SSH in Windows 10

Link: Microsoft

Since early 2019 , windows 10 includes SSH applications

To install OpenSSH, start Settings then go to Apps > Apps and Features > Manage Optional Features. Scan this list to see if OpenSSH client is already installed. If not, then at the top of the page select “Add a feature”, then:

  • To install the OpenSSH client, locate “OpenSSH Client”, then click “Install”.
  • To install the OpenSSH server, locate “OpenSSH Server”, then click “Install”.
%WINDIR%\System32\OpenSSH C:\Windows\System32\OpenSSH ssh.exe, which is the SSH client component that runs on the user's local system ssh-keygen.exe generates, manages and converts authentication keys for SSH ssh-agent.exe stores private keys used for public key authentication ssh-add.exe adds private keys to the list allowed by the server ssh-keyscan.exe aids in collecting the public SSH host keys from a number of hosts sftp.exe is the service that provides the Secure File Transfer Protocol, and runs over SSH scp.exe is a file copy utility that runs on SSH sshd.exe, is the SSH server component that must be running on the system being managed remotely

Managing Keys

  • ssh-keygen for generating secure keys
  • ssh-agent and ssh-add for securely storing private keys
  • scp and sftp to securely copy public key files during initial use of a server

Enable SSH Agent

# On an Administrator Powershell Get-Service -Name ssh-agent Get-Service ssh-agent | Select StartType Get-Service -Name ssh-agent | Set-Service -StartupType Manual # Start the ssh-agent service to preserve the server keys Start-Service ssh-agent Get-Service ssh-agent

Generate SSH keys

# If invoked without any arguments, ssh-keygen will generate an RSA key. default is 3072 bits # ssh-keygen will by default write keys in an OpenSSH-specific format. ssh-keygen # Generate an RSA key of 4096 bytes. ssh-keygen -b 4096

Add Private key to Agent

# Now load your key files into ssh-agent ssh-add ~\.ssh\id_rsa ssh-add C:\Users\USERNNAME\.ssh\id_rsa

Deploy Public key to Server

For some reason, the Win 10 installations do not include ssh-copy-id ! Therefore you would need to manually copy and paste the contents of the .ssh/id_rsa.pub file to the ~/.ssh/authorized_keys directory of the server

# Use scp to copy the public key file generated previously to authorized_keys on your server scp C:\Users\user1\.ssh\id_rsa.pub user1@Server_IP:\home\user1\.ssh\authorized_keys

Convert SSH key to SSH2 format for XShell

Public Key

# ssh-keygen with # -e option: tells SSH to read an OpenSSH key file and convert it to SSH2 format. # The default export format is “RFC4716”. # This option allows exporting OpenSSH keys for use by other programs, # PUBLIC KEY ssh-keygen -e -f id_rsa.pub > id_RFC4716.pub # PRIVATE KEY - FAILS !!! . This also generates a public key only ssh-keygen -e -f id_rsa > id_RFC4716 # -i option: tells SSH to read an SSH2 key and convert it into the OpenSSH format. # The default import format is “RFC4716”. <-- SSH2

Private Key Conversions

It should be possible to import the ssh-keygen generated keys directly in Xshell etc.

Use PuttyGen on Widnows. Download it here

  • Start PuTTYgen
  • Conversions > Import key – Select the Private key File
  • Conversions > Export
    • Export OpenSSH key: Header —–BEGIN RSA PRIVATE KEY—–
    • Export OpenSSH key (force new file format): key Header—–BEGIN OPENSSH PRIVATE KEY—–
    • Export SSH.com key: Header —– BEGIN SSH2 ENCRYPTED PRIVATE KEY —-
  • Save private Key – Key Header: – PuTTY-User-Key-File-2: ssh-rsa

SSHd Configuration

Only needed if the Win10 system needs to be accessed from elsewhere over SSH (i.e. the Win 10 system is going to act as as server) – not your typical use case. sshd.exe, is the SSH server component that must be running on the system being managed remotely

%programdata%\ssh\sshd_config