The Secure Shell (SSH) protocol provides several very useful and important tools for the remote administration of your devices and hosts. Use SSH for remote, interactive command-line access, file transfer, and to even encapsulate other network protocols between systems. The SSH client is built into most (if not all) Linux distributions and is now also included in Microsoft Windows. Linux administrators have relied on SSH for decades for systems management and there is no sign that this will change. SSH offers critical authentication and encryption services for remote systems management, and this tooling will continue to play an important role in managing devices of all makes and models.
Microsoft traditionally depended on a rich graphical user interface for the administration of their Windows OS and shunned support of other operating systems like Linux. There were a few efforts that enabled Linux admins to work with their native systems and programs using Windows workstations with various emulators and interpreters, such as, Microsoft Services for Unix (SFU) and Cygwin. Both environments enabled administrators to run Unix-compiled programs on Windows, but support was limited.
Microsoft began to recognize the advantages scripting and automation brought to systems administration and introduced new systems administration models and frameworks like headless servers that did not run the Windows GUI and PowerShell that provided a robust systems administration programming toolkit. More recently, Microsoft broadened its support of Linux and other open-source standards. In the Windows 10 Fall Creators Update, Microsoft added the Windows Subsystem for Linux (WSL) and optional features to support both the OpenSSH client and server. These new features ensure you can use your Windows client computers to manage your infrastructure regardless of platform or location.
WSL provides the best Linux support yet. WSL lets you install a full Linux distribution alongside your Windows installation, interoperates directly with your Windows hardware and filesystem. The integration is tight. For example, the home directory in your WSL Ubuntu install is the same as your Windows home directory. It feels like you have one system with additional capabilities, and it feels much different than running a Linux virtual machine in parallel to your Windows workstation. For example, you can open an Ubuntu terminal just as easily as a Windows command console and directly SSH into another system just as if you were running Linux natively. And, as it turns out with WSL, you nearly are. But WSL offers so much more than just an SSH client—for example, running the Bash interpreter, compiling C code natively using GNU Compiler Collection (GCC), or accessing traditional UNIX tools like grep, sed, and others. Even from within PowerShell, you can drop into Bash to leverage Bash developer tools from PowerShell. I have found the addition of the Windows Linux Subsystem a welcome addition to my toolkit and I find myself using it often.
In the past, Windows admins relied on third-party applications like the freely available PuTTY or VanDyke Software’s commercial SecureCRT program to make SSH remote connections. These programs provide a nice graphical interface and make it easy to configure SSH’s authentication, encryption, and tunneling options. But in the 2017 Fall Creators Edition, Microsoft brought OpenSSH directly to Windows.
The OpenSSH client is installed by default on the latest versions of Windows 10 and Windows Server versions 1709 and later and the OpenSSH server can be optionally installed as well. OpenSSH is provided as a Windows optional feature. To install it, simply type "optional features" in the search dialog and select "Manage Optional Features" under system settings. If you are running the latest version of Windows 10 you will find the OpenSSH Client already installed and you can click "add features" to install the OpenSSH server.
Once installed, you can open a regular windows command prompt and type the following to use OpenSSH to securely connect to a remote system:
Microsoft includes the OpenSSH server which allows inbound remote ssh connections to your Windows computer. For example, using any ssh client you could open a secure session with a Windows computer for the remote administration of that system.
To configure OpenSSH on Windows, first make sure the OpenSSH server is installed by checking the system settings optional features. Next, make sure the OpenSSH service has been started. Lastly, be sure your firewall is configured to allow TCP 22 to your Windows host. (This should be already done for you because when you install the OpenSSH server Windows will create a new Inbound Rule for the OpenSSH SSH Server (sshd)).
Your Windows computer is now ready to accept new ssh connections. Connect to it just like connecting to another SSH device or host. On the client, run:
Where username is the username you use to log onto that Windows computer and remotesystem is the name of the Windows computer you installed and enabled the OpenSSH server.
To customize your experience, edit the configuration files located in the \Windows\System32\OpenSSH directory. There are some differences between this OpenSSH configuration and others and the Windows specific instructions for configuring sshd_config are on the GitHub and Microsoft support sites (https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_server_configuration). The Windows OpenSSH installation integrates into the Windows event logs, which is helpful for troubleshooting. For example, you can see login failures in the Windows security event log.
The OpenSSH tools included in the Microsoft Windows implementation include: scp, sftp, ssh, ssh-add, ssh-agent, ssh-keygen, and ssh-keyscan. When you install the Windows OpenSSH Server feature you also get: sftp-server, sshd.exe, sshd_config_default, and ssh-shellhost.exe.
Microsoft has significantly increased its interoperability with Linux and now supports tools that many engineers, developers, and administrators use to manage their other cloud and IoT devices that many times run Linux and other UNIX type operating systems. With the inclusion of Windows Subsystem for Linux and OpenSSH Client and Server support you will have more options to support your infrastructure no matter what operating system you use.
Jeff Fellinge has over 25 years’ experience in a variety of disciplines ranging from Mechanical Engineering to Information Security. Jeff led information security programs for a large cloud provider to reduce risk and improve security control effectiveness at some of the world’s largest datacenters. He enjoys researching and evaluating technologies that improve business and infrastructure security and also owns and operates a small metal fabrication workshop.
Privacy Centre |
Terms and Conditions
Copyright ©2020 Mouser Electronics, Inc. - A TTI and Berkshire Hathaway company.
Mouser® and Mouser Electronics® are trademarks of Mouser Electronics, Inc. in the U.S. and/or other countries.
All other trademarks are the property of their respective owners.
Corporate headquarters and logistics centre in Mansfield, Texas USA.