Windows Client OS

OpenSSH Comes Out of Beta in Windows April 2018 Update

In this Ask the Admin, I’ll show you how to get started with the OpenSSH client in the Windows 10 April 2018 Update.



Sponsored Content

Passwords Haven’t Disappeared Yet

123456. Qwerty. Iloveyou. No, these are not exercises for people who are brand new to typing. Shockingly, they are among the most common passwords that end users choose in 2021. Research has found that the average business user must manually type out, or copy/paste, the credentials to 154 websites per month. We repeatedly got one question that surprised us: “Why would I ever trust a third party with control of my network?

Microsoft has quietly been integrating an OpenSSH client and server into Windows 10 and Windows Server over the last year. Without much fanfare, both client and server came out of beta along with the Windows 10 April 2018 Update. As of Windows 10 version 1803, the OpenSSH client is installed by default. But if you want to use the server component, you’ll need to manually install it.

The addition of OpenSSH in Windows is intended to make it easier for system administrators who manage hybrid Windows/Linux environments. SSH is also the default remoting protocol in PowerShell Core (PowerShell 6). WinRM remains the only supported remoting protocol in Windows PowerShell. SSH allows true multiplatform remoting in PowerShell Core but in the current release, Core doesn’t support all the features of WinRM. One missing feature is Just Enough Administration (JEA), so you can’t configure constrained endpoints. Although Microsoft does have JEA on its roadmap.

For more information on using PowerShell Core, see Managing Linux, Windows, AWS, and Azure Using PowerShell Core Part 1: Installing PowerShell Core and Modules for Azure and AWS and Managing Linux, Windows, AWS, and Azure Using PowerShell Core Part 2: PowerShell Remoting Over SSH on Petri.

OpenSSH Client

Let’s start by looking at the client. Unlike popular SSH client Putty, the OpenSSH client in Windows is only accessible from the command line. It’s installed by default in Windows 10 1803. All you need to do is open a command prompt and type ssh, followed by a username and machine name or IP address.

ssh [email protected]

The default port 22 is used unless you specify otherwise. Once you are connected to the remote host, you can run whatever commands are supported in the terminal session.

OpenSSH Server

Working with the SSH server is a bit more involved. First, you should install the component using PowerShell. Log into Windows 10 version 1803, open a PowerShell prompt with administrator privileges, and check what components are installed. Note that the Windows Update service must be running to use the Get-WindowsCapability cmdlet. The -Online parameter is used to run the command against the running operating system, instead of an offline WIM image.

Get-WindowsCapability -Online | Where-Object -Property Name -Like "OpenSSH*"

In the command output, you should see OpenSSH.Server~~~~ listed as a capability. If the State is NotPresent, then you’ll need to add it:
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~

Install the OpenSSH server in Windows 10 version 1803 (Image Credit: Russell Smith)
Install the OpenSSH Server in Windows 10 Version 1803 (Image Credit: Russell Smith)

Password-Based Authentication

Once the OpenSSH server is installed, all you need to do is start the service to authenticate to using a username and password.

Start-Service sshd

If you want the SSH server to start up automatically when Windows starts, change the service startup type to automatic:
Set-Service -Name sshd -StartupType Automatic

To connect to the SSH server running on the local PC (DESKTOP-6UG6042), use the command below. You will need to replace DESKTOP-6UG6042 with the name of the PC you want to connect to.
ssh [email protected]

The ssh command also accepts usernames in NETBIOS and UPN formats:
ssh [email protected]@DESKTOP-6UG6042
ssh AD\[email protected]

Connect to Windows using Secure Shell (Image Credit: Russell Smith)
Connect to Windows Using Secure Shell (Image Credit: Russell Smith)

Key-Based Authentication

While you can authenticate to the SSH server with a Windows username and password, it is more common to use key-based authentication with SSH. To enable key-based authentication, you’ll need to perform a couple of extra steps. For more detailed instructions on how to enable key-based authentication, see Microsoft’s site here.

In this Ask the Admin, I showed you how to install the OpenSSH server in Windows 10 version 1803 and how to connect to the OpenSSH server with a Windows username and password.

Follow Russell on Twitter @smithrussell.


Related Topics:


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (0)

Leave a Reply

IT consultant, Contributing Editor @PetriFeed, and trainer @Pluralsight. All about Microsoft, Office 365, Azure, and Windows Server.
13 Email Threat Types to Know About Right Now

As email threats evolve and multiply, keeping track of them all—and staying protected against the many different types—becomes a complex challenge. Today, that requires more than just the traditional email gateway solution that used to be good enough.

In this eBook you will learn:

  • What are the most common and challenging email attacks for organizations?
  • How to defend against sophisticated email threats, such as spoofing, social engineering, and fraud
  • How to protect employees at the inbox level with the right technologies and security-awareness training
  • How to use a multilayered protection strategy to reduce susceptibility to email attacks and better defend your business and employees

Sponsored by: