start-service sshd` if needed.