Deprecated: Creation of dynamic property c2c_AddAdminCSS::$admin_options_name is deprecated in /var/www/html/wp-content/plugins/add-admin-css/c2c-plugin.php on line 106 Deprecated: Creation of dynamic property c2c_AddAdminCSS::$config is deprecated in /var/www/html/wp-content/plugins/add-admin-css/c2c-plugin.php on line 106 Deprecated: Creation of dynamic property c2c_AddAdminCSS::$disable_contextual_help is deprecated in /var/www/html/wp-content/plugins/add-admin-css/c2c-plugin.php on line 106 Deprecated: Creation of dynamic property c2c_AddAdminCSS::$disable_update_check is deprecated in /var/www/html/wp-content/plugins/add-admin-css/c2c-plugin.php on line 106 Deprecated: Creation of dynamic property c2c_AddAdminCSS::$hook_prefix is deprecated in /var/www/html/wp-content/plugins/add-admin-css/c2c-plugin.php on line 106 Deprecated: Creation of dynamic property c2c_AddAdminCSS::$form_name is deprecated in /var/www/html/wp-content/plugins/add-admin-css/c2c-plugin.php on line 106 Deprecated: Creation of dynamic property c2c_AddAdminCSS::$menu_name is deprecated in /var/www/html/wp-content/plugins/add-admin-css/c2c-plugin.php on line 106 Deprecated: Creation of dynamic property c2c_AddAdminCSS::$name is deprecated in /var/www/html/wp-content/plugins/add-admin-css/c2c-plugin.php on line 106 Deprecated: Creation of dynamic property c2c_AddAdminCSS::$nonce_field is deprecated in /var/www/html/wp-content/plugins/add-admin-css/c2c-plugin.php on line 106 Deprecated: Creation of dynamic property c2c_AddAdminCSS::$settings_page is deprecated in /var/www/html/wp-content/plugins/add-admin-css/c2c-plugin.php on line 106 Deprecated: Creation of dynamic property c2c_AddAdminCSS::$show_admin is deprecated in /var/www/html/wp-content/plugins/add-admin-css/c2c-plugin.php on line 106 Deprecated: Creation of dynamic property c2c_AddAdminCSS::$textdomain is deprecated in /var/www/html/wp-content/plugins/add-admin-css/c2c-plugin.php on line 106 Deprecated: Creation of dynamic property c2c_AddAdminCSS::$textdomain_subdir is deprecated in /var/www/html/wp-content/plugins/add-admin-css/c2c-plugin.php on line 106 Deprecated: Creation of dynamic property c2c_AddAdminCSS::$author_prefix is deprecated in /var/www/html/wp-content/plugins/add-admin-css/c2c-plugin.php on line 109 Deprecated: Creation of dynamic property c2c_AddAdminCSS::$id_base is deprecated in /var/www/html/wp-content/plugins/add-admin-css/c2c-plugin.php on line 110 Deprecated: Creation of dynamic property c2c_AddAdminCSS::$options_page is deprecated in /var/www/html/wp-content/plugins/add-admin-css/c2c-plugin.php on line 111 Deprecated: Creation of dynamic property c2c_AddAdminCSS::$plugin_basename is deprecated in /var/www/html/wp-content/plugins/add-admin-css/c2c-plugin.php on line 112 Deprecated: Creation of dynamic property c2c_AddAdminCSS::$plugin_file is deprecated in /var/www/html/wp-content/plugins/add-admin-css/c2c-plugin.php on line 113 Deprecated: Creation of dynamic property c2c_AddAdminCSS::$plugin_path is deprecated in /var/www/html/wp-content/plugins/add-admin-css/c2c-plugin.php on line 114 Deprecated: Creation of dynamic property c2c_AddAdminCSS::$u_id_base is deprecated in /var/www/html/wp-content/plugins/add-admin-css/c2c-plugin.php on line 115 Deprecated: Creation of dynamic property c2c_AddAdminCSS::$version is deprecated in /var/www/html/wp-content/plugins/add-admin-css/c2c-plugin.php on line 116 Warning: Cannot modify header information - headers already sent by (output started at /var/www/html/wp-content/plugins/add-admin-css/c2c-plugin.php:106) in /var/www/html/wp-includes/rest-api/class-wp-rest-server.php on line 1768 {"id":144,"date":"2021-12-14T15:37:38","date_gmt":"2021-12-14T08:37:38","guid":{"rendered":"https:\/\/erwin.co\/?p=144"},"modified":"2022-07-05T18:33:01","modified_gmt":"2022-07-05T11:33:01","slug":"configuring-openssh-server-sshd-on-windows-11","status":"publish","type":"post","link":"https:\/\/erwin.co\/configuring-openssh-server-sshd-on-windows-11\/","title":{"rendered":"Configuring OpenSSH-Server (sshd) on Windows 11"},"content":{"rendered":"\n

OpenSSH Server on Windows is very cool, and very weird... <\/p>\n\n\n\n

You need to open a PowerShell Prompt as Administrator<\/strong><\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

If you're going to connect to Windows via OpenSSH, I think you're really best off using PowerShell rather than cmd.exe, as PowerShell can do quite a bit more from the command line that's impossible with cmd.exe.<\/p>\n\n\n\n

# Install the OpenSSH Server\nAdd-WindowsCapability -Online -Name OpenSSH.Server\n\n# Start the SSH server\nStart-Service sshd\n# or the even shorter and older...\nnet start sshd<\/code><\/pre>\n\n\n\n
32-bit versions of windows shipped with a ported version of edit.exe<\/code> from DOS that would work in a command prompt. The 64-bit editor that works in every version of windows and is guaranteed to be installed is notepad.exe<\/code>. Obviously that's not going to get us very far via ssh<\/code> so we need a way to edit in the terminal.<\/p>\n\n\n\n
The best solution is to install neovim<\/code> via scoop<\/code>. If you're not into neovim<\/code>, regular vim<\/code> or nano<\/code> (doesn't use vi keys) would also work.<\/p>\n\n\n\n
# Allow PowerShell to run RemoteSigned code\nSet-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser\n\n# Install scoop\niwr -useb get.scoop.sh | iex\n\n# Install git - required for scoop to operate\nscoop install git\n\n# Install neovim\nscoop install neovim\n# or `scoop install vim` if Lua is too fast for you\n# or `scoop install nano` if hklj are too powerful...\n\n# Install the VC++ runtime (recommended for neovim)\nscoop install vcredist2015<\/code><\/pre>\n\n\n\n
Most regular *nix machines put the sshd<\/code> configuration in \/etc\/ssh\/sshd_config<\/code>. For Windows, the \/etc\/ssh<\/code> directory is:
C:\\ProgramData\\ssh<\/code>. Inside of this directory you'll see:<\/p>\n\n\n\n
Directory: C:\\ProgramData\\ssh\n\n\nlogs\/\nssh_host_dsa_key\nssh_host_dsa_key.pub\nssh_host_ecdsa_key\nssh_host_ecdsa_key.pub\nssh_host_ed25519_key\nssh_host_ed25519_key.pub\nssh_host_rsa_key\nssh_host_rsa_key.pub\nsshd.pid\nsshd_config\nadministrators_authorized_keys<\/code><\/pre>\n\n\n\n
At the end of the Windows sshd_config<\/code> you'll see:<\/p>\n\n\n\n
Match Group administrators\n       AuthorizedKeysFile __PROGRAMDATA__\/ssh\/administrators_authorized_keys<\/code><\/pre>\n\n\n\n
 If you're in a multi-user corporate environment I would strongly recommend changing this to:<\/p>\n\n\n\n
AuthorizedKeysFile __PROGRAMDATA__\/ssh\/%u\/authorized_keys<\/code><\/pre>\n\n\n\n
The point is that in a multi-admin environment, you'll realistically want every admin to at least have their own home folder, and not effectively be sharing a login... Using Microsoft's default, the username is set by user<\/code> set in the ssh user@server<\/code> command.<\/p>\n\n\n\n
If you use any path under ProgramData for your keys, you'll need to icalcls<\/code> to set exactly these permissions, of course update your file name accordingly.<\/p>\n\n\n\n
icacls.exe \"C:\\ProgramData\\ssh\\administrators_authorized_keys\" \/inheritance:r \/grant \"Administrators:F\" \/grant \"SYSTEM:F\"<\/code><\/pre>\n\n\n\n
In my case, I'm just running this as a virtual machine for development, so I just commented out the #match group Administrators Authorized Key File<\/code> which simplifies permissions and behaves more like you expect of ssh. In a real server environment, I would definitely go with: PROGRAMDATA__\/ssh\/%u\/authorized_keys<\/p>\n\n\n\n
#Match Group administrators\n#       AuthorizedKeysFile __PROGRAMDATA__\/ssh\/administrators_authorized_keys<\/code><\/pre>\n\n\n\n
Last, you need to add your ~\/.ssh\/some_key.pub<\/code> public key to the authorized_keys<\/code> file that you've chosen, and then restart sshd<\/code>.<\/p>\n\n\n\n
net stop sshd\nnet start sshd<\/code><\/pre>\n\n\n\n
Now you should be able to log in via:<\/p>\n\n\n\n
ssh myuser@windows-host -p 22 -i ~\/.ssh\/some_key<\/code><\/pre>\n\n\n\n
Once you've got SSH connected, I would recommend setting ssh<\/code> to launch powershell<\/code> as the default shell rather than cmd<\/code>, so that you can edit the registry via SSH.<\/p>\n\n\n\n
New-ItemProperty -Path \"HKLM:\\SOFTWARE\\OpenSSH\" -Name DefaultShell -Value \"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" -PropertyType String -Force\n\n# Check that it's set with:\nGet-Item -Path \"HKLM:\\SOFTWARE\\OpenSSH\"<\/code><\/pre>\n\n\n\n
You can list the current version of windows that's being used via cmd.exe's 'ver' shell builtin.<\/p>\n\n\n\n
cmd.exe \/c ver\n\n# Windows \"11\" is:\nMicrosoft Windows [Version 10.0.22000.318]<\/code><\/pre>\n\n\n\n
Windows 11 ships with WSLg<\/code> allowing display of GUI apps, supporting both Wayland and X11 APIs...<\/p>\n\n\n\n
wsl --install -d Ubuntu<\/code><\/pre>\n\n\n\n
<\/p>\n","protected":false},"excerpt":{"rendered":"
OpenSSH Server on Windows is very cool, and very weird… You need to open a PowerShell Prompt as Administrator If you’re going to connect to Windows via OpenSSH, I think you’re really best off using PowerShell rather than cmd.exe, as PowerShell can do quite a bit more from the command line that’s impossible with cmd.exe. […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[17],"tags":[],"_links":{"self":[{"href":"https:\/\/erwin.co\/wp-json\/wp\/v2\/posts\/144"}],"collection":[{"href":"https:\/\/erwin.co\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/erwin.co\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/erwin.co\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/erwin.co\/wp-json\/wp\/v2\/comments?post=144"}],"version-history":[{"count":1,"href":"https:\/\/erwin.co\/wp-json\/wp\/v2\/posts\/144\/revisions"}],"predecessor-version":[{"id":146,"href":"https:\/\/erwin.co\/wp-json\/wp\/v2\/posts\/144\/revisions\/146"}],"wp:attachment":[{"href":"https:\/\/erwin.co\/wp-json\/wp\/v2\/media?parent=144"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/erwin.co\/wp-json\/wp\/v2\/categories?post=144"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/erwin.co\/wp-json\/wp\/v2\/tags?post=144"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}