Puget Systems print logo

https://www.pugetsystems.com

Read this article at https://www.pugetsystems.com/guides/1470
Dr Donald Kinghorn (Scientific Computing Advisor )

How To Use SSH Client and Server on Windows 10

Written on May 31, 2019 by Dr Donald Kinghorn
Share:

Introduction

Secure Shell (ssh) is a standard tool included on most "network" operating systems i.e. Linux, UNIX, MacOS, etc.. In the past Windows required a 3rd party application to get even a usable ssh client. For users who needed to connect securely to the rest of the world with a command line interface PuTTY has been a common addition. After several decades Microsoft finally has a native ssh client AND server on Windows! Both the client and server are standard (and in stable versions) on Windows 10 since the 1809 "October Update".

For a developer or researcher it's not unusual to be working with several machines at the same time. Connecting remotely to servers or other workstations in a mixed OS environment is a common need. You can now connect from a Windows 10 system to Linux servers or workstations easily and you can go the other direction too. You can "ssh into" a Windows 10 machine from Linux or other Windows machines. For me personally this kind of connectivity is essential. I may be using 3 or 4 different machine at the same time and I always have several terminal's open. I typically work with Linux and Windows 10 (locally or remotely) at the same time. The interoperability between Linux and Windows 10 has become very good.

This post is a setup guide and introduction to ssh client and server on Windows 10. I'm doing this partly as a reference for other posts that I'll be doing where this functionality will be utilized.

I am not going to cover much detail about using ssh. If ssh is new to you then note that Microsoft ssh is a native port of the widely used standard OpenSSH client and server. That means that most information about using ssh that you find online will apply even though those sources will likely be references from Linux, UNIX or MacOS. The official documentation for components of OpenSSH is the standard reference. The Windows Server documentation has a section titled "OpenSSH in Windows"

The normal suite of of functions are included with the Windows 10 port,

  • ssh.exe, which is the SSH client used from the user's local system
  • sshd.exe, which is the SSH server that accept connections from other systems
  • ssh-keygen.exe generates, manages and converts authentication keys for SSH
  • ssh-agent.exe stores private keys used for public key authentication
  • ssh-add.exe adds private keys to the list allowed by the server
  • ssh-keyscan.exe aids in collecting the public SSH host keys from a number of- hosts
  • sftp.exe is the service that provides the Secure File Transfer Protocol, and- runs over SSH
  • scp.exe is a file copy utility that runs on SSH

The user applications that you will use most frequently are; ssh (secure shell), for connecting to other systems, and scp (secure copy) for for copying files and directories back and forth with remote systems.

Enable ssh and ssh server on Windows 10

I am using a fresh install of Windows 10 Pro 1903. I have done this on Windows 10 Home too.

The simplest way to setup ssh and ssh server is to use PowerShell. After all you do want to use the command-line, right?

You need administrator privileges to enable services so open Powershell as Administrator, (right click on the Powershell icon in the application menu)

powershell as admin

The following command will show you the name and state of OpenSSH on your system,

Get-WindowsCapability -Online | ? Name -like 'OpenSSH*'

You should see something like,

Name : OpenSSH.Client~~~~0.0.1.0
State : Installed

Name : OpenSSH.Server~~~~0.0.1.0
State : NotPresent

That is telling you that the ssh client is installed. (It's ready to use by default in recent Windows 10 builds.) The server is not setup yet.

Add the OpenSSh server component,

Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0

That command will download the server component and install it. Output will look like,

Path :
Online : True
RestartNeeded : False

Note: If for some reason your systems showed "NotPresent" for the client too then you would do the same command above but using "OpenSSH.Client~~~~0.0.1.0"

You now have the ssh server installed but it is not running. The next command will start the service,

Start-Service sshd

That will start silently. You can see that it is running with Get-Service,

PS C:Windowssystem32> Get-Service sshd

Status Name DisplayName
------ ---- -----------
Running sshd OpenSSH SSH Server

You could stop it with, you guessed it, "Stop-Service sshd"

Note: the name of the ssh server application is "sshd". This is a typical naming convention from UNIX. The "d" means "daemon". Services in Linux/UNIX are called daemons. Now you understand the meaning of the BSD UNIX mascot "Beastie" which you may have seen before.

In order to avoid having to manually start sshd you can do the following to have it start on boot.

Set-Service -Name sshd -StartupType 'Automatic'

The last thing to check is the firewall setting for sshd. It by default uses the port number 22. Enabling the service automatically created the following firewall rules,

PS C:Windowssystem32> Get-NetFirewallRule -Name *ssh*


Name                  : OpenSSH-Server-In-TCP
DisplayName           : OpenSSH SSH Server (sshd)
Description           : Inbound rule for OpenSSH SSH Server (sshd)
DisplayGroup          : OpenSSH Server
Group                 : OpenSSH Server
Enabled               : True
Profile               : Any
Platform              : {}
Direction             : Inbound
Action                : Allow
EdgeTraversalPolicy   : Block
LooseSourceMapping    : False
LocalOnlyMapping      : False
Owner                 :
PrimaryStatus         : OK
Status                : The rule was parsed successfully from the store. (65536)
EnforcementStatus     : NotApplicable
PolicyStoreSource     : PersistentStore
PolicyStoreSourceType : Local

Note: If you enable sshd you are creating an "open port" for port 22. (Otherwise you wouldn't be able to connect to it.) If your system is exposed to the outside world then that might bother you. You can do things to tighten up security like disallowing passwords and requiring only "public-key" access. I'm not going to cover any of that here. If you are on a private LAN you don't have too much to worry about, but always be security conscious and use good passwords!

Now that you have the server up and running you should close the Powershell that you were running as Administrator. Start another Powershell as your normal user for the examples below.

Using ssh on Windows 10

Now the fun stuff.

The basic connection command (on any OS) for ssh looks like,

ssh user-name-on-remote-sys@ip-address-of-remote-sys

If your user name on the system you are connecting from is the same as your user name on the system you are connecting to, then you can leave out the "user-name-on-remote-sys@" part. There are a lot of options for ssh, to dig deeper look at the docs

If you are on a network with "name resolution i.e. DNS" then you can use the name for the machine rather than it's ip address.

ssh from Windows 10 to Linux

For this example I'll go through the details you see when connecting to a Linux machine. I'm using Powershell on Windows 10.

The following shows my Powershell command prompt with my user name "don". I'm connecting to one of my Linux systems on a local network. My user name is "kinghorn" on that machine.

PS C:Usersdon> ssh kinghorn@192.168.3.70

When you first connect to a machine that you haven't accessed before you will see something like,

The authenticity of host '192.168.3.70 (192.168.3.70)' can't be established.
ECDSA key fingerprint is SHA256:(a bunch of stuff...).
Are you sure you want to continue connecting (yes/no)? yes

Saying "yes" adds a key entry to your ".sshknown_hosts" file. The next time you connect ssh will check that key and will either silently connect or give you a scary message if the key doesn't match. [A key mismatch can happen if you reinstall the remote system and it still has the same ip address. It will have a new ssh key. To fix that you will need to remove the old key from the "known-hosts" file.]

After your first connection with ssh look in your user directory and you should see a new directory named .ssh There is a lot of configuration options that can be set in various files in that directory but you usually don't need to do anything in there unless you start doing "public key exchange" for connecting to systems securely without passwords.

ssh directory

Here's an example Powershell session "ssh-ing" into a Linux system,

PS C:Usersdon> ssh kinghorn@192.168.3.90
The authenticity of host '192.168.3.90 (192.168.3.90)' can't be established.
ECDSA key fingerprint is SHA256:(a bunch of stuff...).
Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added '192.168.3.90' (ECDSA) to the list of known hosts.

kinghorn@192.168.3.90's password:
Welcome to Ubuntu 19.04 (GNU/Linux 5.0.0-15-generic x86_64)

...
then a long default login message from Ubuntu...
...

Last login: Tue May 28 09:27:03 2019 from 192.168.3.105

kinghorn@U19:~$ ls
anaconda3  bin  Desktop  Documents  Downloads  Music  Pictures  projects  Public  snap  Templates  tmp  Videos

From there I am securely connected to my Linux system with a command prompt ready for what ever I need to do.

ssh From Linux to Windows 10

Since we have the OpenSSH server running on the Windows 10 system we can ssh into that now too.

You might not think you wouldn't do that much but I actually do that fairly often. Right now I have 3 Windows 10 machines running and 3 Linux machines including one at a remote location that I am doing testing on. I can connect from any of these machines to any other with ssh. I am writing this post on a Linux machine and I just used the "scp" command (part of the ssh bundle) to copy a directory of screen shots from a Windows 10 machine here. And, I didn't even have to go near the Windows machine to do that.

Here is a session where I log into my Windows 10 laptop from an Ubuntu 19.04 machine.

When you connect to the ssh server on Windows 10 you are given a CMD shell (the old DOS like shell). From there I started Powershell and then started bash on Ubuntu 18.04 using WSL (Windows Subsystem for Linux). The interoperability between Windows 10 and Linux is getting very good!

kinghorn@U19:~$ ssh don@192.168.3.105
don@192.168.3.105's password: 

Microsoft Windows [Version 10.0.17763.529]
(c) 2018 Microsoft Corporation. All rights reserved.

don@DLAP C:Usersdon>powershell
Windows PowerShell
Copyright (C) Microsoft Corporation. All rights reserved.

PS C:Usersdon> bash
kinghorn@Dlap:/mnt/c/Users/don$  

Note: On that laptop I am using a Microsoft account so my password was for that account.

ssh from Windows 10 to Windows 10

This works the same as any other combination of OS's. From Windows 10 you can use Powershell or CMD to run ssh. [If you have WSL installed you can use that too.] By default when you ssh to a Windows 10 machine you will login to CMD, it doesn't matter what you use to connect from.

In this example I am connecting to the the Windows 10 machine that I used for the ssh setup testing. I'm connecting from the laptop I connected to in the example above. (I'm not anywhere near that laptop.)

don@DLAP C:Usersdon>ssh don@192.168.3.111

Microsoft Windows [Version 10.0.18362.116]
(c) 2019 Microsoft Corporation. All rights reserved.

don@DESKTOP-Q36DH26 C:Usersdon>

No big surprises here, it just works. It's basically the same connecting from any OS to another. The main difference is the "shell" command that you connect from and the shell you connect to.

scp Secure Copy

One of the most useful tools in the ssh suite is "scp". This gives you a simple to use encrypted remote copy capability. It uses ssh as a "tunnel" for the copy.

The basic usage of scp for a single file copy to a remote machine is

scp file1  username@machine-ip:path-to-directory

The important thing to note here is that after "machine-ip" ( : ) is the top level directory of the machine. The path-to-the directory should use the syntax of the machine you are connecting to i.e. for Linux the directory separator is (/) for Windows it's (). Also, on Linux (~) is shorthand for the login users home directory. Connecting to windows you have to give the full path. And, on Linux when accessing Windows you have to quote (") the username and path because of the backslashes.

To copy a file from a remote machine to your local machine it's,

scp  username@machine-ip:path-to-file(/or)file1 path-to-directory-on-local-machine 

You can use dot (.) to indicate the current directory on the local machine.

To copy directories use, -r (recursive)

scp -r director-on-local-machine username@machine-ip:path-to-directory

or

scp -r  username@machine-ip:path-to-remote-directory  path-to-directory

That may be confusing so here are some real examples.

Copy a directory named "ssh-images" from Windows 10 to Linux starting on the Windows machine with Powershell.

PS C:Usersdon> scp -r ssh-images kinghorn@192.168.3.90:~/tmp/

That put the ssh-images in "tmp" in my Linux home directory.

Now the same thing but starting from the Linux machine (using dot (.) for the current directory)

scp -r "don@192.168.3.111:Usersdonssh-images" .

Note the full path and quotes.

Conclusions

I hope this guide is helpful to both Windows and Linux users who want better interoperability. I also hope this is encouraging for user who may have never used ssh. I think it's great how easy it is getting to be to work productively in a mixes OS environment. Microsoft, much to their credit, keeps making Windows more useful for mixed environments. I'm looking forward to the terminal application they will have out soon and to the release of WSL2. With those 2 application in place windows will be nicely interoperable and will be much improved as a solid developers system.

One of the main reasons I wrote this post is because I want to refer to it in a post about using Python Jupyter notebooks remotely between machines with different OS's. Expect to see that post soon. I may also write about using WSL and an Xwindow server on Windows 10.

Happy computing! --dbk @dbkinghorn

Looking for a
Scientific Compute System?

Do you have a project that needs serious compute power, and you don't know where to turn? Puget Systems offers a range of HPC workstations and servers tailored for both CPU and GPU workloads.

Why Choose Puget Systems?


Built specifically for you

Rather than getting a generic workstation, our systems are designed around your unique workflow and are optimized for the work you do every day.

Fast Build Times

By keeping inventory of our most popular parts, and maintaining a short supply line to parts we need, we are able to offer an industry leading ship time of 7-10 business days on nearly all our system orders.

We're Here, Give Us a Call!

We make sure our representatives are as accessible as possible, by phone and email. At Puget Systems, you can actually talk to a real person!

Lifetime Support/Labor Warranty

Even when your parts warranty expires, we continue to answer your questions and even fix your computer with no labor costs.

Click here for even more reasons!

Puget Systems Hardware Partners

Tags: Windows 10, ssh, Linux, ssh server