There are many ways to remote in to a machine—some of them are secure, some of them are not. For the old school administrators, you can't beat secure shell for security. Unfortunately, the Windows platform doesn't include either a secure shell client or server. In order to connect to a machine via SSH (default port 22), the secure shell daemon must be present on the machine in question.

Thanks to the freeSSHd application, it is possible to set up a secure shell and secure ftp server on a Windows XP/Vista/7/Server machine and even have a handy GUI tool for the configuration of both services. Let's walk through the steps of getting an SSH server up and running on your Windows 7 machine.

What you'll need

• Windows-based desktop (or server)
• Admin access to open port 22 on either server or network

I included the admin access requirement in case there is an issue with your network passing port 22 through. If this happens, you will need to set up a rule to allow (or pass) the default SSH port into the target machine. If you cannot, you can always change to a non-standard port that you know is open.

Installing freeSSHd

Download and double-click the installation file. The installation is fairly straightforward except for these points:

• Private keys should be generated (you will be prompted during the installation), and
• Do not start freeSSHd as a system service (this will cause problems with the configuration and can cause security issues).

Once you follow all the steps in the wizard, freeSSHd will be installed.

Using freeSSHd

Since we're not running this as a system service, we have to start it manually by double-clicking the freeSSHd desktop icon. It will seem like nothing happened, but you should see a new icon in the system tray (Figure A).Figure A

The freeSSHd is in the bottom right corner.

Right click the system tray icon and select Settings. You should see a green check next to the SSH server and a red X next to the Telnet server (Figure B). That is exactly how it should look.Figure B

If you see a red X next to the SSH server, click the link labeled Click Here To Start It. (Click the image to enlarge.)

Your SSH server should be running now, but you have no means of authenticating a user. freeSSHd doesn't need (nor should have) access to your Active Directory information, so you'll want to set up a user who can access the machine. To do this, follow these steps:

1. Open the freeSSHd settings window.
2. Click the Users tab.
3. Click the Add button.
4. Fill out the necessary information in the User Properties dialog (Figure C) and click OK. You should be able to connect to your Windows machine using secure shell now.

Figure C

Be sure to enable the features to be allowed by the user. (Click the image to enlarge.)

So what can you do with this application? One nice feature of freeSSHd is the ability to use the scp command (secure copy); this allows you to securely move files to and from a machine. The scp command structure looks like this: scp filename:username@ADDRESS_TO_DESTINATION:filename (username is the username on the machine the file is to be copied to, ADDRESS_TO_DESTINATION is the IP address of the machine the file is to be copied to, and the filename is the name of the file to be copied).

Let's say you want to copy test.odt to jlwallen on a machine with an address of 192.168.100.74 (that machine will need to have a form of the secure shell daemon running as well). Here's how to execute this successfully:

1. Log in to your Windows machine via secure shell.
2. Issue the command scp test.odt jlwallen@192.168.100.74:test.odt.
3. Enter the remote user's password and let the file copy. If you go to the remote machine, you should see that file is in the user's home directory.

Conclusion

The ability to run a secure shell server on a Windows machine makes remote administration or use even easier than just adding a third-party solution such as LogMeIn or TeamViewer. When you don't need a full-blown GUI for remotes, you want to know you're getting in to your machine with at least a modicum of security—freeSSHd offers that in the true UNIX/Linux fashion. Slap this little beauty on one of your Windows machines, and see if it makes your life easier.

-->

The OpenSSH Client and OpenSSH Server are separately installable components in Windows Server 2019 and Windows 10 1809.Users with these Windows versions should use the instructions that follow to install and configure OpenSSH.

Note

Users who acquired OpenSSH from the PowerShell Github repo (https://github.com/PowerShell/OpenSSH-Portable) should use the instructions from there, and should not use these instructions.

Installing OpenSSH from the Settings UI on Windows Server 2019 or Windows 10 1809

OpenSSH client and server are installable features of Windows 10 1809.

To install OpenSSH, start Settings then go to Apps > Apps and Features > Manage Optional Features.

Scan this list to see if OpenSSH client is already installed. If not, then at the top of the page select 'Add a feature', then:

• To install the OpenSSH client, locate 'OpenSSH Client', then click 'Install'.
• To install the OpenSSH server, locate 'OpenSSH Server', then click 'Install'.

Once the installation completes, return to Apps > Apps and Features > Manage Optional Features and you should see the OpenSSH component(s) listed.

Note

Installing OpenSSH Server will create and enable a firewall rule named 'OpenSSH-Server-In-TCP'. This allows inbound SSH traffic on port 22.

Installing OpenSSH with PowerShell

To install OpenSSH using PowerShell, first launch PowerShell as an Administrator.To make sure that the OpenSSH features are available for install:

Then, install the server and/or client features:

Uninstalling OpenSSH

To uninstall OpenSSH using the Windows Settings, start Settings then go to Apps > Apps and Features > Manage Optional Features.In the list of installed features, select the OpenSSH Client or OpenSSH Server component, then select Uninstall.

To uninstall OpenSSH using PowerShell, use one of the following commands:

A Windows restart may be required after removing OpenSSH, if the service is in use at the time it was uninstalled.

Initial Configuration of SSH Server

To configure the OpenSSH server for initial use on Windows, launch PowerShell as an administrator, then run the following commands to start the SSHD service:

Initial use of SSH

Once you have installed the OpenSSH Server on Windows, you can quickly test it using PowerShell from any Windows device with the SSH Client installed.In PowerShell type the following command:

The first connection to any server will result in a message similar to the following:

The answer must be either “yes” or “no”.Answering Yes will add that server to the local system’s list of known ssh hosts.

You will be prompted for the password at this point. As a security precaution, your password will not be displayed as you type.

Once you connect you will see a command shell prompt similar to the following:

The default shell used by Windows OpenSSH server is the Windows command shell.