OpenSSH is a tool for secure remote access via the SSH protocol. It encrypts all traffic, supports key-based authentication, and works on Windows, Linux, and macOS.
π‘ After setup, you can connect to your Windows PC like a Linux server:
ssh user@192.168.1.100
Requirements
- OS: Windows 10 (1809+), Windows 11, Windows Server 2019/2022
- Privileges: Administrator
- Network: Access to port 22 (local or remote)
Installation (3 ways)
Option 1: PowerShell (recommended)
# Run as Administrator
# Install OpenSSH server
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
# Verify installation
Get-WindowsCapability -Online | Where-Object Name -like 'OpenSSH*'
Option 2: DISM (alternative)
dism /Online /Add-Capability /CapabilityName:OpenSSH.Server~~~~0.0.1.0
Option 3: Via Settings (GUI)
- Settings β Apps β Optional features
- “Add a feature” β find “OpenSSH Server” β Install
Configure the service
# Run as Administrator
# Enable auto-start for sshd
Set-Service -Name sshd -StartupType Automatic
# Start the service
Start-Service sshd
# Check status
Get-Service sshd
# Verify port 22 is listening
netstat -ano | findstr :22
Firewall
# Check for OpenSSH rule
Get-NetFirewallRule -Name *OpenSSH-Server* | Select Name, Enabled
# If missing, create it
New-NetFirewallRule -Name sshd `
-DisplayName 'OpenSSH Server' `
-Enabled True `
-Direction Inbound `
-Protocol TCP `
-LocalPort 22 `
-Action Allow `
-Profile Any
Test connection
# From the same PC
ssh localhost
# From another device on the network
ssh <your_username>@<Windows_IP>
# Example:
ssh kirill@192.168.1.100
π‘ First connection will ask to confirm the host key fingerprint - type
yes.
Key-based authentication (recommended)
On the client (where you connect from)
# Generate key pair (if you don't have one)
ssh-keygen -t ed25519 -C "kirill@potatoenergy.ru"
# Copy public key to server
# For Windows server - manually:
type $env:USERPROFILE\.ssh\id_ed25519.pub
# Copy the output
On the server (Windows)
# Create .ssh folder in user profile
mkdir $env:USERPROFILE\.ssh -Force
# Create/edit authorized_keys
notepad $env:USERPROFILE\.ssh\authorized_keys
# Paste the public key (single line), save
# Set correct permissions (REQUIRED)
$acl = Get-Acl $env:USERPROFILE\.ssh\authorized_keys
$acl.SetAccessRuleProtection($true, $false)
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule(
$env:USERNAME, "Read", "Allow")
$acl.AddAccessRule($rule)
Set-Acl $env:USERPROFILE\.ssh\authorized_keys $acl
Disable password login (optional, for security)
# Edit config
notepad C:\ProgramData\ssh\sshd_config
# Find and change:
# PasswordAuthentication no
# PubkeyAuthentication yes
# Restart service
Restart-Service sshd
Config: useful settings
File: C:\ProgramData\ssh\sshd_config
# Allow only specific users
AllowUsers kirill admin
# Change port (if 22 is busy)
Port 2222
# Disable root login
PermitRootLogin no
# Inactivity timeout
ClientAliveInterval 300
ClientAliveCountMax 2
# Logging
LogLevel VERBOSE
After changes:
Restart-Service sshd
Troubleshooting
# Service won't start
β Check logs: Get-WinEvent -LogName "OpenSSH/Operational" -MaxEvents 10
# Port 22 not listening
β Check firewall: Get-NetFirewallRule -Name sshd
β Check service status: Get-Service sshd
# "Permission denied (publickey,password)"
β Verify permissions on authorized_keys (owner read-only)
β Ensure public key is pasted as one line, no line breaks
# Connected but no file access
β Check user permissions on Windows folders
β Try running terminal as Administrator on the client