OpenSSHfor Windows The OpenSSH website is located at www.openssh.com This website hosts a Windows installer package of Openssh for Windows that is actively maintained and current. The sshwindows package hasn't been maintained for a long timeand is woefully out of date. I've been rolling my ownversions of this installer for quite a while and figured others mightfind this useful as well. I'll walk you through installationand setup of the OpenSSH package forWindows. First download the latest version (or the version of your choice), and head to the bottom of the page for a quick walk-thru If you are looking for OpenSSH binaries for Windows 2000, XP, or 2003, head over to the OpenSSH installers for Windows 2000/XP/2003 pagefor links to the latest binaries that will work with those particular operating systems. If you are looking for older OpenSSH binaries that have been hosted on this site in the past, head over to the older OpenSSH installer page. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~NOTE~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ As was pointed out, the Windows OpenSSH installer could be even more useful to people if it had additional language support. To contribute, download Descriptions.zip. Open the zip and edit Descriptions.nsi and email the updated language descriptions (Descriptions.nsi) to me at admin<AT>mls-software.com with a note as to how you would like to be credited and I'll get that included in the release. First to respond will get the credit, and I'll cross languages off the list as they come in. Based on the download history, the following countries primary languages would be the most useful: China, Japan, India, Russia, Italy, Ukraine, Netherlands. Languages currently supported: German - creopard.de, Danish - Tox, Portuguese (Brazil) - HackerOrientado, Spanish - zaquintar, French - MirrorBrain, Chinese_Simple - Wair56. Thanks for your help.~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~NOTE~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ New Version OpenSSH 8.5p1-1 This is an updated OpenSSH 8.5p1-1 installer for both x86 and x64 binaries. This version includes ssh-sk-helper.exe, cygfido2-1.dll, and cygcbor-0.dll (which was missing last time) so I hope it provides Yubikey support (I have no way to test that) The random password that is generated WILL NOT work with Windows Server causing the service to be unable to start - you MUST REPLACE THAT PASSWORD WITH SOMETHING THAT MEETS THE COMPLEXITY REQUIREMENTS OF A SERVER. Frankly, that password should be replaced in all cases...but people tend to be lazy :-) Version Windows x86 Windows x64 OpenSSH 8.5p1-1 setupssh-8.5p1-1.exe SHA1=b280544abbfa5725486d5e3de6bc26c53cbf17d9 (Optional) Cygwin Source Files cygwin_source.32.85p1-1.zip SHA1=3e647607ebd382caeb519ee5b4beb4742d191d42 cygwin_source.64.85p1-1.zip SHA1=9d27016e2367195ee5b4349f0165f7f12e3633c0 (Optional) Installer Source Files installer_source_files.85p1-1.zip SHA1=6a39ab82bf8e61a39e4a0562ce70426d745ce527 Older Versions OpenSSH 8.4p1-2 This is an updated OpenSSH 8.4p1-2 installer for both x86 and x64 binaries. This version includes ssh-sk-helper.exe and cygfido2-1.dll so I hope it provides Yubikey support (I have no way to test that) The random password that is generated WILL NOT work with Windows Server causing the service to be unable to start - you MUST REPLACE THAT PASSWORD WITH SOMETHING THAT MEETS THE COMPLEXITY REQUIREMENTS OF A SERVER. Frankly, that password should be replaced in all cases...but people tend to be lazy :-) Version Windows x86 Windows x64 OpenSSH 8.4p1-2 setupssh-8.4p1-2.exe SHA1=18d54d8a551cdcb438e3316d43d830dda3eb1ff4 (Optional) Cygwin Source Files cygwin_source.32.84p1-2.zip SHA1=7bbd012931c4edac3bc219c6aa27278e3e114823 cygwin_source.64.84p1-2.zip SHA1=214aa4028efecd10ef74b59463bf6ae2e4ca4288 (Optional) Installer Source Files installer_source_files.84p1-2.zip SHA1=a6690427de2cb0e0e6bd1f04884efe3f975448b1 OpenSSH 8.4p1-1 This is an updated OpenSSH 8.4p1-1 installer for both x86 and x64 binaries. Happy Halloween! The random password that is generated WILL NOT work with Windows Server causing the service to be unable to start - you MUST REPLACE THAT PASSWORD WITH SOMETHING THAT MEETS THE COMPLEXITY REQUIREMENTS OF A SERVER. Frankly, that password should be replaced in all cases...but people tend to be lazy :-) Version Windows x86 Windows x64 OpenSSH 8.4p1-1 setupssh-8.4p1-1.exe SHA1=e94e203f40bcd1e1e63fda0dab8788f605df1eb8 (Optional) Cygwin Source Files cygwin_source.32.84p1-1.zip SHA1=e512607abaf716a17b303f978c30cbfbcc84f108 cygwin_source.64.84p1-1.zip SHA1=857a32a06c960a24dc2c9b0a6601132e69ef2a1c (Optional) Installer Source Files installer_source_files.84p1-1.zip SHA1=69c15a0ef4a252abd63154bc4b66cacc060bd82a OpenSSH 8.3p1-1 This is an updated OpenSSH 8.3p1-1 installer for both x86 and x64 binaries. The random password that is generated WILL NOT work with Windows Server causing the service to be unable to start - you MUST REPLACE THAT PASSWORD WITH SOMETHING THAT MEETS THE COMPLEXITY REQUIREMENTS OF A SERVER. Frankly, that password should be replaced in all cases...but people tend to be lazy :-) I have updated the libraries I'm using so now Chinese and Russian language translations should show up correctly. Version Windows x86 Windows x64 OpenSSH 8.3p1-1 setupssh-8.3p1-1.exe SHA1=e6a5b9d5a514cd5a9236ab746c8dc497a47d1cf1 (Optional) Cygwin Source Files cygwin_source.32.83p1-1.zip SHA1=9e4e38901f9b89a17478ba59186bff54abed9daf cygwin_source.64.83p1-1.zip SHA1=94e598d29f2744fa825786805abb14baf8f369bf (Optional) Installer Source Files installer_source_files.83p1-1.zip SHA1=6466b403394fd98de01fbd32d5bfa924f7d29356 OpenSSH 8.2p1-1 This is an updated OpenSSH 8.2p1-1 installer for both x86 and x64 binaries. The random password that is generated WILL NOT work with Windows Server causing the service to be unable to start - you MUST REPLACE THAT PASSWORD WITH SOMETHING THAT MEETS THE COMPLEXITY REQUIREMENTS OF A SERVER. Frankly, that password should be replaced in all cases...but people tend to be lazy :-) I also missed a file last time that caused you not to be able to connect to the sshd service running on your Windows system - that has been remedied (cygwin-console-helper.exe). I had hoped to fix Chinese and Russian language translations so they showed up correctly, however, there are some bugs in the unicode library that I updated/ported that I haven't fixed yet. Thanks to the Simon H. who sent me some clues on how to fix that issue. I should hopefully have this fixed by next rev. Version Windows x86 Windows x64 OpenSSH 8.2p1-1 setupssh-8.2p1-1.exe SHA1=6d423cf4b01332a84bdf558fa6f57105122139ee (Optional) Cygwin Source Files cygwin_source.32.82p1-1.zip SHA1=49733708b9b6e15fc9b634544236502134687ce6 cygwin_source.64.82p1-1.zip SHA1=469acd08d163dfb1da13cc511b917e9684defd0f (Optional) Installer Source Files installer_source_files.82p1-1.zip SHA1=997e3517ff934f6f2d41893704add7ed730eed43 OpenSSH 8.1p1-1 This is an updated OpenSSH 8.1p1-1 installer for both x86 and x64 binaries. The random password that is generated WILL NOT work with Windows Server causing the service to be unable to start - you MUST REPLACE THAT PASSWORD WITH SOMETHING THAT MEETS THE COMPLEXITY REQUIREMENTS OF A SERVER. Frankly, that password should be replaced in all cases...but people tend to be lazy :-) I tweaked the default firewall rules based on a suggestion from John B. Please note - for some reason the Chinese and Russian language translations aren't showing up in my drop down for languages. If anybody knows how to fix that...I'd take a hint. Also, the Russian language translations don't show up as Russian characters, I have strange symbols - as such, I don't know that the file I was provided actually is correct. Any Russian speakers care to review the Decriptions.nsi from the source file and provide some verification or update that would be appreciated. I use Notepad++ as my editor so please check out that file with that editor. Thanks! Version Windows x86 Windows x64 OpenSSH 8.1p1-1 setupssh-8.1p1-1.exe SHA1=9d6e5f5e36899ec4e8391c368c496796b36c8a62 (Optional) Cygwin Source Files cygwin_source.32.81p1-1.zip SHA1=1787f3f2de09b55d2904cfd6041040e9c327a56c cygwin_source.64.81p1-1.zip SHA1=8fcdfaf65bd655b7e64789f80da0ca406b07e5d8 (Optional) Installer Source Files installer_source_files.81p1-1.zip SHA1=de054b8dc29bf19407be14f49dea5859c3d85937 OpenSSH 8.0p1-2 This is an updated OpenSSH 8.0p1-2 installer for both x86 and x64 binaries. The random password that is generated WILL NOT work with Windows Server causing the service to be unable to start - you MUST REPLACE THAT PASSWORD WITH SOMETHING THAT MEETS THE COMPLEXITY REQUIREMENTS OF A SERVER. Frankly, that password should be replaced in all cases...but people tend to be lazy :-) I incorporated some suggestions from Bill S. Russian langauge translations added (anonymous contributor). Please note - for some reason the Chinese and Russian language translations aren't showing up in my drop down for languages. If anybody knows how to fix that...I'd take a hint. Also, the Russian language translations don't show up as Russian characters, I have strange symbols - as such, I don't know that the file I was provided actually is correct. Any Russian speakers care to review the Decriptions.nsi from the source file and provide some verification or update that would be appreciated. I use Notepad++ as my editor so please check out that file with that editor. Thanks! Version Windows x86 Windows x64 OpenSSH 8.0p1-2 setupssh-8.0p1-2.exe SHA1=4cdf9628aab704f2b086008857430456b2333a35 (Optional) Cygwin Source Files cygwin_source.32.80p1-2.zip SHA1=f3a73942fd957576f044df52c0cb51e9cbad5f42 cygwin_source.64.80p1-2.zip SHA1=b59ead95617474047680bad22b553ad31400cd9a (Optional) Installer Source Files installer_source_files.80p1-2.zip SHA1=55622d5efc5614720001d9033f93621710aa68fe OpenSSH 7.9p1-1 This is an updated OpenSSH 7.9p1-1 installer for both x86 and x64 binaries. The random password that is generated WILL NOT work with Windows Server causing the service to be unable to start - you MUST REPLACE THAT PASSWORD WITH SOMETHING THAT MEETS THE COMPLEXITY REQUIREMENTS OF A SERVER. Frankly, that password should be replaced in all cases...but people tend to be lazy :-) No new languages this release - more languages would be welcome. Version Windows x86 Windows x64 OpenSSH 7.9p1-1 setupssh-7.9p1-1.exe SHA1=64425b56f890cbf51ddf4a9292b02b06df70487e (Optional) Cygwin Source Files cygwin_source.32.79p1-1.zip SHA1=ceb6f1a8669f5693ac483c542cde7789f9bf5727 cygwin_source.64.79p1-1.zip SHA1=53f63865032025785bc3ade8801f4a1d95e91d82 (Optional) Installer Source Files installer_source_files.79p1-1.zip SHA1=6294c1741e30155adce2071f61c2bc419eb953e0 OpenSSH 7.8p1-1 This is an updated OpenSSH 7.8p1-1 installer for both x86 and x64 binaries. The random password that is generated WILL NOT work with Windows Server causing the service to be unable to start - you MUST REPLACE THAT PASSWORD WITH SOMETHING THAT MEETS THE COMPLEXITY REQUIREMENTS OF A SERVER. Frankly, that password should be replaced in all cases...but people tend to be lazy :-) No new languages this release - more languages would be welcome. Version Windows x86 Windows x64 OpenSSH 7.8p1-1 setupssh-7.8p1-1.exe SHA1=ef12f4c3148e95134614e2dd0a2b71cedb545027 (Optional) Cygwin Source Files cygwin_source.32.78p1-1.zip SHA1=f9aa5f8fb2cd4d98f3974ceedc7bb0e8287d5717 cygwin_source.64.78p1-1.zip SHA1=d1dc693ce9fce626b1490f2a553391af3faa25a8 (Optional) Installer Source Files installer_source_files.78p1-1.zip SHA1=70b71a8f9f8b3cab7a3e739d77026a75ec69227c OpenSSH 7.7p1-1 This is an updated OpenSSH 7.7p1-1 installer for both x86 and x64 binaries. The random password that is generated WILL NOT work with Windows Server causing the service to be unable to start - you MUST REPLACE THAT PASSWORD WITH SOMETHING THAT MEETS THE COMPLEXITY REQUIREMENTS OF A SERVER. Frankly, that password should be replaced in all cases...but people tend to be lazy :-) Finally, this release includes language support for Simplified Chinese - more languages would be welcome. Version Windows x86 Windows x64 OpenSSH 7.7p1-1 setupssh-7.7p1-1.exe SHA1=ec1e5644314a335b70b45bb6254ec63b8bd50dcb (Optional) Cygwin Source Files cygwin_source.32.77p1-1.zip SHA1=40f715eaedcdd0a22787e22b9e1dbdb59b8ca93a cygwin_source.64.77p1-1.zip SHA1=b09ffd951f53b167d5130aca325035a5ce99232e (Optional) Installer Source Files installer_source_files.77p1-1.zip SHA1=7c8c95be73ad1d97b2b03e98aeaf7757ea026b95 OpenSSH 7.6p1-1 This is an updated OpenSSH 7.6p1-1 installer for both x86 and x64 binaries. There was a major change to this release - for security reasons the password associated with the sshd_server account is randomly generated (instead of D0ntGu3$$M3). You may change the password during the install process, but it was brought to my attention that many people probably weren't changing the D0ntGu3$$M3 password and that was of course a HUGE security risk. Finally, this release includes language support for Spanish and French - more languages would be welcome. Version Windows x86 Windows x64 OpenSSH 7.6p1-1 setupssh-7.6p1-1.exe SHA1=31cdffb879ab73c8ecbcbccab6f3c0f882ab6548 (Optional) Cygwin Source Files cygwin_source.32.76p1-1.zip SHA1=42dbdbc82cca7471b88c422164b911c0951136e5 cygwin_source.64.76p1-1.zip SHA1=4a7dbecfa83bfa87e3005ee6a811b590c24fbf37 (Optional) Installer Source Files installer_source_files.76p1-1.zip SHA1=8409388f0d3ca1c1402d99d2f111ea84bb0dfae9 OpenSSH 7.5p1-1 This is an updated OpenSSH 7.5p1-1 installer for both x86 and x64 binaries. There was a major change to this release - for security reasons the server (sshd) MUST run with privilege seperation. As such, the installer and sshd_config file were updated to support this change. This brings with it a caveat - the installer has a default password for the sshd_server account (which is required for privilege seperation) - the password is D0ntGu3$$M3. YOU MUST PICK YOUR OWN PASSWORD FOR YOUR SYSTEM IF YOU ARE USING THE SERVER. I also changed the installer to install the server by default UNLESS you specify only the client via the installer or via a /clientonly=1 if you are using the command line switches. The rysnc command was also added to the binary directory. The final change was the removal of the pop-up windows that showed up during install - this change has been requested in the past and was requested again -- I have removed the windows as they just clutter things up. Finally, this release includes language support for German, Danish, and Portuguese (Brazil) - more languages would be welcome. Version Windows x86 Windows x64 OpenSSH 7.5p1-1 setupssh-7.5p1-1.exe SHA1=199ad10d578075dfe9651daa53e6f93cf6254486 (Optional) Cygwin Source Files cygwin_source.32.75p1-1.zip SHA1=0f458482df2da43e79327f1fb28a83fd8263e0b8 cygwin_source.64.75p1-1.zip SHA1=3d66606d20bb3b4b2e0a5c902978b9d2a7787b48 (Optional) Installer Source Files installer_source_files.75p1-1.zip SHA1=ccc1a10f0565b1579cc6124082a48ffda2d24d98 OpenSSH 7.4p1-1 This is an updated OpenSSH 7.4p1-1 installer for both x86 and x64 binaries. This release includes language support for German and Danish - more languages would be welcome. Includes a fix to the x86 install directory. Version Windows x86 Windows x64 OpenSSH 7.4p1-1 setupssh-7.4p1-1.exe SHA1=245a5999d3f4c944c7a0d7fbf460450f91efa6d9 (Optional) Cygwin Source Files cygwin_source.32.74p1-1.zip SHA1=cc1b4228d2ad410d1c35c4332d186d3b3f94bb4b cygwin_source.64.74p1-1.zip SHA1=1b80feab0a0551052ab06dd420755104ccfcf52c (Optional) Installer Source Files installer_source_files.74p1-1.zip SHA1=c3a2b9fc008302d78d24fb2f5271ab977ef8fc95 OpenSSH 7.3p1-2 This is an updated OpenSSH 7.3p1-2 installer for both x86 and x64 binaries. This includes a small fix to the uninstall $INSTDIR variable so a user selected installation directory is used (Thanks Jacob T for pointing out the error). Version Windows x86 Windows x64 OpenSSH 7.3p1-1 setupssh-7.3p1-2.exe SHA1=d2e8779040ad3e0c932f66bef03bc97a8f5bdda2 (Optional) Cygwin Source Files cygwin_source.32.73p1-2.zip SHA1=1ee0c9cc3d5588cb544922e237b73cec738081a6 cygwin_source.64.73p1-2.zip SHA1=ce9205bab22dab8f3d31e2711d2e3840bd4996ec (Optional) Installer Source Files installer_source_files.73p1-2.zip SHA1=9b2872d248df358a3783a0436c952b7e5088f0e7 OpenSSH 7.3p1-1 This is an updated OpenSSH 7.3p1-1 installer for both x86 and x64 binaries. This includes a small fix to the silent install $INSTDIR variable so a user selected installation directory is not overwritten. Version Windows x86 Windows x64 OpenSSH 7.3p1-1 setupssh-7.3p1-1.exe SHA1=ff5f2ea18e9f2728a2944e4d0940a68706aaf096 (Optional) Cygwin Source Files cygwin_source.32.73p1-1.zip SHA1=3634a90a51bc850b75b80b44ec9f7e8adfdb73fd cygwin_source.64.73p1-1.zip SHA1=749adcd99673e20eaad52978084c886cd87eea4f (Optional) Installer Source Files installer_source_files.73p1-1.zip SHA1=e416082bdc85633f2f9842992e7b4fd7df9cc5fa OpenSSH 7.2p2-1-v1 This is an updated OpenSSH 7.2p2-1-v1 installer (no changes to the version of OpenSSH) for both x86 and x64 binaries. I included an incorrect cygwin1.dll for x64 builds causing both ls.exe and mv.exe to fail. Version Windows x86 Windows x64 OpenSSH 7.2p2-1-v1 setupssh-7.2p2-1-v1.exe SHA1=4eff121021e5551dc762db3fb6d82ad9a989c2b5 (Optional) Cygwin Source Files cygwin_source.32.72p2-1-v1.zip SHA1=50e22b1e6c365345e22c4b75f94a286d0557493f cygwin_source.64.72p2-1-v1.zip SHA1=1cfff3a5f65166652c02a8f5247fe9936efe9f85 (Optional) Installer Source Files installer_source_files.72p2-1-v1.zip SHA1=9a4c14b4d0c2e89dbd1d7cc1030093525cb8b5e9 OpenSSH 7.2p2-1 This is an updated OpenSSH 7.2p2-1 installer for both x86 and x64 binaries. Version Windows x86 Windows x64 OpenSSH 7.2p2-1 setupssh-7.2p2-1.exe SHA1=5cf36aa793c0116d9bba765ae6152531e14772f4 (Optional) Cygwin Source Files cygwin_source.32.72p2-1.zip SHA1=982f7a1067da70928fb2cccc6fd5ada57a192734 cygwin_source.64.72p2-1.zip SHA1=5070caf339ae81ab6379deee2696e84fe343d72e (Optional) Installer Source Files installer_source_files.72p2-1.zip SHA1=cbd868e9517ca4ef334f319e86c2099e04fc6e5b OpenSSH 7.2p1-1 This is an updated OpenSSH 7.2p1-1 installer for both x86 and x64 binaries. I made a couple small tweaks - spaces are allowed in the service password and using large passwords should not cause a prompt. Version Windows x86 Windows x64 OpenSSH 7.2p1-1 setupssh-7.2p1-1.exe SHA1=a2b26af4613e66ca3d779c9bf1eb7f787ada6c69 (Optional) Cygwin Source Files cygwin_source.32.72p1-1.zip SHA1=909e221c6d8c25937882650720b3f9489bef1322 cygwin_source.64.72p1-1.zip SHA1=dc8dbb0c5cb068e733625625fbaecbbbd6312cac (Optional) Installer Source Files installer_source_files.72p1-1.zip SHA1=54f38a2fc84b5fb7c17316c0b54a057570248fe1 OpenSSH 7.1p2-1 This is an updated OpenSSH 7.1p1-1 installer for both x86 and x64 binaries. I also took this opportunity to clean up the files to only the minimal dependencies. Let me know if you run into any missing file warnings. Version Windows x86 Windows x64 OpenSSH 7.1p2-1 setupssh-7.1p2-1.exe SHA1=2f304d562e8b9c7c81c0fac80fa939c730165b53 (Optional) Cygwin Source Files cygwin_source.32.71p2-1.zip SHA1=4de4bb82937b46bf8964b4c9a47b346dbac5eb54 cygwin_source.64.71p2-1.zip SHA1=9a0f7b94e1686458e310dc72df8436e49d24c6a7 (Optional) Installer Source Files installer_source_files.71p2-1.zip SHA1=6493ce40ac5c89df836fff128132e54a9cd0438e OpenSSH 7.1p1-1 This is an updated OpenSSH 7.1p1-1 installer for both x86 and x64 binaries. Version Windows x86 Windows x64 OpenSSH 7.1p1-1 setupssh-7.1p1-1.exe SHA1=131e027050fb8b985f564e6b5c3b0d054d703dbb (Optional) Cygwin Source Files cygwin_source.32.71p1-1.zip SHA1=e5ba369adeb9edadae40a749373eb16ae9f1341a cygwin_source.64.71p1-1.zip SHA1=d94b3d9a56a7741aa130af6a7157b64ade0d9c40 (Optional) Installer Source Files installer_source_files.71p1-1.zip SHA1=26d70ce5da4961b5a13af2aa3d5b9b384ad214be Once you've downloaded the executable, start it up to be greeted withthe OpenSSH splash screen followed by the welcome and license screen. You can select the defaults all the way through theinstallation process if desired - these should work for mostintallations: The first point where you get to make some choices is the choosecomponent dialog. Select Client - to install the sshclient command line tools (if you want to connect to other ssh servers Server - to install the ssh server command line application (if youwant to provide an ssh server for others to connect to) Start Menu Shortcuts - a few start menushortcuts Thenext screen that requires some explanation is the 'Choose account underwhich to execute SSHD'. The SSH Daemon (SSHD) can run aseitherLocal_System or SSHD_Server. If you are using Windows Server (2003/2008/2008R2/etc.)youwill likely have to run this as SSHD_Server, however all others shouldbe able to run this as Local_System. The default passwordthat isfilled in for you is 'D0ntGu3$$M3' - I would recommend changing it! You can change thislater byusing the Services Control Panel. If you choose 'Run as SSHD_Server', then you will be presented with theprivilege seperation option. In general, itshould be OK to not use priviledge seperation unless you are runningWindows 2003. Ifyou are running the sshd server, select the port. The defaultport for ssh is 22, however you may select whatever you want (but thenyou'll have to pass that in as on -p option when you connect) You may now select the keysize. The default keysize of 2048 is probably sufficient, however ifyou are truly concerned about your network privacy 4096 would be a good next choice. You canconfigure ssh for either local users or domain users. Thisdetermines how the password file is setup and you should probablychooseLocal users. OpenSSH will begin to install and configure itself for your system. At this point, openssh is setup and configured for your system. Totry this out, open up a command prompt (cmd.exe) and try: ssh -v (For OpenSSH 6.3 and below) ssh -V (For OpenSSH 6.4 and above) which will show you the version information. If youinstalled the openssh server, it will start automatically after theinstallation completes. You may also open up a command prompt with administratorpriviledges and try: net start opensshd which should cause the opensshd daemon service to start To stop the service (if/when you want to): net stop opensshd You can also stop/start the openssh service from the Services controlpanel applet. If you experience problems with the service, look in /var/log as itmight have a clue why the service is failing to start. The original source code for sshwindowscame from SourceForge.net.

OpenSSH Download. OpenSSH is available for source code download at the project website as well as on various operating systems and distribution-specific package management systems. Downloading and compiling the source code suits certain audiences (software developers. They can be found at These daily snapshots of the source tree are provided for convenience only and not even guaranteed to compile. These daily snapshots of the source tree are provided for convenience only and not even guaranteed to compile.

Summary

The integration of SSH has been a popular request among Windows users and SSH presents a renewed vision for remoting. Microsoft’s goal is to tightly integrate the open source Secure Shell (SSH) protocol with Windows and PowerShell. As a result, admins now have two-way remote management with PowerShell and SSH, from Linux to Windows and vice versa. We will also see that system administrators will be able to manage Linux servers, routers, switches, and other devices that allow for SSH. Realizing this vision is important as it allows traditional Windows and Linux admins to manage any operating system with a common skill set plus allowing for cross-platform code and scripts. What’s more, we see that configuration automation through Azure DSC can be leveraged for both Windows and Linux operating systems. Depending on the task, we can run the exact same PowerShell Core code on all platforms. Presently, there are caveats, limitations and the technology is continuing to evolve so keeping up to date is necessary. What this means for managing Office 365 in the future is also a question this author would like to know. Though, OpenSSH has arrived to the Windows OS after many years in development, and it’s still a work in progress as Microsoft’s PowerShell team is contributing to the development efforts of the open source OpenSSH community. This article will provide a step by step procedure for installing & configuring the new OpenSSH Server and client and also provide an explanation of the PowerShell remoting architecture as context. The article will cover remoting scenarios and steps however a walk-through for configuring Linux will not be part of this article.

Problem

1. Microsoft is transitioning to “PowerShell Core” and cross-OS compatibility, while moving away from “Windows PowerShell”. Microsoft recently explained its “Windows PowerShell” roadmap plans, which will focus on “PowerShell Core”, going forward.
2. There are now two editions of PowerShell called “Windows PowerShell” & “PowerShell Core”. However, there are no plans to introduce new functionality to “Windows PowerShell”.
3. PowerShell remoting normally uses WinRM for connection negotiation and data transport, which is not supported in .NET Core so SSH was chosen for remoting since it allows true multi-platform remoting.
4. Admins will be required to learn new remoting commands, use-cases and will need to update scripts.
5. OpenSSH has to be installed and configured manually on both the server and client.
6. Based on the various articles, there are a couple different ways to get SSH installed and configured on Windows OS.
7. The install and configuration process can be a bit involved and has proven to be difficult for some administrators.
8. Updated New-PSSession, Enter-PSSession and Invoke-Command cmdlets now have a new parameter set to facilitate the new remoting connections. Evolving cmdlets means admins must understand the differences and update their scripts at some point.

PowerShell Remoting Architecture

OpenSSH is a freely available collection of client/server utilities that enable secure remote login, remote file transfer, and public/private key pair management. As part of the OpenBSD project, the Secure Shell (SSH) protocol family of tools were developed and has been used for many years across the BSD, Linux, macOS, and Unix ecosystems. Back in 2015, the Microsoft PowerShell team announced support and commitment to the OpenSSH community and code base. This commitment resulted in direction and architectural changes for PowerShell.

Microsoft’s solution for PowerShell remoting was Windows Remote Management (WinRM) which handles remote connection negotiation and data transport by means of the WS-Management Protocol, which is based on SOAP (Simple Object Access Protocol). WinRM is an implementation of the Web Services for Management (WS-Man) specification, which takes advantage of firewall-friendly HTTP (TCP port 5985) or HTTPS (TCP port 5986) protocols to establish the communications channel.

Although Windows PowerShell users are used to WinRM as their remoting protocol with PowerShell, both customers and internal Microsoft product teams wanted to enable Windows to use SSH. The ability to use SSH provides a common user experience for Linux users to connect to Windows systems remotely and vice versa. SSH will likely become the remoting protocol of choice for Windows users and as part of the future direction of all Microsoft applications.

Given Microsoft’s new cross platform vision, the WinRM service is now considered limited by being Windows-specific. WinRM is not yet available as part of multi-platform PowerShell Core therefore, SSH was chosen for the remoting implementation since it is now available for both Linux and Windows platforms and allows multi-platform PowerShell remoting. Of note, the PowerShell team has configured the Linux PowerShell engine to do WS-Man remoting. Linux supports WS-Man remoting through PowerShell Remoting Protocol (MS-PSRP) and with the Open Management Infrastructure (OMI) provider. Installation of both OMI and the OMI provider on Linux is required for PowerShell remoting. Currently, PowerShell Core supports PowerShell Remoting (PSRP) over WSMan with Basic authentication on macOS and Linux, and with NTLM-based authentication on Linux. (Kerberos-based authentication is not supported.)

PuTTY on Windows is the most common SSH client utility, as it allows a Windows user to SSH into a Linux system. There are other third-party SSH server solutions for Windows, however an integrated Microsoft solution will allow for further application integration, extended functionality and support.

Installing OpenSSH

Installing OpenSSH package Option 1) Manually from Github

1. Download the latest build of OpenSSH from a web browser.
2. Otherwise, download the latest build in an elevated PowerShell console, run the following:
   • Invoke-WebRequest https://github.com/PowerShell/Win32-OpenSSH/releases/download/v1.0.0.0/OpenSSH-Win64.zip -OutFile openssh.zip
3. Extract contents of the latest build to C:Program FilesOpenSSH
4. Otherwise, you can extract the zip file in an elevated Powershell console, run the following:
   • Expand-Archive .openssh.zip 'C:Program Files'
   • Verify the sub-directory name, as the command will create “OpenSSH-Win64”
5. Launch PowerShell as an Administrator and go to the directory where the files have been extracted to:
   • cd 'c:Program FilesOpenSSH'
6. In an elevated PowerShell console, run the following
   • powershell.exe -ExecutionPolicy Bypass -File install-sshd.ps1
7. Open the firewall for sshd.exe to allow inbound SSH connections
   • New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22
8. If you are running these commands on Windows 10, run the command
   • netsh advfirewall firewall add rule name=sshd dir=in action=allow protocol=TCP localport=sshd
9. Start the windows service sshd (this will automatically generate host keys under %programdata%ssh if they don’t already exist)
10. Run the command: Start-Service sshd
11. Migrate sshd configuration:
    • To use existing customized sshd_config, you need to copy it from binary location to %programdata%sshsshd_config (Note that %programdata% is a hidden directory).
    • To use existing host keys, you need to copy them from binary location to %programdata%ssh
    • Prior versions required SSHD resources (sshd_config, host keys and authorized_keys) to have READ access to “NT ServiceSSHD”. This is no longer a requirement and the corresponding ACL entry should be removed. Run Powershell.exe -ExecutionPolicy Bypass -Command '. .FixHostFilePermissions.ps1 -Confirm:$false'(Note the first “.” is a call operator.) to fix up these permissions.
12. Change the services sshd and ssh-agent to auto-start
    • Set-Service sshd -StartupType Automatic
    • Set-Service ssh-agent -StartupType Automatic
13. Verify the change in the GUI and check for the services sshd & ssh-agent with: services.msc
14. Configure the default ssh shell by running regedit.exe
15. On the server, configure the default ssh shell in the windows registry by navigating to the key: ComputerHKEY_LOCAL_MACHINESOFTWAREOpenSSH
16. Create a key called “DefaultShell” of type “REG_SZ”
17. Enter the string value as “C:windowssystem32WindowsPowerShellv1.0powershell.exe”
18. If PowerShell core is installed, then the string value will be “c:Program FilesPowerShell6.0.1pwsh.exe” (assuming version 6.0.1 however verify your installed version.)

Installing OpenSSH package Option 2) using PowerShell

Name : OpenSSH.Client~~~~0.0.1.0
State : NotPresent
Name : OpenSSH.Server~~~~0.0.1.0
State : NotPresent


Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0


Path :
Online : True
RestartNeeded : False


Installing the OpenSSH package Option 3) using Chocolatey

1. There are multiple ways to install OpenSSH on Windows. Chocolatey automates a few of the tasks.
2. Open PowerShell command prompt (or cmd.exe) as Administrator
3. If Chocolatey is not installed, follow the steps documented on the chocolatey.org site
4. Run the command: choco install openssh -params ‘”/SSHServerFeature /KeyBasedAuthenticationFeature”‘ –y

Openssh Source Download Pc

Installing OpenSSH package Option 4) using DISM.exe

Capability Identity : OpenSSH.Client~~~~0.0.1.0
Capability Identity : OpenSSH.Server~~~~0.0.1.0

dism /Online /Add-Capability /CapabilityName:OpenSSH.Client~~~~0.0.1.0
dism /Online /Add-Capability /CapabilityName:OpenSSH.Server~~~~0.0.1.0

Installing OpenSSH package Option 5) using Windows Developer Mode

Windows Develop Mode is not Microsoft’s OpenSSH implementation. Do not install SSH this way. SSH services are enabled when you enable Device Discovery on your device. This is used when your device is a remote deployment target for UWP applications. The names of the services are ‘SSH Server Broker’ and ‘SSH Server Proxy’. The existing SSH server used in Windows Developer Mode is not yet protocol compliant.

Installing OpenSSH package Option 6) using Enable-SSHRemoting PowerShell Core Cmdlet

This feature is a roadmap item as part of the PowerShell Core documentation published on github here. Once this feature is beta or fully released, it will be explained in more detail in this article.

Windows Client Configuration Steps

Client Authentication Option 1) Password-based authentication

1. Test the ssh command line by opening PowerShell command prompt (or cmd.exe) as Administrator.
2. Run the command but replace your “user-account” and “remotehost”: ssh user-account@remotehost

Client Authentication Option 2) Key-based authentication

Authenticating via SSH is more secure with a key than a password, therefore, these steps are required. To set up a key, you have to generate it from your client and provide a passphrase. The defaults “id_rsa” are used as the file and RSA as the type.

Generating public/private ed25519 key pair.
Enter file in which to save the key (C:Usersuser1.sshid_ed25519):

Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in C:Usersuser1.sshid_ed25519.
Your public key has been saved in C:Usersuser1.sshid_ed25519.pub.
The key fingerprint is:
SHA256:OIzc1yE7joL2Bzy8/gS0j8eGK7bYaH1FmF3sDuMeSj8 USER@HOSTNAME
The key's randomart image is:
+--[ED25519 256]--+
| . |
| o |
| . + + . |
| o B * = . |
| o= B S . |
| .=B O o |
| + =+% o |
| *oo.O.E |
|+.o+=o. . |
+----[SHA256]-----+


ssh --% USER@DOMAIN.com powershell -c $ConfirmPreference = 'None'; Repair-AuthorizedKeyPermission 'C:Usersuser1sshauthorized_keys'

Windows Server Configuration Steps of OpenSSH Server (sshd)

1. RDP into the Windows Sever as an administrator
2. Launch PowerShell command prompt (or cmd.exe) as Administrator
3. Verify that PowerShell Core has been installed with the command: $PSVersionTable
4. Check that PSEdition says “Core”, with the PSVersion at least 6.0.0.
5. Update the Windows Server Enviroment Variables Path:
   • ($env:path).split(“;”)

   • $oldpath = (Get-ItemProperty -Path ‘Registry::HKEY_LOCAL_MACHINESystemCurrentControlSetControlSession ManagerEnvironment’ -Name PATH).path

   • $newpath = “$oldpath;C:Program FilesOpenSSH”

   • Set-ItemProperty -Path ‘Registry::HKEY_LOCAL_MACHINESystemCurrentControlSetControlSession ManagerEnvironment’ -Name PATH -Value $newPath

6. Install the OpenSSHUtils as administrator by running: Install-Module -Force OpenSSHUtils
7. Ensure the ssh-agent service is started by running: Get-Service ssh-agent
8. Check that the status says “Running” otherwise
9. Run the command: Start-Service ssh-agent
10. Navigate to the OpenSSH folder: “C:Program FilesOpenSSH”
11. Run the command: ssh-keygen.exe -A
12. The public/private key pair will generate.
13. Press Enter to accept the default file name and path of “id_rsa”. Otherwise you can specify a different name and path here.
14. Enter a passphrase twice.
15. The identification and public key files will be created called “id_rsa” and “id_rsa.pub” with the following output: “C:Program FilesOpenSSHssh-keygen.exe: generating new host keys: ED25519”
16. Load the key files into the ssh-agent with the command: ssh-add ssh_host_ed25519_key
17. Run the command: Repair-SshdHostKeyPermission -FilePath “C:Program FilesOpenSSHssh_host_ed25519_key”
18. Chose “A” as the response.
19. Run the command: Start-Service sshd
20. Verify the service is in the Running state with the command: Get-Service sshd
21. Add the firewall rule that allows traffic on port 22 with the command: New-NetFirewallRule -Name sshd -DisplayName ‘OpenSSH Server (sshd)’ -Service sshd -Enabled True -Direction Inbound -Protocol TCP -Action Allow -Profile Domain
22. Go the the OpenSSH directory on the server.
23. Open the file “sshd_config” with notepad.exe and add the following to the section “# override default of no subsystems”
    Subsystem powershell C:Program FilesPowerShell6.0.0.16pwsh.exe.exe -sshs -NoLogo -NoProfile
    
24. Enable password authentication with the text: PasswordAuthentication yes
25. Enable key authentication with the text: PubkeyAuthentication yes
26. Close and save the sshd_config file.
27. Run the command: Restart-Service sshd

PowerShell remoting

PowerShell remoting cmdlets will only allow connection with the command Enter-PSSession, Invoke-Command, etc. It will not work using ssh.exe to connect from the client.

References

Openssh Portable

• OpenSSH
• Chocolatey OpenSSH
• Powershell OpenSSH
• https://github.com/PowerShell/Win32-OpenSSH/wiki/Install-Win32-OpenSSH
• PSTools
• Powershell make a permanent change to the path environment variable
• Use Powershell to modify your enviromental path
• Powershell Set Service
• How do I open ports with Powershell
• Getting Started with PowerShell Core on Windows, Mac, and Linux
• Microsoft Transitioning Windows PowerShell 6.0 into PowerShell Core
• PowerShell 6.0 Roadmap: CoreCLR, Backwards Compatibility, and More!
• PowerShell Core 6.0: Generally Available (GA) and Supported! –
• PowerShell Remoting Over SSH
• Using the OpenSSH Beta in Windows 10 Fall Creators Update and Windows Server 1709
• Why Remoting vs. SSH Isn’t Even a Thing
• Porting to .NET Core – Libraries (See remoting section)
• Part 2 – Install .NET Core and PowerShell on Linux Using DSC
• Looking Forward: Microsoft Support for Secure Shell (SSH)

Share on FacebookShare on TwitterShare on WhatsAppShare on LinkedIn

Openssh For Windows10 Download

Share on TumblrShare on RedditShare by Mail0replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Openssh Source Download Windows 10