How to Enable OpenSSH Server in Windows 10

As you may already know, Windows 10 includes built-in SSH software - both a client and a server! In this article, we will see how to enable the SSH Server.

Note: The OpenSSH Server app will allow you to establish a connection to your computer using the SSH protocol. It won't allow you to access other computers on your network. To connect to other computers, you should install the OpenSSH Client.

With Windows 10, Microsoft has finally listened to its users after years of them requesting an SSH client and server. By including an OpenSSH implementation, the value of the OS increases.

At the moment of this writing, the OpenSSH software included in Windows 10 is at a BETA stage. This means it can have some stability issues.

The provided SSH server is similar to the Linux app. At first glance, it appears to support the same features as its *NIX counterpart. It is a console app, but it works as a Windows Service.

Let's see how to enable the OpenSSH server in Windows 10.

Enable the OpenSSH Server in Windows 10

  1. Open the Settings app and go to Apps -> Apps & features.
  2. On the right, click Manage optional features.Apps And Features Manage Optional Link Windows 10
  3. On the next page, click the button Add a feature.Add A Feature Button
  4. In the list of features, select OpenSSH Server and click on the Install button.Windows 10 Install SSH ServerWindows 10 Installing SSH Server
  5. Restart Windows 10.

This will install the OpenSSH Server software in Windows 10.

Its binary files are located under the folder c:\windows\system32\Openssh. Besides the SSH client apps, the folder contains the following server tools:

  • sftp-server.exe
  • ssh-agent.exe
  • ssh-keygen.exe
  • sshd.exe
  • and the config file "sshd_config".

The SSH server is configured to run as a service.

Sshd Service Windows 10

At the moment of this writing, it doesn't start automatically. You need to configure it manually.

How to Start the OpenSSH Server in Windows 10

  1. Double-click the sshd entry in Services to open its properties.
  2. On the "Log On" tab, see the user account which is used by the sshd server. In my case, it is NT Service\sshd.Sshd Service User Account Windows 10
  3. Now, open an elevated command prompt.
  4. Go to the c:\windows\system32\Openssh directory using the command cd c:\windows\system32\Openssh.
  5. Here, run the command ssh-keygen -A to generate security keys for the sshd server.Sshd Server Generate Keys
  6. Now, in the elevated command prompt, type explorer.exe . to launch File Explorer in the OpenSSH folder.
  7. Update: Microsoft has published a tutorial which makes the right assignment process very simple.
    Open PowerShell as Administrator and execute these commands:

    Install-Module -Force OpenSSHUtils
    
    Repair-SshdHostKeyPermission -FilePath C:\Windows\System32\OpenSSH\ssh_host_ed25519_key

    That's it! All the required permissions are set.

  8. Alternatively, you can perform these steps.
    Right-click the ssh_host_ed25519_key file and change its ownership to the sshd service user, e.g. NT Service\sshd.Sshd Change Key File Ownership
  9. Click "Add" and add the permission "Read" for the user "NT Service\sshd". Now, remove all other permissions to get something like this:Sshd Change Key File PermissionsClick "Apply" and confirm the operation.
  10. Finally, open Services (Press the Win + R keys and type services.msc in the Run box) and start the sshd service. It should start:
    Sshd Service Is Running
  11. Allow the SSH port in Windows Firewall. By default, the server is using port 22. Run this command in an elevated command prompt: netsh advfirewall firewall add rule name="SSHD Port" dir=in action=allow protocol=TCP localport=22Sshd Service Open Port For Microsoft has supplied the following alternative command for PowerShell:
    New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH Server (sshd)' -Service sshd -Enabled True -Direction Inbound -Protocol TCP -Action Allow -Profile Domain
  12. Finally, set a password for your user account if you don't have it.

Now, you can try it in action.

Connecting to the SSH Server in Windows 10

Open your ssh client. You can start it on the same computer, e.g. using the built-in OpenSSH client or start it from another computer on your network.

In the general case, the syntax for the OpenSSH console client is as follows:

ssh username@host -p port

In my case, the command looks as follows:

ssh winaero@192.168.2.96

Where winaero is my Windows user name and 192.168.2.96 is the IP address of my Windows 10 PC. I will connect to it from another PC, running Arch Linux.Windows 10 Connect To Built In Sshd Server 1

Finally, you are in!

Windows 10 Connect To Built In Sshd Server 2

The server runs classic Windows console commands, e.g. more, type, ver, copy.

Windows 10 Connect To Built In Sshd Server 3

But I cannot run FAR Manager. It appears black and white and broken:Windows 10 Connect To Built In Sshd Server 4

Another interesting observation: You can start GUI apps like explorer. If you are signed in to the same user account that you use for SSH, they will start on the desktop. See:

Windows 10 Connect To Built In Sshd Server 5

Well, the built-in SSH server is definitely an interesting thing to play with. It allows you to manage a Windows machine without installing tools like rdesktop on your Linux computer, or even changing Windows settings from a Linux computer which has no X server installed.

As of this writing, the built-in SSH server in Windows 10 is at a BETA stage, so it should get more interesting and become a useful feature in the near future.

Support us

Winaero greatly relies on your support. You can help the site keep bringing you interesting and useful content and software by using these options:

Bitcoin: 18amKj99FCPUfnnpqZ6XCG2h3TGeUTCeY7

8 thoughts on “How to Enable OpenSSH Server in Windows 10

  1. Herohtar

    The instructions here are very clear and organized; however, the service still wouldn’t start for me with just this. It kept complaining about the sshd user not having the correct permissions. I had to follow the “User Rights Assignment” step found here before the service would start. After that it worked great!

    Like or Dislike: Thumb up 0 Thumb down 0

    Reply
    1. Sergey Tkachenko Post author

      Thanks for pointing.
      Maybe I should add this to the article.

      Like or Dislike: Thumb up 0 Thumb down 0

      Reply
    2. Gabe

      Thank you for explanation! How to modify the User Rights Assignment option in Windows 10 without GPO like Home Home edition? Thank you!

      Like or Dislike: Thumb up 0 Thumb down 0

      Reply
      1. Gabe

        I found a cool script to enable gpo under Windows 10 Home! If anyone else needs it here we are

        https://www.itechtics.com/enable-gpedit-windows-10-home/

        Like or Dislike: Thumb up 0 Thumb down 0

        Reply
  2. Gabe

    Another question if possible: how to modify the sshd config file for allow auth with key file only? I would like to connect just with the public / private key and disable the username/password login. Thank you!

    Like or Dislike: Thumb up 0 Thumb down 0

    Reply
  3. Junbo

    I have a question about GUI app. I opened sshd service, and connect it from a Linux machine ssh client. I run “notepad” command, the process would been started, and could find it in task manager. But I could not saw the notepad window. Do you know how to configure it? Thank you very much.

    Like or Dislike: Thumb up 0 Thumb down 0

    Reply
    1. Sergey Tkachenko Post author

      Currently, I have no idea how to specify the session for the sshd server.
      Also, as you could notice from my post, the behavior you’ve described is the default behavior for my instance.
      I don’t know why. There are no documentation which could explain this thing at this moment.

      Like or Dislike: Thumb up 0 Thumb down 0

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *