Since the end of the last year, Windows Server 2019 and Windows 10 Build 1809 includes OpenSSH Server and Client as supported Feature-on-Demand. In this post, I will try to install and configure the OpenSSH Server on Windows Server 2019.
Installing OpenSSH on Windows Server
Open PowerShell Prompt as Administrator and run the following command to see if the OpenSSH installed already:
Get-WindowsCapability -Online | ? Name -like 'OpenSSH*'
As you can see in the picture above, OpenSSH.Server still Not Present, You need to install it with the PowerShell command below:
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~~0.0.1.0
Example output for the command above:
Online : True
RestartNeeded : False
You may need to install all Windows Update before the server part would install (December 2018).
Start the OpenSSH server and make sure it starts up automatically using the command below:
Set-Service -Name sshd -StartupType 'Automatic'
You also need to configure the firewall port that you want to use for SSH.
Default Shell Prompt
The default prompt when you connected to Windows Server using SSH is cmd.exe. If you want to use PowerShell as your default Shell Prompt, you need to change the registry setting as below:
New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell -Value "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -PropertyType String -Force
OpenSSH Server Configuration
OpenSSH Server reads the configuration from %programdata%\ssh\sshd_config. You can use notepad or another editor to modify the value as you wish. If you already familiar with the SSH on Linux system, it would be easy to modify this OpenSSH configuration.
Below some configuration you can use/modify:
Specify which user/group to login via SSH:
AllowGroups "EXAMPLE\Domain Admins"
AllowUsers [email protected]
PermitRootLogin is not applicable in Windows. To deny administrators from logging in via SSH, use a DenyGroups directive: