First, install the OpenSSH client and server on the Windows host
For Server 2019 and up, OpenSSH client and server can be installed via PowerShell with the following commands:
# Install the OpenSSH Client (Installed by default at least for Server 2022, maybe 2019 as well)
Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0
# Install the OpenSSH Server
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
# Set the sshd service to be started automatically
Get-Service -Name sshd | Set-Service -StartupType Automatic
# Start the sshd service
Start-Service sshd
The following binaries are included:
ssh-keygen
ssh-agent
ssh-add
scp
sftp
Note : This works much like it does for Linux, but ssh keys are not managed in AD.
Next, as an admin, configure the MID server to authenticate to Windows via SSH:
- Install and enable sshd
- Ensure 22/tcp is allowed by local and network firewalls
- Designate a user account to be used
- Ensure the local profile for that user already exists in C:\Users\<username>
- Give the user local admin rights
- Copy the public key to be used to C:\Users\<username>\authorized_keys
Once complete, the MID server should be able to authenticate and have cmd available as the shell.
When using ssh to connect from Windows, it works along the same principles, just a bit different in practice. The NTFS permissions on the private key need to be restricted to a single user in place of the 600 permission normally used. ssh-keygen can be used to create the key pair.
More information can be found at https://learn.microsoft.com/en-us/windows-server/administration/openssh/openssh_keymanagement
Note :
- For OS versions before Server 2019 (Server 2012, 2012 R2, 2016, ...), OpenSSH server is not natively supported (requires a third party solution)
- Some departments may enable sshd on Windows Server, but this is not a campus wide practice