Differences

This shows you the differences between the selected revisions of the page.

guide_windows_openssh_server 2025-01-24 guide_windows_openssh_server 2026-06-16 (current)
Line 8: Line 8:
  * On Windows 11: &win11   * On Windows 11: &win11
-    * Go to //Settings > Apps > Optional features// and click on //View features//. +    * Go to //Settings > System > Optional features// and click on //View features//. 
-    * Locate //"OpenSSH server"// feature, select it, click //Next//, and then click //Install//.+    * Locate //"OpenSSH server"// feature, select it, click //Next//, and then click //Add//.
  * On Windows 10 (version 1803 and newer): &win10   * On Windows 10 (version 1803 and newer): &win10
    * Go to //Settings > Apps > Apps & features > Optional features// and click on //Add a feature//.     * Go to //Settings > Apps > Apps & features > Optional features// and click on //Add a feature//.
Line 20: Line 20:
==== [[windows_older]] On earlier versions of Windows ==== ==== [[windows_older]] On earlier versions of Windows ====
-  * Download the latest [[https://github.com/PowerShell/Win32-OpenSSH/releases|OpenSSH for Windows binaries]] (package ''OpenSSH-Win64.zip'' or ''OpenSSH-Win32.zip'') &win32 &win64+  * Download the latest [[https://github.com/PowerShell/Win32-OpenSSH/releases|OpenSSH for Windows binaries]] (package ''OpenSSH-Win64.zip'')
  * As the Administrator, extract the package to ''C:\Program Files\OpenSSH''   * As the Administrator, extract the package to ''C:\Program Files\OpenSSH''
  * As the Administrator, install //sshd// and //ssh-agent// services: \\ <code batch>powershell.exe -ExecutionPolicy Bypass -File install-sshd.ps1</code>   * As the Administrator, install //sshd// and //ssh-agent// services: \\ <code batch>powershell.exe -ExecutionPolicy Bypass -File install-sshd.ps1</code>
Line 31: Line 31:
    * or go to //Windows Security > Firewall & network protection//((//Control Panel > Windows Defender Firewall// (or //Windows Firewall//) on older versions of Windows.))// > Advanced Settings > Inbound Rules// and add a new rule for port 22. &wincp     * or go to //Windows Security > Firewall & network protection//((//Control Panel > Windows Defender Firewall// (or //Windows Firewall//) on older versions of Windows.))// > Advanced Settings > Inbound Rules// and add a new rule for port 22. &wincp
  * Start the service and/or configure automatic start:   * Start the service and/or configure automatic start:
-    * Go to //Control Panel > System and Security > Administrative Tools// and open //Services//. Locate //%%OpenSSH SSH Server%%// service. &wincp+    * Go to //Control Panel > System and Security > Windows Tools// (//Administrative Tools// on Windows 10 and older) and open //Services//. Locate //%%OpenSSH SSH Server%%// service. &wincp &win10
    * If you want the server to start automatically when your machine is started: Go to //Action > Properties// (or just double-click the service). In the Properties dialog, change //Startup type// to //Automatic// and confirm.     * If you want the server to start automatically when your machine is started: Go to //Action > Properties// (or just double-click the service). In the Properties dialog, change //Startup type// to //Automatic// and confirm.
    * Start the //%%OpenSSH SSH Server%%// service by clicking the //Start the service// link or //Action > Start// in the menu.     * Start the //%%OpenSSH SSH Server%%// service by clicking the //Start the service// link or //Action > Start// in the menu.
Line 41: Line 41:
Follow a generic guide for [[guide_public_key|Setting up SSH public key authentication]] in *nix OpenSSH server, with the following difference: Follow a generic guide for [[guide_public_key|Setting up SSH public key authentication]] in *nix OpenSSH server, with the following difference:
-  * Cr the ''.ssh'' folder (for the ''authorized_keys'' file) in your Windows account profile folder (typically in ''C:\Users\username\.ssh'').((Windows File Explorer does not allow you to create a folder starting with a dot directly. As a workaround, use ''.ssh.'', the trailing dot will allow you to bypass the restriction, but will not be included in the name.)) &winpath+  * Create the ''.ssh'' folder (for the ''authorized_keys'' file) in your Windows account profile folder (typically in ''C:\Users\username\.ssh'').((Windows File Explorer does not allow you to create a folder starting with a dot directly. As a workaround, use ''.ssh.'', the trailing dot will allow you to bypass the restriction, but will not be included in the name.)) &winpath
  * For permissions to the ''.ssh'' folder and the ''authorized_keys'' file, what matters are Windows ACL permissions, not simple *nix permissions. Set the %%ACL%% so that the respective Windows account is the owner of the folder and the file and is the only account that has a write access to them. The account that runs //OpenSSH %%SSH%% Server// service (typically ''SYSTEM'' or ''sshd'') needs to have read access to the file.   * For permissions to the ''.ssh'' folder and the ''authorized_keys'' file, what matters are Windows ACL permissions, not simple *nix permissions. Set the %%ACL%% so that the respective Windows account is the owner of the folder and the file and is the only account that has a write access to them. The account that runs //OpenSSH %%SSH%% Server// service (typically ''SYSTEM'' or ''sshd'') needs to have read access to the file.
  * Though, with the default Win32-OpenSSH configuration there is an exception set in ''sshd_config'' for accounts in ''Administrators'' group. For these, the server uses a different location for the authorized keys file: ''%ALLUSERSPROFILE%\ssh\administrators_authorized_keys'' (i.e. typically ''C:\ProgramData\ssh\administrators_authorized_keys''). &winpath   * Though, with the default Win32-OpenSSH configuration there is an exception set in ''sshd_config'' for accounts in ''Administrators'' group. For these, the server uses a different location for the authorized keys file: ''%ALLUSERSPROFILE%\ssh\administrators_authorized_keys'' (i.e. typically ''C:\ProgramData\ssh\administrators_authorized_keys''). &winpath
Line 82: Line 82:
  * Make sure //New site// node is selected.   * Make sure //New site// node is selected.
  * On //New site node//, make sure the //%%SFTP%%// protocol is selected.   * On //New site node//, make sure the //%%SFTP%%// protocol is selected.
-  * Enter your machine/server IP address (or a hostname) into the //Host name// box. +  * Enter your machine/server IP address (or a hostname) into the //Hostname// box. 
-  * Enter your Windows account name to the //User name// box. It might have to be entered in the format ''user@domain'' if running on a domain.+  * Enter your Windows account name to the //Username// box. It might have to be entered in the format ''user@domain'' if running on a domain.
  * For a public key authentication:   * For a public key authentication:
    * Press the //Advanced// button to open [[ui_login_advanced|Advanced site settings dialog]] and go to //[[ui_login_authentication|SSH > Authentication page]]//.     * Press the //Advanced// button to open [[ui_login_advanced|Advanced site settings dialog]] and go to //[[ui_login_authentication|SSH > Authentication page]]//.

Last modified: by 181.137.176.231