Epidemiology & Technology

SSH in Windows 10

Link: Microsoft

Since early 2019 , windows 10 includes SSH applications

To install OpenSSH, start Settings then go to Apps > Apps and Features > Manage Optional Features. Scan this list to see if OpenSSH client is already installed. If not, then at the top of the page select “Add a feature”, then:

  • To install the OpenSSH client, locate “OpenSSH Client”, then click “Install”.
  • To install the OpenSSH server, locate “OpenSSH Server”, then click “Install”.

ssh.exe, which is the SSH client component that runs on the user's local system
ssh-keygen.exe generates, manages and converts authentication keys for SSH
ssh-agent.exe stores private keys used for public key authentication
ssh-add.exe adds private keys to the list allowed by the server
ssh-keyscan.exe aids in collecting the public SSH host keys from a number of hosts
sftp.exe is the service that provides the Secure File Transfer Protocol, and runs over SSH
scp.exe is a file copy utility that runs on SSH

sshd.exe, is the SSH server component that must be running on the system being managed remotely

Managing Keys

  • ssh-keygen for generating secure keys
  • ssh-agent and ssh-add for securely storing private keys
  • scp and sftp to securely copy public key files during initial use of a server

Enable SSH Agent

# On an Administrator Powershell

Get-Service -Name ssh-agent 
Get-Service ssh-agent | Select StartType
Get-Service -Name ssh-agent | Set-Service -StartupType Manual

# Start the ssh-agent service to preserve the server keys
Start-Service ssh-agent
Get-Service ssh-agentCode language: PowerShell (powershell)

Generate SSH keys

# If invoked without any arguments, ssh-keygen will generate an RSA key. default is 3072 bits 
# ssh-keygen will by default write keys in an OpenSSH-specific format. 

# Generate an RSA key of 4096 bytes.
ssh-keygen -b 4096Code language: PowerShell (powershell)

Add Private key to Agent

# Now load your key files into ssh-agent
ssh-add ~\.ssh\id_rsa
ssh-add C:\Users\USERNNAME\.ssh\id_rsaCode language: PowerShell (powershell)

Deploy Public key to Server

For some reason, the Win 10 installations do not include ssh-copy-id ! Therefore you would need to manually copy and paste the contents of the .ssh/id_rsa.pub file to the ~/.ssh/authorized_keys directory of the server

# Use scp to copy the public key file generated previously to authorized_keys on your server
scp C:\Users\user1\.ssh\id_rsa.pub user1@Server_IP:\home\user1\.ssh\authorized_keys
Code language: PowerShell (powershell)

Convert SSH key to SSH2 format for XShell

Public Key

# ssh-keygen with
# -e  option:  tells SSH to read an OpenSSH key file and convert it to SSH2 format.
#            The default export format is “RFC4716”. 
#            This option allows exporting OpenSSH keys for use by other programs, 

ssh-keygen -e -f id_rsa.pub > id_RFC4716.pub

# PRIVATE KEY - FAILS !!! . This also generates a public key only
ssh-keygen -e -f id_rsa > id_RFC4716

# -i  option: tells SSH to read an SSH2 key and convert it into the OpenSSH format. 
#            The default import format is “RFC4716”. <-- SSH2

Code language: PHP (php)

Private Key Conversions

It should be possible to import the ssh-keygen generated keys directly in Xshell etc.

Use PuttyGen on Widnows. Download it here

  • Start PuTTYgen
  • Conversions > Import key – Select the Private key File
  • Conversions > Export
    • Export OpenSSH key: Header —–BEGIN RSA PRIVATE KEY—–
    • Export OpenSSH key (force new file format): key Header—–BEGIN OPENSSH PRIVATE KEY—–
    • Export SSH.com key: Header —– BEGIN SSH2 ENCRYPTED PRIVATE KEY —-
  • Save private Key – Key Header: – PuTTY-User-Key-File-2: ssh-rsa

SSHd Configuration

Only needed if the Win10 system needs to be accessed from elsewhere over SSH (i.e. the Win 10 system is going to act as as server) – not your typical use case. sshd.exe, is the SSH server component that must be running on the system being managed remotely

%programdata%\ssh\sshd_configCode language: PowerShell (powershell)

Related posts