How To SSH into a Windows Machine | Easy and Full Setup

By Posted on

How To SSH into a Windows Machine | Easy and Full Setup

How To SSH into a Windows Machine | Easy and Full Setup

In this guide, you will learn How To SSH into a Windows Machine. OpenSSH is a connectivity tool for remote sign-in that uses the SSH protocol. It encrypts all traffic between client and server to eliminate eavesdropping, connection hijacking, and other attacks.

An OpenSSH-compatible client can be used to connect to Windows Server and Windows Client devices. Now, proceed to the guide steps below on the Orcacore website to learn how you can enable SSH and access a Windows machine using SSH.

In this article, we’ll show you how to configure OpenSSH on Windows and connect to it using Putty or any other SSH client. Let’s start by enabling SSH on Windows.

1. How To Enable SSH Server on Windows?

If you are using a Windows 10 machine, you need to be sure that your build of Windows 10 is 1809 or newer. To do this, you can run the command below:

winver

Note: If you have an older Windows 10 build installed, you can update it through Windows Update.

Then, run the command below from your PowerShell Admin to enable OpenSSH on your system:

Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
Install OpenSSH Server on Windows

Verify your OpenSSH status by running the following PowerShell command:

Get-WindowsCapability -Online | ? Name -like 'OpenSSH.Server*'
OpenSSH status on Windows

Then, start the SSH server by using the command below:

Start-Service sshd

Next, run the command below to autostart the SSH server:

Set-Service -Name sshd -StartupType Automatic

2. Configure SSH Agent on Windows

At this point, you need to check the status of ssh-agent from your PowerShell:

Get-Service -Name ssh-agent
SSH Agent Status on Windows

In my case, the service is in a Stopped state and not added to the automatic startup list. To start the SSH agent service and configure autostart for it on your Windows machine, run the following commands:

# Set-Service -Name ssh-agent -StartupType Manual
# Start-Service ‘ssh-agent’
# Set-Service -Name ‘ssh-agent’ -StartupType 'Automatic'

3. Configure Windows Firewall For SSH

At this point, you need to allow incoming connections to TCP port 22 in the Windows Defender Firewall. To do this, you can add a firewall rule to allow SSH traffic using PowerShell on your Windows machine:

New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22
Configure Windows Firewall For SSH

Now you can start to connect to your Windows.

4. Connect From Linux To Windows Using SSH

At this point, you can connect to Windows using any SSH client. To connect from Linux, use the command below:

ssh -p 22 admin@IP-address-of-your-windows-machine

Here, the admin is a local Windows user under whom you want to connect. After that, a new Windows command prompt window will open in an SSH session.

5. Generate SSH Keys on your Windows Machine

If you want to use key-based SSH authentication instead of password authentication, you need to generate a key using ssh-keygen on your client.

Then, the contents of the id_rsa.pub file must be copied to the c:usersadmin.sshauthorized_keys file in Windows 10.

You can configure various OpenSSH server settings in Windows using the %programdata%sshsshd_config configuration file.

For example, you can disable password authentication and leave only SSH key-based auth on your Windows machine with:

PubkeyAuthentication yes

PasswordAuthentication no

Here you can also specify a new TCP port (instead of the default TCP 22 port) on which the SSHD will accept connections. For example:

Port 2222

After making changes to the sshd_config file, you need to restart the sshd service:

Get-Service sshd | Restart-Service –force

After that, you can connect from your Linux client to Windows without a password. Use the command:

ssh -l admin@IP-address-of-your-windows-machine

Conclusion

At this point, you have learned to How To SSH into a Windows Machine and enable PubkeyAuthentication to connect to your system without a password.

Hope you enjoy it. Please subscribe to us on Facebook, Instagram, and YouTube.

You may also like these articles:

How To Change RDP Port on Windows

Set up Apache Tomcat on Windows 10/Server

Add Multiple IP Addresses on Windows Server 2016

Modify Windows Account Lockout Policy Settings

Alternative Solutions for SSH access to Windows

While the above method using OpenSSH is a robust and secure way to How To SSH into a Windows Machine, there are alternative approaches that might be suitable depending on your specific needs and environment. Here are two different ways:

1. Using PowerShell Remoting (over SSH):

PowerShell Remoting offers a powerful way to manage Windows machines remotely. Traditionally, it uses WinRM (Windows Remote Management), but it can also be configured to operate over SSH, providing similar security benefits to OpenSSH. This is a good option if you primarily need to execute PowerShell commands and scripts on the remote Windows machine. This method of using SSH is a strong alternative to How To SSH into a Windows Machine.

  • Explanation: PowerShell Remoting over SSH leverages the existing PowerShell infrastructure for remote management but replaces WinRM with SSH for transport security. This means you get the rich functionality of PowerShell Remoting (access to objects, cmdlets, etc.) with the added security of SSH encryption.

  • Setup:

    1. Install PowerShell 7+: Ensure PowerShell 7 or later is installed on the Windows machine. You can download it from the Microsoft website.

    2. Install the Posh-SSH Module: From an elevated PowerShell prompt, run:

      Install-Module -Name Posh-SSH -Force

    3. Configure PowerShell Remoting over SSH: Run the following script as administrator:

      Enable-PSSSHServer -Force

      This script configures the SSH subsystem for PowerShell Remoting. It handles tasks such as creating the powershell_profile.ps1 and setting the necessary permissions.

    4. Configure SSH Daemon (sshd): The OpenSSH server (sshd) needs to be installed and running, as described in the original article. Ensure the sshd_config file has a subsystem entry for PowerShell:

      Subsystem       powershell        "C:/Program Files/PowerShell/7/pwsh.exe" -sshs -NoLogo -NoProfile

      Restart the SSH service after modifying the configuration file:

      Restart-Service sshd

  • Connecting: From a remote machine (Linux, macOS, or Windows with SSH client), you can initiate a PowerShell Remoting session using Enter-PSSession:

    Enter-PSSession -HostName <IP address of Windows machine> -UserName <username> -SSHTransport

    You’ll be prompted for the password (or use SSH keys for key-based authentication). Once connected, you’ll have a PowerShell prompt on the remote Windows machine.

  • Code Example (Connecting from Linux):

    While the connection is initiated from PowerShell, the underlying transport is SSH. Therefore, no specific Linux code is required beyond having an SSH client installed. The Enter-PSSession command handles the SSH connection details.

2. Using a GUI-based Remote Access Tool (VNC or RDP through SSH Tunnel):

While not strictly SSH access in the command-line sense, using a graphical remote access tool secured with an SSH tunnel provides a way to interact with the Windows machine’s desktop. This is useful if you need a full GUI experience.

  • Explanation: This method involves using a VNC (Virtual Network Computing) server like TightVNC or RealVNC on the Windows machine, or leveraging Remote Desktop Protocol (RDP). The VNC/RDP traffic is then tunneled through an SSH connection, encrypting it and preventing eavesdropping. This effectively secures your remote desktop connection.

  • Setup:

    1. Install a VNC Server (or enable RDP): Download and install a VNC server on the Windows machine. Alternatively, enable Remote Desktop (RDP) in Windows settings (search for "Remote Desktop settings").

    2. Configure VNC (or RDP): Configure the VNC server with a password. For RDP, ensure remote connections are allowed and a user account has permissions to connect.

    3. Establish SSH Tunnel: On the client machine (Linux, macOS, or Windows), create an SSH tunnel to forward a local port to the VNC/RDP port on the Windows machine. VNC typically uses port 5900 (or 5901, 5902, etc., for multiple VNC sessions), while RDP uses port 3389.

  • Connecting (VNC): Use a VNC client (e.g., Remmina, TigerVNC) on the client machine to connect to localhost:<local port you forwarded>. You’ll be prompted for the VNC password.

  • Connecting (RDP): Use an RDP client (e.g., Remmina, Microsoft Remote Desktop) on the client machine to connect to localhost:<local port you forwarded>. You will be prompted for your Windows username and password.

  • Code Example (Creating SSH Tunnel from Linux):

    ssh -L 5901:localhost:5900 user@<IP address of Windows machine>

    This command forwards local port 5901 on your client machine to port 5900 on the Windows machine. Replace 5900 with 3389 if using RDP. Replace "user" with the appropriate username to connect to the Windows Machine with.

    After executing this command in your Linux terminal, keep it running in the background. Then open your VNC or RDP client and connect to localhost:5901 (or localhost:your_chosen_port for RDP), and you will connect to the Windows machine through the SSH tunnel.

These alternative methods offer different trade-offs in terms of functionality, setup complexity, and security. Choosing the right method depends on your specific requirements for remote access to the Windows machine. This highlights that achieving How To SSH into a Windows Machine is more flexible than it may first appear.

Related posts:

Leave a Reply

Your email address will not be published. Required fields are marked *