Installing and Configuring OpenSSH on Windows Server 2019
Published Jan 09 2019 12:01 AM 192K Views
Microsoft

2023 Update.

 

You're better off looking at the following official documentation: https://learn.microsoft.com/en-us/windows-server/administration/openssh/openssh_install_firstuse

 

 

While I’ve never had a problem with PowerShell remoting for remote command line interaction with Windows Server, I’ve often found that it isn’t something that many systems administrators, especially those that work in heterogeneous environments, are entirely at ease with. I’ve lost count of the number of times that I’ve seen experienced admins RDP across to a box running Windows Server so that they can interact with the operating system through a command prompt.

 

Windows Server 2019 and the most recent version of Windows 10 include the ability to install both an SSH client and an SSH server. Because most of us work with heterogenous systems, we are familiar with SSH’ing into a server or device to perform admin tasks. Now that it’s available and easy to configure on Windows Server 2019, I find myself using SSH, rather than other remote connection methods, as my default method of remotely connecting to servers, be they proximate or running in Azure.

 

To get an SSH client onto Windows 10 or Windows Server 2019, without using 3rd party software or installing Windows Subsystem for Linux, use the PowerShell command:

 

Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0


To add an SSH client and SSH server to Windows Server 2019, use the following PowerShell commands:

 

Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0


I have found it useful to add both client and server capability to Windows Server. This is also useful if the server will function a jump box. Once you’ve added the capability, you need to do a few things to get the SSH server working before you’re ready to go.

 

If you’re intending to use key based, rather than password based, authentication, you should also run the following command on the server to install an OpenSSH related PowerShell module that includes tools to help you configure that functionality:

 

Install-Module -Force OpenSSHUtils -Scope AllUsers

I also recommend running the following PowerShell commands on the server to install the Nano text editor, which allows you to edit text files through an SSH session. If you’re going to use key based authentication rather than passwords, you’ll need to edit one of the config files (I’ll explain what you need to do a little later in the article):

 

Set-ExecutionPolicy Bypass
Iwr https://chocolatey.org/install.ps1 -UseBasicParsing | iex
choco install nano -y

The next thing you’ll need to do on your server is to configure the disabled ssh-agent service to automatically start and also configure the sshd service to automatically start. To do this, run the following PowerShell commands:

 

Set-Service -Name ssh-agent -StartupType ‘Automatic’
Set-Service -Name sshd -StartupType ‘Automatic’

The final step in getting SSH running on Windows Server 2019 is to run the following commands to start the relevant services:

 

Start-Service ssh-agent
Start-Service sshd

If you do all of this, you’ll be able to connect using password passed authentication from an SSH client using the syntax:

 

ssh username@hostname_or_IP_address

If you’re connecting to a domain account the format is

 

ssh username@domain@hostname_or_IP_address

The reality of SSH is that the vast majority of people that use it, use key based authentication rather than password based authentication. To get key based authentication working with Windows Server 2019’s SSH server, you’ll need to the following:

 

On the client change to the .ssh directory and run the command ssh-keygen accepting the defaults (you can change the name of the keys and provide a key password if you really want to, but that’s beyond the scope of this article)

 

Cd ~\.ssh\
Ssh-keygen

Doing this with the default values will create a public and private key. The private key will be id_rsa and the public key will be id_rsa.pub.

 

The next thing you should do is add your private key to your Windows security context. You can do this by running the following three commands:

 

Set-Service ssh-agent -StartupType ‘Automatic’
Start-service ssh-agent
Ssh-add ~\.ssh\id_rsa

Once you’ve done this, you’ll want to deploy your public key to the Windows Server 2019 server that you want to use SSH key based authentication with. To do this, perform the following steps (where chancellor is the name of the user account you’re configuring SSH key based authentication for):

 

Ssh chancellor@172.16.0.15 mkdir c:\users\chancellor\.ssh\
Scp c:\users\chancellor\.ssh\id_rsa.pub chancellor@172.16.0.15:C:\Users\Administrator\.ssh\authorized_keys

You’ll then need to run the following PowerShell command, located in that OpenSSHUtils PowerShell module I mentioned earlier, to configure some of the permissions for the authorized keys file. You might even want to SSH across to the server using password based authentication to do this:

 

Repair-AuthorizedKeyPermission C:\users\Chancellor\.ssh\authorized_keys

Because the PowerShell cmdlet doesn’t entirely work as it should, you’ll also need to run the following command as “NT SERVICE\sshd” should not have any permissions to the authorized_keys file (if it does, key based authentication doesn’t seem to work)

 

Icacls authorized_keys /remove “NT SERVICE\sshd”

The final step you’ll need to take requires you to edit the c:\ProgramData\ssh\sshd_config file, which you can do using the nano text editor and comment out the following lines (which are at the end of the file):

 

# Match Group administrators                                                   
#       AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys 

You may need to do this locally on the Windows Server 2019 box. Once this is done, you can restart the sshd service (restart-service sshd) and you will be able to connect from your client using key based authentication.

 

If you want to learn about advanced configuration options for OpenSSH server on Windows Server 2019, consult the following article: https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_server_configuration?...

Windows_Server_2019_OpenSSH.jpg

 

 

 

22 Comments
Microsoft

I've also posted a version of this on YouTube

Copper Contributor

Nice Doc!
Super to the point and easy to read.
I appreciate your contributions!

Copper Contributor

Thank you, @OrinThomas,

Your instructions worked perfectly even at the end where you instructed us to go back and set proper permissions for the server side authorized keys and also to comment out the two lines in the server side c:\ProgramData\ssh\sshd_config at the end.

 

I had followed the Microsoft Docs documentation but they left the last two parts out and it would not work. The documentation needs to be updated on the site: 

https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_keymanagement

 

Anyway, your article was complete and you are properly methodical and I thank you.

 

Iron Contributor

When I run the command similar to (swapping the my user account for Chancellor)

Repair-AuthorizedKeyPermission C:\users\Chancellor\.ssh\authorized_keys

I receive the message:

(location) is not in the profile folder of any user. Skip checking...

 

Any thoughts

Copper Contributor

Thanks @OrinThomas , a very useful report.

I needed a sftp server in mode chroot jail. So, I added the next lines to the file sshd_config, for that purpose . Here is the information for anyone who need it.

PermitTTY no
ChrootDirectory C:/my_path_for_root_sftp/%u
Copper Contributor

Just missed a step to restart the sshd service after updating the  c:\ProgramData\ssh\sshd_config file.

Copper Contributor
@emoldes that's exactly what I was looking for but it doesn't work on Windows. This ChrootDirectory with /%u this format is for Linux, right?
I want that each user who SFTP to the server goes to his unique home folder and on Linux you can use ChrootDirectory C:/PATH_to_root_folder/%u but in window you can setup only ChrootDirectory C:\PATH_to_root_folder\. If that's not correct can someone tell me solution for OpenSSH on Windows server. thanks.
 
Copper Contributor

@puscavnik 

The configuration for ChrootDirectory works ok. Here you are an example that I usually use. I hope this helps you.

emoldes_0-1588334408477.png

 

Microsoft

not able to install opensshpsutils module

Copper Contributor

I have struggled with the installation of OpenSSHUtils too

to solve this I have installed it using the following. 

 

Install-Module -Name OpenSSHUtils -RequiredVersion 0.0.2.0

 

Copper Contributor

How to browse and view the different versions available to install?

dhbcub: you used RequiredVersion 0.0.2.0 which is different from what OrinThomas used.

If I run the "Get-Module -ListAvailable" Or "Get-Module -All" I do get a list of items but OpenSSH is not listed anywhere.

 

Copper Contributor

We use OpenSSH(7.7 & 8.1) OS: Windows Server 2019 Standard.

From time to time, the service hangs - although the state of the service is running (in service management),

it stops listening on port 22.

In some cases, when trying to connect using telnet, we get a "black screen" without the local version string,

in other cases, telnet cannot connect at all. This can happen after a random time.

After restarting the service, it works normally.

Please find the configuration file and the related part of log below.

Thank you in advance.

 

Configuration file :

# Logging
SyslogFacility LOCAL0
LogLevel DEBUG3

# Authentication:
PermitRootLogin prohibit-password
StrictModes yes

PubkeyAuthentication no

AuthorizedKeysFile	.ssh/authorized_keys

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes

AllowTcpForwarding no

# override default of no subsystems
Subsystem	sftp	sftp-server.exe 

Match User Upload031
    ChrootDirectory D:\SFTP\Upload031
	
Match User Upload032
    ChrootDirectory D:\SFTP\Upload032
	
Match User Upload033
    ChrootDirectory D:\SFTP\Upload033
	
Match User Upload034
    ChrootDirectory D:\SFTP\Upload034
	
Match User Upload035
    ChrootDirectory D:\SFTP\Upload035
	
Match User Upload036
    ChrootDirectory D:\SFTP\Upload036
	
Match User Upload037
    ChrootDirectory D:\SFTP\Upload037
	
Match all
    ChrootDirectory D:\sftp_dump\

 

Log :

6152 2021-03-30 10:21:19.913 debug3: fd 5 is not O_NONBLOCK
6152 2021-03-30 10:21:19.913 debug3: spawning "C:\\openssh\\sshd.exe" -R
6152 2021-03-30 10:21:19.913 debug3: send_rexec_state: entering fd = 8 config len 5262
6152 2021-03-30 10:21:19.913 debug3: ssh_msg_send: type 0
6152 2021-03-30 10:21:19.944 debug3: send_rexec_state: done
7984 2021-03-30 10:21:19.975 debug1: inetd sockets after dupping: 4, 4
7984 2021-03-30 10:21:19.975 Connection from 192.168.XXX.XXX port 57853 on 10.XXX.XXX.XXX port 22
7984 2021-03-30 10:21:19.975 debug1: Local version string SSH-2.0-OpenSSH_for_Windows_8.1
7984 2021-03-30 10:21:19.975 error: kex_exchange_identification: Connection closed by remote host
6152 2021-03-30 10:21:19.991 debug3: fd 5 is not O_NONBLOCK
6152 2021-03-30 10:21:19.991 debug3: spawning "C:\\openssh\\sshd.exe" -R
6152 2021-03-30 10:21:20.007 debug3: send_rexec_state: entering fd = 9 config len 5262
6152 2021-03-30 10:21:20.007 debug3: ssh_msg_send: type 0
3808 2021-03-30 10:21:20.053 debug1: inetd sockets after dupping: 4, 4
3808 2021-03-30 10:21:20.053 Connection from 192.168.XXX.XXX port 57854 on 10.XXX.XXX.XXX port 22
3808 2021-03-30 10:21:20.053 debug1: Local version string SSH-2.0-OpenSSH_for_Windows_8.1
3808 2021-03-30 10:21:20.053 debug1: Remote protocol version 2.0, remote software version RebexSSH_1.0.6264.1
3808 2021-03-30 10:21:20.053 debug1: no match: RebexSSH_1.0.6264.1
3808 2021-03-30 10:21:20.053 debug2: fd 4 setting O_NONBLOCK
3808 2021-03-30 10:21:20.163 debug3: spawning "C:\\openssh\\sshd.exe" -y
3808 2021-03-30 10:21:20.163 debug2: Network child is on pid 7008
3808 2021-03-30 10:21:20.163 debug3: send_rexec_state: entering fd = 6 config len 5262
3808 2021-03-30 10:21:20.163 debug3: ssh_msg_send: type 0
3808 2021-03-30 10:21:20.210 debug3: send_rexec_state: done
3808 2021-03-30 10:21:20.210 debug3: ssh_msg_send: type 0
3808 2021-03-30 10:21:20.210 debug3: ssh_msg_send: type 0
3808 2021-03-30 10:21:20.210 debug3: preauth child monitor started
3808 2021-03-30 10:21:20.210 debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
3808 2021-03-30 10:21:20.210 debug3: send packet: type 20 [preauth]
3808 2021-03-30 10:21:20.210 debug1: SSH2_MSG_KEXINIT sent [preauth]
3808 2021-03-30 10:21:20.210 debug3: receive packet: type 20 [preauth]
3808 2021-03-30 10:21:20.210 debug1: SSH2_MSG_KEXINIT received [preauth]
3808 2021-03-30 10:21:20.210 debug2: local server KEXINIT proposal [preauth]
3808 2021-03-30 10:21:20.210 debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1 [preauth]
3808 2021-03-30 10:21:20.210 debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
3808 2021-03-30 10:21:20.210 debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com [preauth]
3808 2021-03-30 10:21:20.210 debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com [preauth]
3808 2021-03-30 10:21:20.210 debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
3808 2021-03-30 10:21:20.210 debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
3808 2021-03-30 10:21:20.210 debug2: compression ctos: none,zlib@openssh.com [preauth]
3808 2021-03-30 10:21:20.210 debug2: compression stoc: none,zlib@openssh.com [preauth]
3808 2021-03-30 10:21:20.210 debug2: languages ctos:  [preauth]
3808 2021-03-30 10:21:20.210 debug2: languages stoc:  [preauth]
3808 2021-03-30 10:21:20.210 debug2: first_kex_follows 0  [preauth]
3808 2021-03-30 10:21:20.210 debug2: reserved 0  [preauth]
3808 2021-03-30 10:21:20.210 debug2: peer client KEXINIT proposal [preauth]
3808 2021-03-30 10:21:20.210 debug2: KEX algorithms: diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group1-sha1 [preauth]
3808 2021-03-30 10:21:20.210 debug2: host key algorithms: ssh-dss,rsa-sha2-256,ssh-rsa-sha256@ssh.com,rsa-sha2-512,ssh-rsa,x509v3-sign-rsa-sha256@ssh.com,x509v3-sign-rsa,x509v3-sign-dss,ecdsa-sha2-nistp256 [preauth]
3808 2021-03-30 10:21:20.210 debug2: ciphers ctos: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,3des-cbc,twofish256-ctr,twofish192-ctr,twofish128-ctr,twofish256-cbc,twofish192-cbc,twofish128-cbc,twofish-cbc,blowfish-ctr,blowfish-cbc,arcfour256,arcfour128 [preauth]
3808 2021-03-30 10:21:20.210 debug2: ciphers stoc: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,3des-cbc,twofish256-ctr,twofish192-ctr,twofish128-ctr,twofish256-cbc,twofish192-cbc,twofish128-cbc,twofish-cbc,blowfish-ctr,blowfish-cbc,arcfour256,arcfour128 [preauth]
3808 2021-03-30 10:21:20.210 debug2: MACs ctos: hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
3808 2021-03-30 10:21:20.210 debug2: MACs stoc: hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
3808 2021-03-30 10:21:20.210 debug2: compression ctos: none,zlib,zlib@openssh.com [preauth]
3808 2021-03-30 10:21:20.210 debug2: compression stoc: none,zlib,zlib@openssh.com [preauth]
3808 2021-03-30 10:21:20.210 debug2: languages ctos:  [preauth]
3808 2021-03-30 10:21:20.210 debug2: languages stoc:  [preauth]
3808 2021-03-30 10:21:20.210 debug2: first_kex_follows 0  [preauth]
3808 2021-03-30 10:21:20.210 debug2: reserved 0  [preauth]
3808 2021-03-30 10:21:20.210 debug1: kex: algorithm: diffie-hellman-group-exchange-sha256 [preauth]
3808 2021-03-30 10:21:20.210 debug1: kex: host key algorithm: rsa-sha2-256 [preauth]
3808 2021-03-30 10:21:20.210 debug1: kex: client->server cipher: aes256-ctr MAC: hmac-sha2-256 compression: none [preauth]
3808 2021-03-30 10:21:20.210 debug1: kex: server->client cipher: aes256-ctr MAC: hmac-sha2-256 compression: none [preauth]
3808 2021-03-30 10:21:20.210 debug1: expecting SSH2_MSG_KEX_DH_GEX_REQUEST [preauth]
3808 2021-03-30 10:21:20.225 debug3: receive packet: type 34 [preauth]
3808 2021-03-30 10:21:20.225 debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received [preauth]
3808 2021-03-30 10:21:20.225 debug3: mm_request_send entering: type 0 [preauth]
3808 2021-03-30 10:21:20.225 debug3: mm_choose_dh: waiting for MONITOR_ANS_MODULI [preauth]
3808 2021-03-30 10:21:20.225 debug3: mm_request_receive_expect entering: type 1 [preauth]
3808 2021-03-30 10:21:20.225 debug3: mm_request_receive entering [preauth]
3808 2021-03-30 10:21:20.225 debug3: mm_request_receive entering
3808 2021-03-30 10:21:20.225 debug3: monitor_read: checking request 0
3808 2021-03-30 10:21:20.225 debug3: mm_answer_moduli: got parameters: 2048 2048 4096
3808 2021-03-30 10:21:20.225 debug3: Failed to open file:C:/ProgramData/ssh/moduli error:2
3808 2021-03-30 10:21:20.225 WARNING: could not open __PROGRAMDATA__\\ssh/moduli (No such file or directory), using fixed modulus
3808 2021-03-30 10:21:20.225 debug3: dh_new_group_fallback: requested max size 4096
3808 2021-03-30 10:21:20.225 debug3: using 4k bit group 16
3808 2021-03-30 10:21:20.225 debug3: mm_request_send entering: type 1
3808 2021-03-30 10:21:20.225 debug2: monitor_read: 0 used once, disabling now
3808 2021-03-30 10:21:20.225 debug3: mm_choose_dh: remaining 0 [preauth]
3808 2021-03-30 10:21:20.225 debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent [preauth]
3808 2021-03-30 10:21:20.225 debug3: send packet: type 31 [preauth]
3808 2021-03-30 10:21:20.272 debug2: bits set: 2055/4096 [preauth]
3808 2021-03-30 10:21:20.272 debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT [preauth]
3808 2021-03-30 10:21:20.569 debug3: receive packet: type 32 [preauth]
3808 2021-03-30 10:21:20.569 debug2: bits set: 2050/4096 [preauth]
3808 2021-03-30 10:21:20.616 debug3: mm_sshkey_sign entering [preauth]
3808 2021-03-30 10:21:20.616 debug3: mm_request_send entering: type 6 [preauth]
3808 2021-03-30 10:21:20.616 debug3: mm_request_receive entering
3808 2021-03-30 10:21:20.616 debug3: monitor_read: checking request 6
3808 2021-03-30 10:21:20.616 debug3: mm_answer_sign
3808 2021-03-30 10:21:20.632 debug3: mm_answer_sign: KEX signature 0000017C5ECCB7E0(276)
3808 2021-03-30 10:21:20.632 debug3: mm_request_send entering: type 7
3808 2021-03-30 10:21:20.632 debug2: monitor_read: 6 used once, disabling now
3808 2021-03-30 10:21:20.632 debug3: mm_sshkey_sign: waiting for MONITOR_ANS_SIGN [preauth]
3808 2021-03-30 10:21:20.632 debug3: mm_request_receive_expect entering: type 7 [preauth]
3808 2021-03-30 10:21:20.632 debug3: mm_request_receive entering [preauth]
3808 2021-03-30 10:21:20.632 debug3: send packet: type 33 [preauth]
3808 2021-03-30 10:21:20.632 debug3: send packet: type 21 [preauth]
3808 2021-03-30 10:21:20.632 debug2: set_newkeys: mode 1 [preauth]
3808 2021-03-30 10:21:20.632 debug1: rekey out after 4294967296 blocks [preauth]
3808 2021-03-30 10:21:20.632 debug1: SSH2_MSG_NEWKEYS sent [preauth]
3808 2021-03-30 10:21:20.632 debug1: expecting SSH2_MSG_NEWKEYS [preauth]
3808 2021-03-30 10:21:20.944 debug3: receive packet: type 21 [preauth]
3808 2021-03-30 10:21:20.944 debug1: SSH2_MSG_NEWKEYS received [preauth]
3808 2021-03-30 10:21:20.944 debug2: set_newkeys: mode 0 [preauth]
3808 2021-03-30 10:21:20.944 debug1: rekey in after 4294967296 blocks [preauth]
3808 2021-03-30 10:21:20.944 debug1: KEX done [preauth]
3808 2021-03-30 10:21:20.944 debug3: receive packet: type 1 [preauth]
3808 2021-03-30 10:21:20.944 Received disconnect from 192.168.XXX.XXX port 57854:11: Session closed [preauth]
3808 2021-03-30 10:21:20.944 Disconnected from 192.168.XXX.XXX port 57854 [preauth]
3808 2021-03-30 10:21:20.944 debug1: do_cleanup [preauth]
3808 2021-03-30 10:21:20.944 debug3: mm_request_receive entering
3808 2021-03-30 10:21:20.944 debug1: do_cleanup
3808 2021-03-30 10:21:20.944 debug1: Killing privsep child 7008

 

Copper Contributor

Experiencing a problem when running nano logged in remote to my server. The cursor is not updating its position at times, handling white space seems awkward with some glitches. When I run nano on the server logged into the console, it looks and behaves perfectly fine, the same way it has always performed for me on Fedora etc.

 

Could this have to do with the use of an incorrect version of OpenSSHUtils? The original command in the document failed for me, but the OpenSSHUtils 0.0.2.0 worked and installed.

Copper Contributor

I have tried my all ways to install OpenSSH server, But not sure why its getting not installed. No issue on installing the Client, but OpenSSH server not getting installed. Anyone help me out to get the pre requisites to install the same in Windows 2019 servers.

Jithinaak_0-1623224376214.png

 

Copper Contributor

@Jithinaak Most likely the issue is that the server has WSUS configured and when you are saying -Online it is trying to install from WSUS and it can't find it. There are a few ways to get passed that, you can look it up online

Copper Contributor

Q - if i install 

# Install the OpenSSH Client
Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0
# Install the OpenSSH Server
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0

but the version in 7.7.2.1 and i need the latest one

should i remove this feature and install portable or is there a way i can update the version to for example 8.6

what is the right way to keep it updated

Roni

Copper Contributor

@takoroni 

That is up to you . Theoretically this means you installed it on Windows Server 2019 or WIndows 10 and this should be updated via Microsoft updates as part of the operating system. The other version from GitHub ( portable)  is the one you have to install and update manually every time yourself. 

Copper Contributor

Great tutorial as I am completely new to Windows Powershell. 

When I enter the command 

Install-Module -Force OpenSSHUtils -Scope AllUsers

I get the following error message

 PackageManagement\Install-Package : No match was found for the specified search criteria and module name 'OpenSSHUtils'. Try Get-PSRepository to see all available registered module repositories.
At C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1:1809 char:21
+ ... $null = PackageManagement\Install-Package @PSBoundParameters
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (Microsoft.Power....InstallPackage:InstallPackage) [Install-Package], Exception
+ FullyQualifiedErrorId : NoMatchFoundForCriteria,Microsoft.PowerShell.PackageManagement.Cmdlets.InstallPackage

 

I have no idea what this means. 

Copper Contributor

@rsageofdunstable 

Looks like the package was pulled by the developer. Try to install earlier version as someone suggested , like 

 

Install-Module -Name OpenSSHUtils -RequiredVersion 0.0.2.0
Copper Contributor

i had a ticket  with Microsoft and they are not updating the SSH component with security updates ,

because it is not Microsoft component they are using the openssh ,

if we need a newer component then we need to download it form openssh site and deploy it diffidently

you need to install the package you downloded from openssh

Create folder c:\program files\openssh , copy contact to location.
run from folder
powershell.exe -ExecutionPolicy Bypass -File install-sshd.ps1

 

Copper Contributor

@roni tako 

I am not from Microsoft, so I can't be sure, but Windows server 2019 or windows 10 creator update and later have this as an optional component as part of windows. There is all openssh for windows on GitHub, which I think you are referring to.That one is not supported by Microsoft and installed by some PowerShell scripts and also newer version then the one that is part of windows.

Copper Contributor

some of the steps in this tutorial are outdated. I'd suggest you to have look at the "official" Microsoft documentation

https://learn.microsoft.com/en-us/windows-server/administration/openssh/openssh_install_firstuse?tab...

Co-Authors
Version history
Last update:
‎Aug 28 2023 05:13 PM
Updated by: