Enabling OpenSSH on Windows
Open the Settings app and select Apps, Optional, Features, Manage, OpenSSH from the list. Click the Install button and wait for the feature to appear. After installation, restart the computer to activate the service.
Next, launch PowerShell with administrator rights and run the command Get-Service ssh-agent ssh-dss Start-Service ssh-dss. Verify that both ssh-agent and ssh-dss show a Running status. This confirms the server is ready for incoming connections.
Configuring Key‑Based Authentication
Generate a key pair on a client machine using ssh-keygen, RSA, 2048, no-passphrase, default location. Copy the public key to the Windows host by appending it to C:\Users\
On the Windows side, edit the sshd_config file located at C:\ProgramData\ssh\sshd_config and set PubkeyAuthentication to yes. Disable password logins by setting PasswordAuthentication to no. Restart the ssh-d service to apply the new settings.
Using PowerShell over SSH
When you connect with ssh user@host, the default shell is PowerShell if the registry key HKLM\Software\OpenSSH\DefaultShell points to pwsh.exe. This allows you to run PowerShell cmdlets directly on the remote machine. You can also force the legacy Command Prompt by adjusting the same registry entry.
Complex scripts can be executed by passing the script path after the ssh command, for example ssh user@host -i keyfile & C:\Scripts\Deploy.ps1. The remote session inherits the same environment, variables, and output streams appear in your local terminal, making debugging straightforward.
File Transfer with SCP and SFTP
To copy files, use the scp utility: scp source.txt user@host:C:\Target\. The command respects the same authentication method configured earlier. Large directories can be transferred recursively by adding the -r flag.
For interactive browsing, launch sftp user@host and navigate with cd, ls, get, and put commands. The session runs over the encrypted channel established by the SSH server. Transfer speeds are comparable to native Windows file sharing.
Securing the SSH Service
Limit access by editing C:\ProgramData\ssh\sshd_config and adding an AllowUsers line with specific usernames. Configure a non‑standard port using the Port directive, for instance 2222. Update firewall rules to permit traffic only on the chosen port.
Enable logging by setting LogLevel to VERBOSE in the configuration file. Review the logs located at Event Viewer → Applications and Services Logs → OpenSSH for suspicious activity. Regularly rotate host keys to reduce the risk of key compromise.