Difference between revisions of "windows ssh server guide"

From thelinuxwiki
Jump to: navigation, search
(sshd_config)
(intallation)
 
(7 intermediate revisions by one user not shown)
Line 1: Line 1:
 
==supported windows versions==
 
==supported windows versions==
 
OpenSSH can be used to connect Window 10 clients to Windows Server 2019. OpenSSH Client is available to install on Windows 10 build 1809 and later, while OpenSSH Server is available to install on Windows Server 2019 and later.
 
OpenSSH can be used to connect Window 10 clients to Windows Server 2019. OpenSSH Client is available to install on Windows 10 build 1809 and later, while OpenSSH Server is available to install on Windows Server 2019 and later.
==intallation==
+
==installation==
  
 
goto Settings, select Apps > Apps & Features > Manage Optional Features > Add a feature > OpenSSH Server > Install
 
goto Settings, select Apps > Apps & Features > Manage Optional Features > Add a feature > OpenSSH Server > Install
 
 
 
  
 
===sshd_config===
 
===sshd_config===
Line 31: Line 28:
  
 
RESTART ssh service after every change for it to take effect!!!
 
RESTART ssh service after every change for it to take effect!!!
 +
 +
for more complete instructions see [https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_server_configuration OpenSSH Server Configuration for Windows 10 1809 and Server 2019]
  
 
==service startup==
 
==service startup==
Line 41: Line 40:
  
 
also, start the service if you want to start using it.
 
also, start the service if you want to start using it.
 +
 +
==test/use it==
 +
 +
example...
 +
 +
$ ssh johnsmith@192.168.1.1
 +
<br>mydomain\johnsmith@myexamplehost C:\Users\johnsmith>
 +
 +
==public key auth==
 +
 +
windows version
 +
 +
this part was a beating. It didn't work out of the box.
 +
 +
error from ssh log file...
 +
11536 2022-08-26 17:58:35.947 debug1: attempt 1 failures 0 [preauth]
 +
11536 2022-08-26 17:58:35.963 debug1: userauth_pubkey: test pkalg ssh-ed25519 pkblob ED25519 SHA256:LJByW7AoXWuMQ1afasdfasdfasdcHLEckz73LkJ9opPo [preauth]
 +
11536 2022-08-26 17:58:35.963 debug1: trying public key file C:\\Users\\johnsmith\\.ssh\\authorized_keys
 +
11536 2022-08-26 17:58:35.963 Authentication refused.
 +
 +
 +
 +
For sshd-config do the following changes:
 +
 +
Comment this one:
 +
#Match Group administrators
 +
#      AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys
 +
Uncomment or add line to sshd_config:
 +
PubkeyAuthentication yes
 +
 +
Then open PowerShell as Admin and restart service:
 +
Restart-Service sshd
 +
 +
Then through GUI.
 +
For .ssh folder and authorized_keys file do the following:
 +
 +
Properties -> Security -> Advanced -> Disable inheritance -> Convert inherited permissions into explicit permissions on this object.
 +
Then delete all users(groups) except:
 +
System
 +
Administrators
 +
current user
 +
 +
[[category:winblows]]

Latest revision as of 15:33, 20 September 2022

Contents

supported windows versions

OpenSSH can be used to connect Window 10 clients to Windows Server 2019. OpenSSH Client is available to install on Windows 10 build 1809 and later, while OpenSSH Server is available to install on Windows Server 2019 and later.

installation

goto Settings, select Apps > Apps & Features > Manage Optional Features > Add a feature > OpenSSH Server > Install

sshd_config

edit sshd_config

location %programdata%\ssh\sshd_config i.e. C:\ProgramData\ssh\sshd_config

add allow and/or deny directive lines to the file

a simple example...

AllowUsers mydomain\johnsmith@*

this will allow the domain account johnsmith to ssh in from any IP address (due to the * after the @)

and because I hate Event viewer, I want ssh to log to a file

to configure, add or modify a line as follows...

SyslogFacility LOCAL0

then it logs to the directory %programdata%\ssh\logs or c:\ProgramData\ssh\logs\sshd.log file.

RESTART ssh service after every change for it to take effect!!!

for more complete instructions see OpenSSH Server Configuration for Windows 10 1809 and Server 2019

service startup

for automatic start on boot...

go to Computer Management > Services > OpenSSH SSH Server

set startup type to Automatic.

also, start the service if you want to start using it.

test/use it

example...

$ ssh johnsmith@192.168.1.1

mydomain\johnsmith@myexamplehost C:\Users\johnsmith>

public key auth

windows version

this part was a beating. It didn't work out of the box.

error from ssh log file...

11536 2022-08-26 17:58:35.947 debug1: attempt 1 failures 0 [preauth]
11536 2022-08-26 17:58:35.963 debug1: userauth_pubkey: test pkalg ssh-ed25519 pkblob ED25519 SHA256:LJByW7AoXWuMQ1afasdfasdfasdcHLEckz73LkJ9opPo [preauth]
11536 2022-08-26 17:58:35.963 debug1: trying public key file C:\\Users\\johnsmith\\.ssh\\authorized_keys
11536 2022-08-26 17:58:35.963 Authentication refused.


For sshd-config do the following changes:

Comment this one:

#Match Group administrators
#      AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys

Uncomment or add line to sshd_config:

PubkeyAuthentication yes

Then open PowerShell as Admin and restart service:

Restart-Service sshd

Then through GUI. For .ssh folder and authorized_keys file do the following:

Properties -> Security -> Advanced -> Disable inheritance -> Convert inherited permissions into explicit permissions on this object.
Then delete all users(groups) except:
System
Administrators
current user