Skip to content

Instantly share code, notes, and snippets.

@matthew-e-brown

matthew-e-brown/Win10-SSH-Notes.md

Last active February 1, 2022 22:22
Show Gist options
  • Save matthew-e-brown/c794d20c658bb90e3797aea7695ea372 to your computer and use it in GitHub Desktop.
Save matthew-e-brown/c794d20c658bb90e3797aea7695ea372 to your computer and use it in GitHub Desktop.
Download ZIP
Notes for connecting to desktop through SSH
Raw
Win10-SSH-Notes.md

Windows 10 SSH server setup

Who knew Windows had SSH built in... and to think, I'd just been leaving a WSL window open with sshd running on it...

Stuff that must be done every time

  1. If you did not enable automatic startup of SSH services, enable them:
Start-Service 'sshd'
Start-Service 'ssh-agent'

Make sure you ran Powershell as administrator!

  1. Don't forget to forward port 22 in the router settings!

From the laptop

Since CMD is hot garbage, run the following to get into Git Bash:

"%SYSTEMDRIVE%\Program Files\Git\bin\sh.exe" --login

Or, tack it into the ssh command:

$ ssh [email protected] -t '"%SYSTEMDRIVE%\Program Files\Git\bin\sh.exe" --login'

One-time setup that was done:

  • Go into Windows Settings and enable the OpenSSH server (guide/overview)
Add-WindowsCapability -Online -Name OpenSSH.Server*
New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22

If desired:

Set-Service -Name 'sshd' -StartupType 'Automatic'
Set-Service -Name 'ssh-agent' -StartupType 'Automatic'
  • Add laptop's id_rsa.pub to ~/.ssh/authorized_keys
  • Follow this guide for setting up OpenSSH authentication with public key instead of password:

Server setup continued (non-elevated powershell):

  1. Log in as a user, for which public key auth to be used
  2. cd $env:USERPROFILE; mkdir .ssh; cd .ssh; New-Item authorized_keys;
  3. Paste the contents of the id_rsa.pub file from the client to the .ssh\authorized_keys file from the previous step.
  4. Setup permissions properly (important!!!):
    1. Run start . to open explorer with the current folder ($env:USERPROFILE\.ssh);
    2. Right click authorized_keys, go to Properties -> Security -> Advanced
    3. Click "Disable inheritance";
    4. Choose "Convert inherited permissions into explicit permissions on this object" when prompted;
    5. (really, really important) Remove all permissions on file except for the SYSTEM and yourself. There must be exactly two permission entries on the file. Some guides suggest running the Repair-AuthorizedKeyPermission $env:USERPROFILE\.ssh\authorized_keys - this will try to add the sshd user to the permission list and it will break the authentication, so, don't do that, or at least do not agree on adding the sshd user). Both SYSTEM and yourself should have full control over the file.
  5. If your Windows build is 1809 or later, it is required to comment out the following lines in C:\ProgramData\ssh\sshd_config file. Then restart the sshd service.
 # Match Group administrators                                                    
 #       AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys

(copied 2021-12-14)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment