Install Win32 OpenSSH (test release)

  1. Download the latest build. To get links to latest downloads - see here. A Chocolatey package is also available if you prefer. For compat issues on Nano see issues on Nano. See here for PS script to automate installation and configuration.
  2. Extract contents to C:\Program Files\OpenSSH (!!! error: fork: No such file or directory !!!)
  3. Start Powershell as Administrator
    • cd 'C:\Program Files\OpenSSH'
  4. Install sshd and ssh-agent services.
    • powershell -executionpolicy bypass -file install-sshd.ps1
  5. Setup SSH host keys (this will generate all the 'host' keys that sshd expects when its starts)
    • .\ssh-keygen.exe -A
  6. Secure SSH host keys (optional)
    • Start-Service ssh-agent
    • download psexec from here
    • launch cmd.exe as SYSTEM - psexec.exe -i -s cmd.exe
    • register host keys in above cmd.exe
    • ssh-add ssh_host_dsa_key
    • ssh-add ssh_host_rsa_key
    • ssh-add ssh_host_ecdsa_key
    • ssh-add ssh_host_ed25519_key
    • host private keys are now securely stored by ssh-agent, private key files can be removed at this point.
  7. Open Firewall
    • New-NetFirewallRule -Protocol TCP -LocalPort 22 -Direction Inbound -Action Allow -DisplayName SSH
  8. If you need key-based authentication, run the following to setup the key-auth package

    • powershell -executionpolicy bypass -file install-sshlsa.ps1 (for Win7 and Server 2008, see here)
    • Restart-Computer
  9. Set sshd in auto-start mode and open up firewall (optional)
    • Set-Service sshd -StartupType Automatic
    • Set-Service ssh-agent -StartupType Automatic
    • Make the service start on boot (PowerShell): Set-Service sshd -StartupType Automatic

New-NetFirewallRule is for servers only. If you're on a workstation try:

netsh advfirewall firewall add rule name='SSH Port' dir=in action=allow protocol=TCP localport=22

Uninstall Win32 OpenSSH

  • Start Powershell as Administrator
  • Stop the service
    • Stop-Service sshd
  • Uninstall
    • powershell.exe -executionpolicy bypass -file uninstall-sshd.ps1
    • powershell.exe -executionpolicy bypass -file uninstall-sshlsa.ps1 (for Win7 and Server 2008, see here)
    • Reboot if you need to install a newer version of Win32-OpenSSH