OpenSSH Server on Windows Hosts

Enable SSH Server Capability

Get-WindowsCapability -Online -Name 'OpenSSH.Server*' | Add-WindowsCapability -Online

Generate a SSH Key Pair

See here for more information: https://notes.benheater.com/books/ssh-administration/page/create-new-key-pair-for-ssh

Add the Authorized Key String

Users

OpenSSH Server will fail to read the authorized_keys file if it is not encoded in UTF8 -- no UTF8 with BOM.

$publicKeyFile = "$env:UserProfile\Desktop\my_ssh_key.pub"
$outputFile = '$env:UserProfile\.ssh\authorized_keys'
$publicKeyBytes = [System.IO.File]::ReadAllBytes($publicKeyFile)
$utf8String = [System.Text.Encoding]::UTF8.GetString($publicKeyBytes)
[System.IO.File]::AppendAllLines($outputFile, $utf8String)

Administrators

$publicKeyFile = "$env:UserProfile\Desktop\my_ssh_key.pub"
$outputFile = "$env:ProgramData\ssh\administrators_authorized_keys"
$publicKeyBytes = [System.IO.File]::ReadAllBytes($publicKeyFile)
$utf8String = [System.Text.Encoding]::UTF8.GetString($publicKeyBytes)
[System.IO.File]::AppendAllLines($outputFile, $utf8String)

Configure SSH Server

Open powershell.exe as administrator
Run notepad.exe $env:ProgramData\ssh\sshd_config
Change #PublicKeyAuthentication yes to PublicKeyAuthentication yes
If you want to disable password authentication:
Change PasswordAuthentication yes to PasswordAuthentication no
Change #StrictModes yes to StrictModes no
- https://man.openbsd.org/sshd_config#StrictModes
- This isn't really compatible with Windows by default, as many directories tend to be too open
Press CTRL + S to save the changes to the file

Enable and Start SSH Server

Get-Service sshd | Set-Service -StartupType Automatic
Restart-Service sshd

Make sure the service has started and open TCP port 22. When running Add-WindowsCapability before, this should have opened the port in Windows Firewall for you. Nevertheless, be certain to check any other firewalls as necessary to troubleshoot any connectivity issues.

Get-NetTcpConnection -State Listen -LocalPort 22