Enable SSH & SSH Server On Windows 10

 

Open powershell and run as administrator.

The following command will show you the name and state of OpenSSH on your system,


Get-WindowsCapability -Online | ? Name -like 'OpenSSH*'

You should see something like,


Name : OpenSSH.Client~~~~0.0.1.0

State : Installed


Name : OpenSSH.Server~~~~0.0.1.0

State : NotPresent

Get-WindowsCapability -Online | ? Name -like 'OpenSSH*'

You should see something like,


Name : OpenSSH.Client~~~~0.0.1.0

State : Installed


Name : OpenSSH.Server~~~~0.0.1.0

State : NotPresent


That is telling you that the ssh client is installed. (It's ready to use by default in recent Windows 10 builds.) The server is not setup yet.


Add the OpenSSh server component,


Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0

That command will download the server component and install it. Output will look like,


Path :

Online : True

RestartNeeded : False

Note: If for some reason your systems showed "NotPresent" for the client too then you would do the same command above but using "OpenSSH.Client~~~~0.0.1.0"


You now have the ssh server installed but it is not running. The next command will start the service,


Start-Service sshd

That will start silently. You can see that it is running with Get-Service,


PS C:Windowssystem32> Get-Service sshd


Status Name DisplayName

------ ---- -----------

Running sshd OpenSSH SSH Server

You could stop it with, you guessed it, "Stop-Service sshd"


Note: the name of the ssh server application is "sshd". This is a typical naming convention from UNIX. The "d" means "daemon". Services in Linux/UNIX are called daemons. Now you understand the meaning of the BSD UNIX mascot "Beastie" which you may have seen before.


In order to avoid having to manually start sshd you can do the following to have it start on boot.


Set-Service -Name sshd -StartupType 'Automatic'

The last thing to check is the firewall setting for sshd. It by default uses the port number 22. Enabling the service automatically created the following firewall rules,


PS C:Windowssystem32> Get-NetFirewallRule -Name *ssh*



Name                  : OpenSSH-Server-In-TCP

DisplayName           : OpenSSH SSH Server (sshd)

Description           : Inbound rule for OpenSSH SSH Server (sshd)

DisplayGroup          : OpenSSH Server

Group                 : OpenSSH Server

Enabled               : True

Profile               : Any

Platform              : {}

Direction             : Inbound

Action                : Allow

EdgeTraversalPolicy   : Block

LooseSourceMapping    : False

LocalOnlyMapping      : False

Owner                 :

PrimaryStatus         : OK

Status                : The rule was parsed successfully from the store. (65536)

EnforcementStatus     : NotApplicable

PolicyStoreSource     : PersistentStore

PolicyStoreSourceType : Local


PS C:Usersdon> ssh kinghorn@192.168.3.70

When you first connect to a machine that you haven't accessed before you will see something like,


The authenticity of host '192.168.3.70 (192.168.3.70)' can't be established.

ECDSA key fingerprint is SHA256:(a bunch of stuff...).

Are you sure you want to continue connecting (yes/no)? yes

More Info