Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET
Windows Client OS

OpenSSH Comes Out of Beta in Windows April 2018 Update

In this Ask the Admin, I’ll show you how to get started with the OpenSSH client in the Windows 10 April 2018 Update.



Sponsored Content

Say Goodbye to Traditional PC Lifecycle Management

Traditional IT tools, including Microsoft SCCM, Ghost Solution Suite, and KACE, often require considerable custom configurations by T3 technicians (an expensive and often elusive IT resource) to enable management of a hybrid onsite + remote workforce. In many cases, even with the best resources, organizations are finding that these on-premise tools simply cannot support remote endpoints consistently and reliably due to infrastructure limitations.

Microsoft has quietly been integrating an OpenSSH client and server into Windows 10 and Windows Server over the last year. Without much fanfare, both client and server came out of beta along with the Windows 10 April 2018 Update. As of Windows 10 version 1803, the OpenSSH client is installed by default. But if you want to use the server component, you’ll need to manually install it.

The addition of OpenSSH in Windows is intended to make it easier for system administrators who manage hybrid Windows/Linux environments. SSH is also the default remoting protocol in PowerShell Core (PowerShell 6). WinRM remains the only supported remoting protocol in Windows PowerShell. SSH allows true multiplatform remoting in PowerShell Core but in the current release, Core doesn’t support all the features of WinRM. One missing feature is Just Enough Administration (JEA), so you can’t configure constrained endpoints. Although Microsoft does have JEA on its roadmap.

For more information on using PowerShell Core, see Managing Linux, Windows, AWS, and Azure Using PowerShell Core Part 1: Installing PowerShell Core and Modules for Azure and AWS and Managing Linux, Windows, AWS, and Azure Using PowerShell Core Part 2: PowerShell Remoting Over SSH on Petri.

OpenSSH Client

Let’s start by looking at the client. Unlike popular SSH client Putty, the OpenSSH client in Windows is only accessible from the command line. It’s installed by default in Windows 10 1803. All you need to do is open a command prompt and type ssh, followed by a username and machine name or IP address.

ssh [email protected]

The default port 22 is used unless you specify otherwise. Once you are connected to the remote host, you can run whatever commands are supported in the terminal session.

OpenSSH Server

Working with the SSH server is a bit more involved. First, you should install the component using PowerShell. Log into Windows 10 version 1803, open a PowerShell prompt with administrator privileges, and check what components are installed. Note that the Windows Update service must be running to use the Get-WindowsCapability cmdlet. The -Online parameter is used to run the command against the running operating system, instead of an offline WIM image.

Get-WindowsCapability -Online | Where-Object -Property Name -Like "OpenSSH*"

In the command output, you should see OpenSSH.Server~~~~ listed as a capability. If the State is NotPresent, then you’ll need to add it:
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~

Install the OpenSSH server in Windows 10 version 1803 (Image Credit: Russell Smith)
Install the OpenSSH Server in Windows 10 Version 1803 (Image Credit: Russell Smith)

Password-Based Authentication

Once the OpenSSH server is installed, all you need to do is start the service to authenticate to using a username and password.

Start-Service sshd

If you want the SSH server to start up automatically when Windows starts, change the service startup type to automatic:
Set-Service -Name sshd -StartupType Automatic

To connect to the SSH server running on the local PC (DESKTOP-6UG6042), use the command below. You will need to replace DESKTOP-6UG6042 with the name of the PC you want to connect to.
ssh [email protected]

The ssh command also accepts usernames in NETBIOS and UPN formats:
ssh [email protected]@DESKTOP-6UG6042
ssh AD\[email protected]

Connect to Windows using Secure Shell (Image Credit: Russell Smith)
Connect to Windows Using Secure Shell (Image Credit: Russell Smith)

Key-Based Authentication

While you can authenticate to the SSH server with a Windows username and password, it is more common to use key-based authentication with SSH. To enable key-based authentication, you’ll need to perform a couple of extra steps. For more detailed instructions on how to enable key-based authentication, see Microsoft’s site here.

In this Ask the Admin, I showed you how to install the OpenSSH server in Windows 10 version 1803 and how to connect to the OpenSSH server with a Windows username and password.

Follow Russell on Twitter @smithrussell.


Related Topics:


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (0)

Leave a Reply

IT consultant, Contributing Editor @PetriFeed, and trainer @Pluralsight. All about Microsoft, Office 365, Azure, and Windows Server.
Live Webinar: Active Directory Security: What Needs Immediate Priority!Live on Tuesday, October 12th at 1 PM ET

Attacks on Active Directory are at an all-time high. Companies that are not taking heed are being punished, both monetarily and with loss of production.

In this webinar, you will learn:

  • How to prioritize vulnerability management
  • What attackers are leveraging to breach organizations
  • Where Active Directory security needs immediate attention
  • Overall strategy to secure your environment and keep it secured

Sponsored by: