Scott Hanselman

How to SSH into a Windows 10 Machine from Linux OR Windows OR anywhere

March 10, '20 Comments [12] Posted in Linux | Open Source | Win10
Sponsored By

I've been shushing all over the place lately. I SSH into Linux from Windows using the built-in OpenSSH Client that Windows 10 has shipped for years that you didn't know about. ;) You don't need Putty to SSH with Windows (unless it makes you happy, then putty on, my friend.)

Adding OpenSSH Server to Windows

From an Administrative PowerShell I'll see what OpenSSH stuff I have enabled. I can also do this with by typing "Windows Features" from the Start Menu.

> Get-WindowsCapability -Online | ? Name -like 'OpenSSH*'

Name : OpenSSH.Client~~~~0.0.1.0
State : Installed

Name : OpenSSH.Server~~~~0.0.1.0
State : NotPresent

Looks like I have the OpenSSH client stuff but not the server. I can SSH from Windows, but not to.

I'll add it with a similar command with the super weirdo but apparently necessary version thing at the end:

Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0

Starting SSHD on Windows as a Service

Once this has finished (and you can of course run this with OpenSSH.Client as well to get both sides if you hadn't) then you can start the SSH server (as a Windows Service) with this, then make sure it's running.

Start-Service sshd
Get-Service sshd

Since it's a Windows Service you can see it as "OpenSSH SSH Server" in services.msc as well as set it to start automatically on Startup if you like. You can do that again, from PowerShell if you prefer

Set-Service -Name sshd -StartupType 'Automatic'

Remember that we SSH over port 22 so you'll have a firewall rule incoming on 22 at this point. It's up to you to be conscious of security. Maybe you only allow SSHing into your Windows machine with public keys (no passwords) or maybe you don't mind. Just be aware, it's on you, not me.

Now, from any Linux (or Windows) machine I can SSH into my Windows machine like a pro! Note I'm using the .local domain suffix to make sure I don't get a machine on my VPN (staying in my local subnet)

$ ssh scott@ironheart.local
Microsoft Windows [Version 10.0.19041.113]
(c) 2020 Microsoft Corporation. All rights reserved.

scott@IRONHEART C:\Users\scott>pwsh
PowerShell 7.0.0
Copyright (c) Microsoft Corporation. All rights reserved.

https://aka.ms/powershell
Type 'help' to get help.

Loading personal and system profiles took 1385ms.
⚡ scott@IRONHEART>

Note that when I SSH'ed into Windows I got the default cmd.exe shell. Remember also that there's a difference between a console, a terminal, and a shell! I can ssh with any terminal into any machine and end up at any shell. In this case, the DEFAULT was cmd.exe, which is suboptimal.

Configuring the default shell for OpenSSH in Windows

On my server (the Windows machine I'm SSHing into) I will set a registry key to set the default shell. In this case, I'll use open source cross platform PowerShell Core. You can use whatever makes you happy.

New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell -Value "C:\Program Files\PowerShell\7\pwsh.exe" -PropertyType String -Force

Now when I ssh into my Windows machine from elsewhere (even my iPad!) I get the shell I want:

$ ssh scott@ironheart.local
PowerShell 7.0.0
Copyright (c) Microsoft Corporation. All rights reserved.

https://aka.ms/powershell
Type 'help' to get help.

Loading personal and system profiles took 1854ms.
⚡ scott@IRONHEART>

Even better if I wanted to add a menu item (profile) to my Windows Terminal with an entry for my Windows Machine that would automatically log me into it from elsewhere using public keys, I could do that also!

Additionally, now that this is set up I can use WinSCP (available on the Window Store) as well as scp (Secure Copy) to transfer files.

Of course you can also use WinRM or PowerShell Remoting over SSH but for my little internal network I've found this mechanism to be simple and clean. Now my shushing around is non-denominational!


Sponsor: Have you tried developing in Rider yet? This fast and feature-rich cross-platform IDE improves your code for .NET, ASP.NET, .NET Core, Xamarin, and Unity applications on Windows, Mac, and Linux.

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb
Thursday, March 12, 2020 7:27:38 AM UTC
Hi Scott,

Another great post as always. Can you do a follow up on configuring public keys on the server for SSH?

I got stuck on that recently and couldn’t find any good docs.

Best,
Kevin.
Kevin Kuszyk
Thursday, March 12, 2020 7:06:11 PM UTC
I've been using PuTTY (and related tools, Pageant/Plink etc.) for my SSH needs on Windows for a long time now, especially for pushing Git commits to a remote repo. When OpenSSH finally become a first-class citizen in Windows, I really wanted to adopt it as I'd much prefer to be on more "standard" tooling. Since I mostly use my SSH capabilities for Git, I also heavily lean on the SSH Agent to remember my private key passphrase within my terminal session.

After initially setting everything up for OpenSSH, I stumbled across this: https://blog.ropnop.com/extracting-ssh-private-keys-from-windows-10-ssh-agent/

This is extremely concerning, is essentially a huge security flaw, and is basically a show-stopper for my adoption of OpenSSH in Windows. I've now reverted back to PuTTY/Pageant which only retains the private key passphrase in memory until the box is rebooted.

Is there any way we can get Windows's own OpenSSH Agent to only store private key passphrases in memory only and without persisting them anywhere?
Billy
Friday, March 13, 2020 12:41:27 AM UTC
Hello, Scott!

First of all let me thank you for such wonderful article! But I have two questions for you:

1. What you mean by shushing in the article? As non-english speaker I didn't get it... Is it SSHing actually? :)

2. Could you explain why would the command like "rundll32.exe user32.dll,LockWorkStation" doesn't work via OpenSSH server on Windows 10? I tried to call it from OpenSSH client but got no effect either via cmd shell and PowerShell. Locally it works well.

Thank you!
Alex
Friday, March 13, 2020 1:19:01 AM UTC
Microsoft Store: WinSCP is a popular *free* SFTP.... $9.99
Am I missing something? Since when is $9.99 free?
Byron Adams
Friday, March 13, 2020 5:03:58 AM UTC
For a developer or researcher it s not unusual to be working with several machines at the same time. Connecting remotely to servers or other workstations in a mixed OS environment is a common need. You can now connect from a Windows 10 system to Linux servers or workstations easily and you can go the other direction too. You can ssh into a Windows 10 machine from Linux or other Windows machines. For me personally this kind of connectivity is essential. I may be using 3 or 4 different machine at the same time and I always have several terminal s open. I typically work with Linux and Windows 10 (locally or remotely) at the same time. The interoperability between Linux and Windows 10 has become very good.
Friday, March 13, 2020 7:27:12 PM UTC
I want to link another post about how to solve public SSH Key permission problems in the Windows Server environment. :-)

https://medium.com/rkttu/set-up-your-ssh-server-in-windows-10-native-way-1aab9021c3a6

@Kevin Kuszyk I think this post can help your problem solved.
Friday, March 13, 2020 10:41:50 PM UTC
Well... I have to add that you forgot to say that OpenSSH Server operates only at session 0 without any interactive function as can be run as service only. So it's impossible to run the command such "rundll32.exe user32.dll,LockWorkStation" via SSH succesfully as LockWorkStation function requires Desktop session i.e. session 1, session 2, etc.

Bad thing actually.
Alex
Tuesday, March 17, 2020 3:56:26 AM UTC
Would you be able to write a blog on how you setup your windows machine for development? Thanks
Andy
Tuesday, March 17, 2020 11:57:25 AM UTC
Watch out. If you set the terminal to Powershell 7 and you don't have it installed into that path then you will get a "too many authentications error" from tools like PuTTY.

I managed to find this out by stopping the SSH service and running sshd.exe -d.
Ross
Wednesday, March 18, 2020 1:06:13 AM UTC
Ross, sshd.exe -d doesn't allow any incoming connections. For me, when I try to connect to sshd.exe -d I get the error "CreateProcessAsUserW failed error:1314
fork of unprivileged child failed"

How did you fix it? Or could you be more detailed please?


Thanks!

Alex
Sunday, March 22, 2020 8:06:13 AM UTC
Do you have any other blogs we can look at
Wednesday, March 25, 2020 6:42:47 PM UTC

finally i found what i was looking for, thank you
Comments are closed.

Disclaimer: The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.