/ Insights / Getting Started with SSH on Windows Server 2019 Insights Getting Started with SSH on Windows Server 2019 February 8, 2019 ConcurrencyNew to Windows Server 2019 is the OpenSSH Client and Server capability that can be enabled with PowerShell. This feature was originally introduced with the 1804 release of Windows 10 and has since been added into Windows Server 2019. The configuration of the SSH Server feature entails installing the capability and enabling the services. You also have the option of setting the default SSH shell to PowerShell as opposed to CMD.Although installing and configuring SSH may not benefit a traditional Windows admin too much, it would be very useful in an environment where you’re running Windows Server without a GUI. Additionally, if you have a mixed Linux/Windows environment, using SSH would allow for a more uniform experience across the platforms.Installing SSH and Configuring ServicesThe first step is to install the SSH component using the command:Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0That should be run in a PowerShell window as administrator. Once the installation succeeds, the Windows services need to be configured for automatic start and started up. By default, these services are not enabled or started up. Again, run these in PowerShell as administrator:Set-Service sshd -StartupTypeAutomatic Set-Service ssh-agent -StartupTypeAutomatic Start-Service sshdStart-Service ssh-agentNow, you should have a basic, working SSH service running on your server. Wasn’t that easy! To test, try connecting to the server from your workstation using SSH. If you want to use the built-in OpenSSH client software in Windows 10, you can install it with this command:Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0Once that’s done, connect with the command:ssh username@domain@servername#For example, to connect to a server named cntsapp01 as adminuser on the contoso.com domain, use:ssh adminuser@contoso.com@cntsapp01Here, I’m connecting as the user da_mgrande in the domain MGLAB. The connection process requires you to accept the remote server’s SSH Server key and then enter your password.Alternately, you can use any SSH client to connect such as PuTTY. Simply ensure you use the username@domain format when prompted for the username.Once connected, you should get a new, clean command prompt. You can verify that you’re connected to the remote server with the hostname command.The hostname command here shows MGLABAPP19-01 – the test server that I connected toIf you have issues connecting, ensure SSH port 22 is allowed through any network firewalls protecting the server. The OpenSSH service will automatically create an Allow rule in the local Windows Firewall.Optional: Changing Default Shell to PowerShellBy default, connecting to the SSH server will connect you to a CMD shell on the server. If you typically use PowerShell instead, you may want to switch the default shell over to PowerShell. You can do that with this command which sets the DefaultShell value in the registry at HKLM\Software\OpenSSH. Run this command on the server using PowerShell as Administrator.New-ItemProperty -Path “HKLM:\SOFTWARE\OpenSSH” -Name DefaultShell -Value “C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe” -PropertyType String -ForceAfter that, reconnect to the server, and you should be connected to a PowerShell prompt, instead of CMD. You can run any PowerShell command to verify that such as Get-ComputerInfo.SummaryAt this point, you have a working SSH server installed on Windows Server 2019. If you wanted to expand on this, you could add the OpenSSH server to your build process or base image, and use SSH to connect to all your new Windows servers.In another post, we cover how to enable key-based authentication. Key-based auth allows you to connect using a public/private key pair, just like is commonly done with Linux servers.
