-
Notifications
You must be signed in to change notification settings - Fork 1.8k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #1750 from v-dasis/openssh
OpenSSH improve article
- Loading branch information
Showing
1 changed file
with
66 additions
and
56 deletions.
There are no files selected for viewing
122 changes: 66 additions & 56 deletions
122
WindowsServerDocs/administration/OpenSSH/OpenSSH_Install_FirstUse.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,128 +1,138 @@ | ||
| --- | ||
| title: Installation of OpenSSH For Windows Server | ||
| description: Installing the OpenSSH client and server for Windows Server using the Windows Settings options or Windows PowerShell. | ||
| ms.date: 09/27/2019 | ||
| title: Install OpenSSH | ||
| description: Installing OpenSSH Client and Server for Windows. | ||
| ms.date: 04/12/2021 | ||
| ms.topic: conceptual | ||
| ms.author: damaerte | ||
| author: maertendmsft | ||
| ms.custom: contperf-fy21q4 | ||
| --- | ||
|
|
||
| # Installation of OpenSSH For Windows Server 2019 and Windows 10 | ||
| # Install OpenSSH | ||
|
|
||
| The OpenSSH Client and OpenSSH Server are separately installable components in Windows Server 2019 and Windows 10 1809. | ||
| Users with these Windows versions should use the instructions that follow to install and configure OpenSSH. | ||
| > Applies to Windows Server 2019, Windows 10 | ||
| > [!NOTE] | ||
| > Users who acquired OpenSSH from the PowerShell GitHub repo (https://github.com/PowerShell/OpenSSH-Portable) should use the instructions from there, and __should not__ use these instructions. | ||
| OpenSSH is a connectivity tool for remote login that uses the SSH protocol. It encrypts all traffic between client and server to eliminate eavesdropping, connection hijacking, and other attacks. | ||
|
|
||
| OpenSSH can be used to connect Window 10 clients to Windows Server 2019. OpenSSH Client is available to install on Windows 10 build 1809 and later, while OpenSSH Server is available to install on Windows Server 2019 and later. | ||
|
|
||
| > [!IMPORTANT] | ||
| > If you downloaded OpenSSH from the GitHub repo at [PowerShell/openssh-portable](https://github.com/PowerShell/OpenSSH-Portable), follow the instructions listed there, not the ones in this article. | ||
| ## Install OpenSSH using Windows Settings | ||
|
|
||
| ## Installing OpenSSH from the Settings UI on Windows Server 2019 or Windows 10 1809 | ||
| Both OpenSSH components can be installed using Windows Settings. OpenSSH Server is installed on Windows Server and OpenSSH Client is installed on Windows 10 devices. | ||
|
|
||
| OpenSSH client and server are installable features of Windows 10 1809. | ||
| To install the OpenSSH components: | ||
|
|
||
| To install OpenSSH, start Settings then go to Apps > Apps and Features > Manage Optional Features. | ||
| 1. Open **Settings**, select **Apps > Apps & Features**, then select **Optional Features**. | ||
|
|
||
| Scan this list to see if OpenSSH client is already installed. If not, then at the top of the page select "Add a feature", then: | ||
| 1. Scan the list to see if the OpenSSH is already installed. If not, at the top of the page, select **Add a feature**, then: | ||
|
|
||
| * To install the OpenSSH client, locate "OpenSSH Client", then click "Install". | ||
| * To install the OpenSSH server, locate "OpenSSH Server", then click "Install". | ||
| - On Windows 10, find **OpenSSH Client**, then click **Install** | ||
| - On Windows Server 2019, find **OpenSSH Server**, then click **Install** | ||
|
|
||
| Once the installation completes, return to Apps > Apps and Features > Manage Optional Features and you should see the OpenSSH component(s) listed. | ||
| Once setup completes, return to **Apps > Apps & Features** and **Optional Features** and you should see OpenSSH listed. | ||
|
|
||
| > [!NOTE] | ||
| > Installing OpenSSH Server will create and enable a firewall rule named "OpenSSH-Server-In-TCP". This allows inbound SSH traffic on port 22. | ||
| > Installing OpenSSH Server will create and enable a firewall rule named `OpenSSH-Server-In-TCP`. This allows inbound SSH traffic on port 22. If this rule is not enabled and this port is not open, connections will be refused or reset. | ||
| ## Installing OpenSSH with PowerShell | ||
| ## Install OpenSSH using PowerShell | ||
|
|
||
| To install OpenSSH using PowerShell, first launch PowerShell as an Administrator. | ||
| To make sure that the OpenSSH features are available for install: | ||
| To install OpenSSH using PowerShell, run PowerShell as an Administrator. | ||
| To make sure that OpenSSH is available, run the following cmdlet: | ||
|
|
||
| ```powershell | ||
| Get-WindowsCapability -Online | ? Name -like 'OpenSSH*' | ||
| ``` | ||
|
|
||
| # This should return the following output: | ||
| This should return the following output: | ||
|
|
||
| Name : OpenSSH.Client~~~~0.0.1.0 | ||
| ``` | ||
| Name : OpenSSH.Client 0.0.1.0 | ||
| State : NotPresent | ||
| Name : OpenSSH.Server~~~~0.0.1.0 | ||
| Name : OpenSSH.Server 0.0.1.0 | ||
| State : NotPresent | ||
| ``` | ||
|
|
||
| Then, install the server and/or client features: | ||
| Then, install the server or client components as needed: | ||
|
|
||
| ```powershell | ||
| # Install the OpenSSH Client | ||
| Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0 | ||
| Add-WindowsCapability -Online -Name OpenSSH.Client 0.0.1.0 | ||
| # Install the OpenSSH Server | ||
| Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0 | ||
| Add-WindowsCapability -Online -Name OpenSSH.Server 0.0.1.0 | ||
| ``` | ||
|
|
||
| # Both of these should return the following output: | ||
| Both of these should return the following output: | ||
|
|
||
| ``` | ||
| Path : | ||
| Online : True | ||
| RestartNeeded : False | ||
| ``` | ||
|
|
||
| ## Uninstalling OpenSSH | ||
| ## Start and configure SSH Server | ||
|
|
||
| To uninstall OpenSSH using the Windows Settings, start Settings then go to Apps > Apps and Features > Manage Optional Features. | ||
| In the list of installed features, select the OpenSSH Client or OpenSSH Server component, then select Uninstall. | ||
|
|
||
| To uninstall OpenSSH using PowerShell, use one of the following commands: | ||
|
|
||
| ```powershell | ||
| # Uninstall the OpenSSH Client | ||
| Remove-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0 | ||
| # Uninstall the OpenSSH Server | ||
| Remove-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0 | ||
| ``` | ||
|
|
||
| A Windows restart may be required after removing OpenSSH, if the service is in use at the time it was uninstalled. | ||
|
|
||
|
|
||
| ## Initial Configuration of SSH Server | ||
|
|
||
| To configure the OpenSSH server for initial use on Windows, launch PowerShell as an administrator, then run the following commands to start the SSHD service: | ||
| To start and configure OpenSSH server for initial use, open PowerShell as an administrator, then run the following commands to start the `SSHD service`: | ||
|
|
||
| ```powershell | ||
| Start-Service sshd | ||
| # OPTIONAL but recommended: | ||
| Set-Service -Name sshd -StartupType 'Automatic' | ||
| # Confirm the Firewall rule is configured. It should be created automatically by setup. | ||
| # Confirm the firewall rule is configured. It should be created automatically by setup. | ||
| Get-NetFirewallRule -Name *ssh* | ||
| # There should be a firewall rule named "OpenSSH-Server-In-TCP", which should be enabled | ||
| # If the firewall does not exist, create one | ||
| New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22 | ||
| ``` | ||
|
|
||
| ## Initial use of SSH | ||
| ## Connect to SSH Server | ||
|
|
||
| Once you have installed the OpenSSH Server on Windows, you can quickly test it using PowerShell from any Windows device with the SSH Client installed. | ||
| In PowerShell type the following command: | ||
| Once installed, you can connect to OpenSSH Server from a Windows 10 device with the SSH client installed using PowerShell as follows. Be sure to run PowerShell as an administrator: | ||
|
|
||
| ```powershell | ||
| Ssh username@servername | ||
| ``` | ||
|
|
||
| The first connection to any server will result in a message similar to the following: | ||
| Once connected, you get a message similar to the following: | ||
|
|
||
| ``` | ||
| The authenticity of host 'servername (10.00.00.001)' can't be established. | ||
| ECDSA key fingerprint is SHA256:(<a large string>). | ||
| Are you sure you want to continue connecting (yes/no)? | ||
| ``` | ||
|
|
||
| The answer must be either "yes" or "no". | ||
| Answering Yes will add that server to the local system's list of known ssh hosts. | ||
| Selecting **yes** adds that server to the list of known ssh hosts on your Windows client. | ||
|
|
||
| You will be prompted for the password at this point. As a security precaution, your password will not be displayed as you type. | ||
| You are prompted for the password at this point. As a security precaution, your password will not be displayed as you type. | ||
|
|
||
| Once you connect you will see a command shell prompt similar to the following: | ||
| Once connected, you will see the Windows command shell prompt: | ||
|
|
||
| ``` | ||
| domain\username@SERVERNAME C:\Users\username> | ||
| ``` | ||
|
|
||
| The default shell used by Windows OpenSSH server is the Windows command shell. | ||
| ## Uninstall OpenSSH using Windows Settings | ||
|
|
||
| To uninstall OpenSSH using Windows Settings: | ||
|
|
||
| 1. Open **Settings**, then go to **Apps > Apps & Features**. | ||
| 1. Go to **Optional Features**. | ||
| 1. In the list, select **OpenSSH Client** or **OpenSSH Server**. | ||
| 1. Select **Uninstall**. | ||
|
|
||
| ## Uninstall OpenSSH using PowerShell | ||
|
|
||
| To uninstall the OpenSSH components using PowerShell, use the following commands: | ||
|
|
||
| ```powershell | ||
| # Uninstall the OpenSSH Client | ||
| Remove-WindowsCapability -Online -Name OpenSSH.Client 0.0.1.0 | ||
| # Uninstall the OpenSSH Server | ||
| Remove-WindowsCapability -Online -Name OpenSSH.Server 0.0.1.0 | ||
| ``` | ||
|
|
||
| You may need to restart Windows afterwards if the service was in use at the time it was uninstalled. |