Windows enables SSH as a remote host

Source: Installing OpenSSH

Install OpenSSH using Windows settings

Both OpenSSH components can be installed using Windows Settings on Windows Server 2019 and Windows 10 devices.

To install OpenSSH components:

1. Open Settings, select Apps > Apps & features, and then select Optional features.

2. Scan the list to see if OpenSSH is installed. If not installed, select Add Features at the top of the page, then:

   • Find "OpenSSH Client" and click Install
   • Find "OpenSSH Server" and click Install

Once you're set up, go back to Apps > Apps & Features and Optional Features, and you should see OpenSSH listed.

 备注

安装 OpenSSH 服务器将创建并启用一个名为 OpenSSH-Server-In-TCP 的防火墙规则。 这允许端口 22 上的入站 SSH 流量。 如果未启用此规则且未打开此端口，那么连接将被拒绝或重置。

Install OpenSSH using PowerShell

To install OpenSSH using PowerShell, first run PowerShell as an administrator. To ensure that OpenSSH is available, run the following cmdlet:

Get-WindowsCapability -Online | Where-Object Name -like 'OpenSSH*'

If neither is already installed, this should return the following output:

Name  : OpenSSH.Client~~~~0.0.1.0
State : NotPresent

Name  : OpenSSH.Server~~~~0.0.1.0
State : NotPresent

Then, install the server or client components as needed:

# Install the OpenSSH Client
Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0

# Install the OpenSSH Server
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0

Both should return the following output:

Path          :
Online        : True
RestartNeeded : False

Start and configure the OpenSSH server

To start and configure the OpenSSH server for use, open PowerShell as an administrator and run the following command to start the sshd service:

# Start the sshd service
Start-Service sshd

# OPTIONAL but recommended:
Set-Service -Name sshd -StartupType 'Automatic'

# Confirm the Firewall rule is configured. It should be created automatically by setup. Run the following to verify
if (!(Get-NetFirewallRule -Name "OpenSSH-Server-In-TCP" -ErrorAction SilentlyContinue | Select-Object Name, Enabled)) {
    
    
    Write-Output "Firewall Rule 'OpenSSH-Server-In-TCP' does not exist, creating it..."
    New-NetFirewallRule -Name 'OpenSSH-Server-In-TCP' -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22
} else {
    
    
    Write-Output "Firewall rule 'OpenSSH-Server-In-TCP' has been created and exists."
}

Connect to OpenSSH server

Once installed, you can connect to the OpenSSH server from a Windows 10 or Windows Server 2019 device with the OpenSSH client installed using PowerShell, as shown below. Be sure to run PowerShell as an administrator:

ssh username@servername

Once connected, you will receive a message that looks like this:

The authenticity of host 'servername (10.00.00.001)' can't be established.
ECDSA key fingerprint is SHA256:(<a large string>).
Are you sure you want to continue connecting (yes/no)?

After selecting Yes, the server is added to the list of known SSH hosts on the Windows client.
You will be prompted for your password at this point. As a security precaution, passwords are not displayed while they are being typed.
Once connected, you'll see the Windows Command Line Interface prompt:

domain\username@SERVERNAME C:\Users\username>