Configure SSH Login from Windows to Windows
Setting up SSH login allows you to securely connect between two Windows machines. This is useful for remote management, automation, and scripting tasks.
Step 1: Verify User Requirements on the Destination Machine
Before proceeding with SSH setup, ensure the following requirements are met for the user account that will be accessed remotely:
-
The user must exist on the destination machine
- Use
username@hostname
orhostname\username
for local accounts. - Use
DOMAIN\username
if logging into a domain-joined machine.
- Use
-
The user must have a password
- Windows OpenSSH does not allow empty passwords by default.
-
The user must have SSH access
- Check if they are not blocked in
C:\ProgramData\ssh\sshd_config
. - Ensure
AllowUsers
(if used) includes the username.
- Check if they are not blocked in
-
The user must have remote login rights
- In Local Security Policy (
secpol.msc
), check:- Allow log on through Remote Desktop Services
- Deny log on locally (must not include the user).
- In Local Security Policy (
-
Ensure the user has a valid home directory
- The profile should exist under
C:\Users\username
.
- The profile should exist under
-
If non-admin, grant SSH access
- If restricted, run:
icacls C:\ProgramData\ssh\sshd_config /grant Users:RX
Step 2: Install OpenSSH
On the Destination Machine (SSH Server):
- Open PowerShell with administrative privileges:
- Press Win + S, type
PowerShell
, right-click on Windows PowerShell, and select Run as Administrator.
- Check if OpenSSH Server is installed:
Get-WindowsCapability -Online | Where-Object Name -like '*OpenSSH.Server*'
If it shows State : NotPresent
, install OpenSSH Server:
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
- Start and enable the SSH service:
Start-Service sshd
Set-Service -Name sshd -StartupType Automatic
- Allow SSH through Windows Firewall:
New-NetFirewallRule -Name "OpenSSH" -DisplayName "OpenSSH Server" -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22
On the Source Machine (SSH Client):
- Check if OpenSSH Client is installed:
Get-WindowsCapability -Online | Where-Object Name -like '*OpenSSH.Client*'
If it shows State : NotPresent
, install OpenSSH Client:
Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0
Step 3: Start an SSH Session Between Windows Machines
- On the source machine, open PowerShell or Command Prompt.
- Connect to the destination machine:
ssh username@destination-ip
- If prompted, enter the password for the destination machine.
Step 4: Verify SSH Connection
- Once connected, run a simple command to verify access:
whoami
This should return the username of the logged-in session.
- If you need to transfer files using SCP, use:
scp C:\path\to\file.txt username@destination-ip:C:\destination\path\
Troubleshooting (Use Command Prompt for These Steps)
If SSH fails to connect:
- Restart the SSH service on the destination machine:
net stop sshd && net start sshd
- Ensure SSH is listening on port 22:
netstat -an | findstr :22
If the port is not open, restart the SSH service and check firewall settings.
- If SSHD fails to start, check logs:
wevtutil qe Application /q:"*[System[Provider[@Name='sshd']]]" /c:10 /rd:true /f:text
Look for errors related to missing keys or incorrect permissions.
- Ensure SSH host keys exist:
cd C:\ProgramData\ssh
ssh-keygen -A
net stop sshd && net start sshd
Conclusion
Setting up SSH login from Windows to Windows enables secure remote access. This setup is useful for remote management, automation, and system administration.
If you run into any issues or have additional tips, feel free to share in the comments! 😊
Top comments (0)