Fast way to setup OpenSSH on Windows Server (version below 2019)

Install:

Set-ExecutionPolicy Bypass -Scope Process -Force; iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))
choco install openssh
cd "C:\Program Files\OpenSSH-Win64\"
.\install-sshd.ps1
sc.exe config sshd start=auto

Change default shell (I assume you need PowerShell 6):

New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell -Value "C:\Program Files\PowerShell\6\pwsh.exe" -PropertyType String -Force

Generate keys for remote access:

  1. Login under proper user.
  2. Execute ssh-keygen.exe.
  3. Copy $Env:UserProfile\.ssh\id_rsa to external instrument (ssh client).
  4. Move or add $Env:UserProfile\.ssh\id_rsa.pub to $Env:UserProfile\.ssh\authorized_keys.
  5. Fix authorized_keys permissions:
$acl = Get-Acl $Env:UserProfile\.ssh\authorized_keys
$usersid = New-Object System.Security.Principal.Ntaccount("Everyone")
$acl.PurgeAccessRules($usersid)
$acl | Set-Acl $Env:UserProfile\.ssh\authorized_keys

For localized Windows: there’s no “Everyone”, but something in your language. Use GUI.

Debug (if things go wrong):

((New-Object System.Net.WebClient).DownloadFile('https://download.sysinternals.com/files/PSTools.zip', 'C:\PSTools.zip'))
Expand-Archive -LiteralPath 'C:\PSTools.zip' -DestinationPath 'C:\pstools'
sc.exe stop sshd
C:\pstools\PsExec64.exe -s sshd.exe -d

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: