Skip to main content

SSH Server - Windows

These steps uses the native Windows implementation of SSH to setup a Secure Shell (SSH) server due to group policies, administrative control, and firewall needs. An alternative way is to set this up via Windows Subsystem Linux (WSL) running Ubuntu.

SSH Server Installation

To install the native SSH server as a Service in Windows, follow these steps:

  1. Search for "powershell" in Windows in the Start Menu, and right click to run an administrative Powershell.
  2. Get a sense of the OpenSSH capabilities by running -
> Get-WindowsCapability -Online | ? Name -like 'OpenSSH*'
Name  : OpenSSH.Client~~~~0.0.1.0
State : Installed

Name  : OpenSSH.Server~~~~0.0.1.0
State : NotPresent
  1. The OpenSSH server isn't installed if the State is NotPresent. Install it with -
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0

SSH Server as a Service

Setting SSH server as an "automatic" service allows it to start up when your computer starts up.

  1. Search for "powershell" in Windows in the Start Menu, and right click to run an administrative Powershell.
  2. Set it to run automatically as a "sshd" service on startup.
Set-Service -Name sshd -StartupType 'Automatic'
  1. Get the Service to see if it has been started.
Get-Service sshd
Status   Name               DisplayName
------   ----               -----------
Running  sshd               OpenSSH SSH Server
  1. (Optional) If the sshd is not started, give it a kick with this. Commands that start the SSH server can be magical, because this native command also includes permitting the firewall for port 22.
Start-Service sshd
  1. Test access by going to your client computer and try to SSH into the SSH server. Punch in the Windows user password to access.
info

In Windows, you can find your server's IP by running ipconfig on a terminal on the server.

The IPv4 address (ex. 10.x.x.x, or 192.168.x.x, or 172.16.x.x) should appear under the Wi-Fi or Ethernet Adapter section, depending on your network setup.

Do not use the Gateway IP address, which normally ends with x.x.x.1. The Gateway IP address is usually the router's IP address.

Do not use a website like whatismyip.com to figure out what your private local IP address is, because those websites can only discover your public IP. If the client tries to connect to the public IP, the client will try to go out to the public internet, connect to your internet service provider, and then try to bounce back to the network interface. The network routing is entirely different when connecting to a public IP than to a private IP, which will only bounce between your local router at home.

ipconfig example

In this diagram above, use the 192.168.0.98 IP address for the SSH server IP.

ssh <username>@<ssh hostname/ip address>
<username>@<ip address>'s password:

  1. Congratulations! You have just setup a SSH tunnel to a Windows machine.

  2. Onto setting up a SSH client!