# Install SSH server on Windows 11 ## Install from GUI `Settings` > `Apps & features` > `Optional features` > `OpenSSH` (in French: `Menu démarrer` > `Fonctionnalités facultatives` > `OpenSSH` ## Install from CLI Launch PowerShell in admin mode: ```console $ Get-WindowsCapability -Online | Where-Object Name -like ‘OpenSSH.Server*’ | Add-WindowsCapability –Online # installs OpenSSH $ Get-WindowsCapability -Online | ? Name -like 'OpenSSH.Ser*' # checks that it is correctly installed $ Set-Service -Name sshd -StartupType 'Automatic' $ Start-Service sshd # these load SSH $ netstat -na # should print somewhere port 22 $ Get-NetFirewallRule -Name *OpenSSH-Server* |select Name, DisplayName, Description, Enabled # make sure firewall allow it ``` # Configure SSH ```console $ start-process notepad C:\Programdata\ssh\sshd_config ``` # Key components By default, key OpenSSH components are located in these folders: - OpenSSH Server executables: `C:\Windows\System32\OpenSSH\`(sshd.exe, ssh.exe, ssh-keygen.exe, sftp.exe, etc.) - The `sshd_config` file (created after the first service start of the service): `C:\ProgramData\ssh` - The `authorized_keys` file and keys can be stored in the user profile folder: `%USERPROFILE%\.ssh\` # Use public key Allow password connection in `sshd_config` and empty password if none has been set on the Windows machine (or Docker). From remote (don't forget to adjust `UserName` to your Windows user, and the machine IP) : ```console $ ssh-keygen # for example in ~/.ssh/windows-key $ scp -p 22 ~/.ssh/windows-key.pub **UserName**@**192.168.0.69**:C:/Users/**UserName**/Desktop/ ``` Then on the Windows machine, copy "windows-key.pub" from the desktop to `%programdata%/ssh/`. Still from the Windows machine, in a terminal: ```console $ cd C:\ProgramData\ssh $ type windows-key.pub >> administrators_authorized_keys $ restart-service sshd ``` Now, on remote, this should work: ```console $ ssh -p 22 UserName@192.168.0.69 -i ~/.ssh/windows-key ``` # Restart SSH server on Windows machine ```console $ restart-service sshd ``` # Try this with Docker Here is a `docker-compose.yml` to install Windows 11 in a Docker, because why not? ```docker-compose services: windows: image: dockurr/windows container_name: windows environment: VERSION: "win11" LANGUAGE: "French" REGION: "fr-FR" KEYBOARD: "fr-FR" DISK_SIZE: "80G" CPU_CORES: "1" RAM_SIZE: "2G" #VM_NET_DEV: "tun0" # only if VPN set up devices: - /dev/kvm cap_add: - NET_ADMIN #network_mode: 'container:vpn' # only if VPN set up ports: # comment all ports section if VPN is set up - 8006:8006 - 8007:22 - 3389:3389/tcp - 3389:3389/udp stop_grace_period: 2m volumes: - ./data:/storage - ./shared:/shared # should be available here: \\host.lan\Data ```