Setup SSH Server on Windows 11

1. Install OpenSSH for Windows

The following information is provided by Microsoft (Get started with OpenSSH for Windows | Microsoft Learn).

Both OpenSSH components can be installed using Windows Settings.

To install the OpenSSH components:

1. Open Settings, select Apps, then select Optional Features.
2. Scan the list to see if the OpenSSH is already installed. If not, at the top of the page, select Add a feature, then:

• Find OpenSSH Client, then select Install
• Find OpenSSH Server, then select Install

Once setup completes, return to Apps and Optional Features and you should see OpenSSH listed.

To validate that OpenSSH Server has been installed, run the following command in a new PowerShell terminal window as an administrator:Get-WindowsCapability -Online | ? Name -like ‘OpenSSH.Ser*’

which should return the following information:

2. Configure OpenSSH Server

After installing the OpenSSH server on Windows, two services are added:

• ssh-agent (OpenSSH Authentication Agent) — can be used to manage private keys if you have configured SSH key authentication
• sshd (OpenSSH SSH Server).

You need to change the startup type of the sshd service to automatic. Open a new PowerShell terminal window as an administrator then enter:Set-Service -Name sshd -StartupType ‘Automatic’

then start the sshd service:Start-Service sshd

Check if sshd service is running and waiting for connections on port 22:netstat -nao | find /i ‘”:22″‘

which should return the following information:

Check if the firewall allows inbound connection to port 22:Get-NetFirewallRule -Name *OpenSSH-Server* |select Name, DisplayName, Description, Enabled

which should return the following information:

3. Change the default shell for OpenSSH for Windows to PowerShell

The following information is a tweak provided by Microsoft (OpenSSH Server configuration for Windows | Microsoft Learn) to change the default shell of SSH to PowerShell.

Open a new Powershell terminal window with administrator privilege (“Run as administrator”) then copy and paste the following which sets the default shell of SSH to PowerShell.New-ItemProperty -Path “HKLM:\SOFTWARE\OpenSSH” -Name DefaultShell -Value “C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe” -PropertyType String -Force

4. Get Your Local Account Information

If you are like me, you are probably using a Microsoft account (e.g., sung.kim@outlook.com) to sign in to Windows. You will need to use a local account to sign in to the SSH session. You can obtain your local account info by issuing the following command from either PowerShell or the Command Prompt:whoami

which returns, something like this (computer_name/local_account_username):INTELNUC01\sungkim

5. Test SSH Access from the Local Machine

You can test SSH from either Powershell or Command Prompt using “localhost”:ssh intelnuc01\sungkim@localhost

When prompted for the authenticity of the host enter “yes” as shown below:

When prompted for a password, enter your Microsoft account password.

6. Test SSH Access from the Remote Machine

You can test SSH from either Powershell or Command Prompt using the remote computer’s IP address:ssh intelnuc01\sungkim@192.168.1.100

Just like before, when prompted for the authenticity of the host enter “yes” and enter your Microsoft account password when prompted for password.

Few nice to-know information:

Here is a collection of nice-to-know information:

1. From the SSH session, you cannot start a WSL (Windows Subsystem for Linux) session if you have upgraded your WSL to version 1.0 or higher due to known limitations with Microsoft Store apps. You can check your WSL version by issuing the command ‘wsl — version’. I was hoping to change the default shell to Bash (and thus log into the WSL session), but it is not possible with the new version of WSL. Argh… Microsoft gives you the ‘systemd’ feature but takes away this one. For reference, see the ‘Release Notes for WSL in the Microsoft Store’ on Microsoft Learn, where the known issue is “Launching Windows Subsystem for Linux from session zero does not currently work (for example from an ssh connection)”.
2. Few nice to-know SSHD commands you can issues from PowerShell terminal window as an administrator:

Start-Service sshd
Stop-Service sshd
Restart-Service sshd

3. OpenSSH Server configuration file is located on c:\Programdata\ssh\sshd_config. To modify the file, open PowerShell terminal window as an administrator then issue the following command:start-process notepad C:\Programdata\ssh\sshd_config

I hope you have enjoyed this article. If you have any questions or comments, please provide them here.

Resources

The following resources were used in this article:

• Get started with OpenSSH for Windows | Microsoft Learn
• OpenSSH Server configuration for Windows | Microsoft Learn
• PowerShell remoting over SSH
• Release Notes for WSL in the Microsoft Store | Microsoft Learn