The following command will show you the name and state of OpenSSH on your system,
Get-WindowsCapability -Online | ? Name -like 'OpenSSH*'
You should see something like,
Name : OpenSSH.Client~~~~0.0.1.0
State : Installed
Name : OpenSSH.Server~~~~0.0.1.0
State : NotPresent
Get-WindowsCapability -Online | ? Name -like 'OpenSSH*'
You should see something like,
Name : OpenSSH.Client~~~~0.0.1.0
State : Installed
Name : OpenSSH.Server~~~~0.0.1.0
State : NotPresent
That is telling you that the ssh client is installed. (It's ready to use by default in recent Windows 10 builds.) The server is not setup yet.
Add the OpenSSh server component,
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
That command will download the server component and install it. Output will look like,
Path :
Online : True
RestartNeeded : False
Note: If for some reason your systems showed "NotPresent" for the client too then you would do the same command above but using "OpenSSH.Client~~~~0.0.1.0"
You now have the ssh server installed but it is not running. The next command will start the service,
Start-Service sshd
That will start silently. You can see that it is running with Get-Service,
PS C:Windowssystem32> Get-Service sshd
Status Name DisplayName
------ ---- -----------
Running sshd OpenSSH SSH Server
You could stop it with, you guessed it, "Stop-Service sshd"
Note: the name of the ssh server application is "sshd". This is a typical naming convention from UNIX. The "d" means "daemon". Services in Linux/UNIX are called daemons. Now you understand the meaning of the BSD UNIX mascot "Beastie" which you may have seen before.
In order to avoid having to manually start sshd you can do the following to have it start on boot.
Set-Service -Name sshd -StartupType 'Automatic'
The last thing to check is the firewall setting for sshd. It by default uses the port number 22. Enabling the service automatically created the following firewall rules,
PS C:Windowssystem32> Get-NetFirewallRule -Name *ssh*
Name : OpenSSH-Server-In-TCP
DisplayName : OpenSSH SSH Server (sshd)
Description : Inbound rule for OpenSSH SSH Server (sshd)
DisplayGroup : OpenSSH Server
Group : OpenSSH Server
Enabled : True
Profile : Any
Platform : {}
Direction : Inbound
Action : Allow
EdgeTraversalPolicy : Block
LooseSourceMapping : False
LocalOnlyMapping : False
Owner :
PrimaryStatus : OK
Status : The rule was parsed successfully from the store. (65536)
EnforcementStatus : NotApplicable
PolicyStoreSource : PersistentStore
PolicyStoreSourceType : Local
PS C:Usersdon> ssh kinghorn@192.168.3.70
When you first connect to a machine that you haven't accessed before you will see something like,
The authenticity of host '192.168.3.70 (192.168.3.70)' can't be established.
ECDSA key fingerprint is SHA256:(a bunch of stuff...).
Are you sure you want to continue connecting (yes/no)? yes
