How to Install and Configure OpenSSH on Windows Server 2019

What is OpenSSH?

OpenSSH is an open-source utility developed by The OpenBSD Project. SSH stands for "Secure SHell." This service encrypts traffic on both ends, eliminating security risks from hackers or eavesdroppers. It can be used for remote operations like file transfers and offers key-based passwordless authentication. In this tutorial, we will demonstrate how to harness the power of SSH's on your Windows server to send basic remote commands and transfer files using password authentication.

We should also mention what OpenSSH is not. OpenSSH is not a remote desktop or VNC based solution as it does not provide a graphical interface.

Despite being the self-proclaimed "premier connectivity tool for remote login" on BSD and Linux Operating systems for over two decades, Microsoft Windows System Administrators and Developers were often subjected to lengthy, complex setup processes. They were asked to download multiple applications containing confusing setup processes. While functional, it was not without its quirks.

In 2018, Microsoft released the native OpenSSH client/server capabilities in Windows 10 as well as on Windows Server 2019. This release was a significant improvement for those who have to work with both Windows and Linux-based systems. With a native OpenSSH solution, there are no external applications to install, and it can be accomplished via Windows Powershell.

Preflight Check

• This article assumes that you are running either Windows Server 2019 or Windows 10 as an administrator.
• Additionally, installing OpenSSH Server will create a Windows Firewall rule called "OpenSSH-Server-In-TCP." This will allow inbound SSH traffic on Port 22 to your server.
• OpenSSH consists of two distinct elements of its architecture; both the client and server-side systems are covered in this tutorial.

Installation

Step 1.

We begin by opening up Powershell as an Administrator User. To begin, click on the "Start" button and click on "All Apps." Expand the Powershell folder, and right-click on "Powershell" and select "Run as administrator. " Depending on your machine settings, you may receive a "UAC" or User Access Control prompt asking us to allow it. Go ahead and approve the access.

Step 2.

Next, we need to type the commands to install the OpenSSH client. The client is the software used to connect to the OpenSSH server. We will be connecting from our local laptop or workstation, so we begin by opening Powershell, as previously noted in this tutorial. At the Powershell prompt type the following and hit enter.

# Install the OpenSSH Client
Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0

You will see a progress bar indicating the progress of the installation. When the installation completes, you will receive the following output.

Path :
Online : True
RestartNeeded : False

Step 3.

Next, we will install the OpenSSH server. The server is the computer that runs the sshd service, and we will connect to it. At the Powershell prompt type the following command and hit enter.

# Install the OpenSSH Server
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0

Again you should see a progress bar indicating the progress of the installation. When the installation completes, you should receive the following output.

Path :
Online : True
RestartNeeded : False

Uninstallation

In the event you ever wanted to remove the Client or the Server, you could do so by running the following one of the following commands at a Powershell prompt with administrator privileges.

# Uninstall the OpenSSH Client
Remove-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0

# Uninstall the OpenSSH Server
Remove-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0

Configuration

Once the OpenSSH software has been installed on the server, we need to configure it. In this step, we will set the sshd service to start on boot. This action will ensure that if a reboot or power failure occurs, the service will restart automatically. Again at the Powershell prompt, type the following command. This starts the service and sets it to start automatically.

Start-Service sshd
Set-Service -Name sshd -StartupType 'Automatic'

Next, for us to allow a secure SSH connection to our server, we will need to add a firewall rule that allows inbound ssh traffic on port 22. To verify, type this command at the Powershell prompt.

# Confirm the Firewall rule is present. It should be created automatically by setup.
Get-NetFirewallRule -Name *ssh*

Now, we should see an enabled firewall rule named "OpenSSH-Server-In-TCP." In the event we do not see a firewall rule, we will need to create one. We accomplish this by running the following command.

New-NetFirewallRule -Name sshd -DisplayName' OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22

OpenSSH Usage

Once we have the OpenSSH server and client installed, we are ready to test the setup. We can quickly check the connectivity from any Linux, Mac, or Windows device using an installed SSH Client. In Windows, type the following command in PowerShell.

ssh Administrator@67.225.186.9

***NOTE: Replace the IP above with the IP address of your server***

If this is the first time you have connected to the server, you will be asked if you want to continue connecting. Type "yes" and hit enter.

The authenticity of host' 67.225.186.9 (67.225.186.9)' can't be established.
ECDSA key fingerprint is SHA256:aMmHNXmcgX2DHuFL0V9lSpY8AX45iHQeBxVD1oZgr4w.

Are you sure you want to continue connecting (yes/no/[fingerprint])? yes

Warning: Permanently added '67.225.186.9' (ECDSA) to the list of known hosts.

Next, we are prompted for the user's password. Type it in and hit enter.

Administrator@67.225.186.9's password:

Once the user has successfully authenticated, we will be greeted with a command shell prompt that looks similar to the following.

Microsoft Windows [Version 10.0.17763.1282]
(c) 2018 Microsoft Corporation. All rights reserved.

administrator@HU11W8 C:\Users\Administrator>

The remote SSH session or "secure shell" is now live, and we can begin sending remote commands. For example, if you wanted to see what files are in your users' directory type the "dir" command and hit enter. You will see a list of all files and directories in that folder.

administrator@HU11W8 C:\Users\Administrator>dir
Volume in drive C has no label.
Volume Serial Number is AEF3-9E8C

Directory of C:\Users\Administrator
07/02/2020 07:52 AM
07/02/2020 07:52 AM..
07/08/2020 12:45 PM3D Objects
07/08/2020 12:45 PMContacts
07/08/2020 12:45 PMDesktop
07/08/2020 12:45 PMDocuments
07/08/2020 12:45 PMDownloads
07/08/2020 12:45 PMFavorites
07/08/2020 12:45 PMLinks
07/08/2020 12:45 PMMusic
07/08/2020 12:45 PMPictures
07/08/2020 12:45 PMSaved Games
07/08/2020 12:45 PMSearches
07/08/2020 12:45 PMVideos
0 File(s) 0 bytes
14 Dir(s) 129,643,646,976 bytes free

For further information on Powershell and its various commands, be sure to review the Microsoft Powershell Documentation to learn more about its full capabilities.

Transferring Files with OpenSSH

Now that we have learned how to make a successful connection and the basics of sending remote commands, we are ready to move on to file transfers. In this section, we will use the scp file transfer utility provided by OpenSSH to transfer a file named "FileOnMyClient.txt" to the Administrator's folder on our OpenSSH server.

From any Linux, Mac, or Windows device with the SSH Client installed, navigate to the folder your file is in by using the "cd" command.

cd Documents

***NOTE: This assumes the file is in the Documents folder on the client.***

Now we are ready to initiate a file transfer. In Powershell, type the following command to transfer the file to the Administrators folder on the server:

scp FileOnMyClient.txt Administrator@67.225.186.9:/Users/Administrator/

We will be prompted for your password. Type it in and hit enter. We will see output similar to the following information indicating the transfer percentage, transfer speed and timeframe of the transfer.

Administrator@67.225.186.9's password:
FileOnMyClient.txt 100% 0 0.1KB/s 00:05

Next, to verify that the file transferred successfully, we must go back to our server and typing in the dir command again which lists all the files in that particular folder. As you can see, we have successfully transferred our text file.

administrator@HU11W8 C:\Users\Administrator>dir
Volume in drive C has no label.
Volume Serial Number is AEF3-9E8C

Directory of C:\Users\Administrator
07/08/2020 01:06 PM .
07/08/2020 01:06 PM..
07/08/2020 12:45 PM3D Objects
07/08/2020 12:45 PMContacts
07/08/2020 12:45 PMDesktop
07/08/2020 12:45 PMDocuments
07/08/2020 12:45 PMDownloads
07/08/2020 12:45 PMFavorites
07/08/2020 01:12 PM 15 FileOnMyClient.txt <<<<<
07/08/2020 12:45 PMLinks
07/08/2020 12:45 PMMusic
07/08/2020 12:45 PMPictures
07/08/2020 12:45 PMSaved Games
07/08/2020 12:45 PMSearches
07/08/2020 12:45 PMVideos
1 File(s) 15 bytes
14 Dir(s) 129,640,345,600 bytes free

We can also check the contents of our text file by using the built-in Windows command "type" command, followed by the name of the file.

administrator@HU11W8 C:\Users\Administrator>type FileOnMyClient.txt

Conclusion

OpenSSH is an extremely useful tool used by administrators of both Linux and Windows users for ease of management of remote systems. It has multiple functions including a keygen feature, key storage of both internal and external SSHKeys, a Secure File Transfer Protocol attribute as well as a file transfer utility. Overall, OpenSSH is the modern standard for secure and dependable connectivity.

We pride ourselves on being The Most Helpful Humans In Hosting™!

Our support staff is always available to assist with any issues related to this article, 24 hours a day, 7 days a week 365 days a year.

We are available, via our ticketing systems at support@liquidweb.com, by phone (at 800-580-4986) or via a LiveChat or whatever method you prefer. We work hard for you so you can relax.