Scribd
Upload
56 views

Installing SFTP - SSH Server On Windows Using OpenSSH - WinSCP

The document provides instructions for installing and configuring an SFTP/SSH server on Windows using OpenSSH. It describes downloading and installing OpenSSH, configuring the SSH server, setting up public key authentication, connecting with WinSCP, and checking the server's host key.

Uploaded by

Ali SDZD
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
56 views

Installing SFTP - SSH Server On Windows Using OpenSSH - WinSCP

The document provides instructions for installing and configuring an SFTP/SSH server on Windows using OpenSSH. It describes downloading and installing OpenSSH, configuring the SSH server, setting up public key authentication, connecting with WinSCP, and checking the server's host key.

Uploaded by

Ali SDZD
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

2023-06-01 Unknown author

Installing SFTP/SSH Server on Windows using


OpenSSH :: WinSCP
Documentation » Using WinSCP » Guides » Other »

Microsoft maintains a port of OpenSSH for Windows. You can use the package to set
up an SFTP/SSH server on Windows.

Installing SFTP/SSH Server


On Windows 11 and Windows 10
On earlier versions of Windows

Configuring SSH server


Setting up SSH public key authentication
Connecting to the server
Finding Host Key
Connecting

Further reading

On Windows 11:
Go to Settings > Apps > Optional features and click on View features.
Locate “OpenSSH server” feature, select it, click Next, and then click
Install.
On Windows 10 (version 1803 and newer):
Go to Settings > Apps > Apps & features > Optional features and click on
Add a feature.
Locate “OpenSSH server” feature, expand it, and select Install.

Binaries are installed to %WINDIR%\System32\OpenSSH. Configuration file


(sshd_config) and host keys are installed to %ProgramData%\ssh (only after the
server is started for the first time).
You may still want to use the following manual installation if you want to install a
newer version of OpenSSH than the one built into Windows.

Download the latest OpenSSH for Windows binaries (package OpenSSH-


Win64.zip or OpenSSH-Win32.zip)
As the Administrator, extract the package to C:\Program Files\OpenSSH
As the Administrator, install sshd and ssh-agent services:

powershell.exe -ExecutionPolicy Bypass -File install-sshd.ps1

Allow incoming connections to SSH server in Windows Firewall:


When installed as an optional feature, the firewall rule “OpenSSH SSH
Server (sshd)” should have been created automatically. If not, proceed to
create and enable the rule as follows.
Either run the following PowerShell command as the Administrator:

New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH SSH Server'


-Enabled True -Direction Inbound -Protocol TCP -Action Allow -
LocalPort 22 -Program "C:\Windows\System32\OpenSSH\sshd.exe"

Replace C:\Windows\System32\OpenSSH\sshd.exe with the actual path to


the sshd.exe (C:\Program Files\OpenSSH\ssh.exe, had you followed the
manual installation instructions above).
or go to Windows Security > Firewall & network protection1 > Advanced
Settings > Inbound Rules and add a new rule for port 22.
Start the service and/or configure automatic start:
Go to Control Panel > System and Security > Administrative Tools and
open Services. Locate OpenSSH SSH Server service.
If you want the server to start automatically when your machine is
started: Go to Action > Properties (or just double-click the service). In the
Properties dialog, change Startup type to Automatic and confirm.
Start the OpenSSH SSH Server service by clicking the Start the service link
or Action > Start in the menu.

These instructions are partially based on the official deployment instructions.

Follow a generic guide for Setting up SSH public key authentication in *nix
OpenSSH server, with the following difference:
Create the .ssh folder (for the authorized_keys file) in your Windows account
profile folder (typically in C:\Users\username\.ssh).2
For permissions to the .ssh folder and the authorized_keys file, what matters
are Windows ACL permissions, not simple *nix permissions. Set the ACL so
that the respective Windows account is the owner of the folder and the file and
is the only account that has a write access to them. The account that runs
OpenSSH SSH Server service (typically SYSTEM or sshd) needs to have read
access to the file.
Though, with the default Win32-OpenSSH configuration there is an exception
set in sshd_config for accounts in Administrators group. For these, the server
uses a different location for the authorized keys file:
%ALLUSERSPROFILE%\ssh\administrators_authorized_keys (i.e. typically
C:\ProgramData\ssh\administrators_authorized_keys).

Before the first connection, find out the fingerprint of the server’s host key by
using ssh-keygen.exe for each file.

In Windows command-prompt (run as Administrator), use:

for %f in (%ProgramData%\ssh\ssh_host_*_key) do
@%WINDIR%\System32\OpenSSH\ssh-keygen.exe -l -f "%f"

Replace %WINDIR%\System32 with %ProgramFiles%, if appropriate.

In PowerShell (run as Administrator), use:

Get-ChildItem $env:ProgramData\ssh\ssh_host_*_key | ForEach-Object { .


$env:WINDIR\System32\OpenSSH\ssh-keygen.exe -l -f $_ }

Replace $env:WINDIR\System32 with $env:ProgramFiles, if appropriate.

You will get an output like this:

C:\Windows\System32\OpenSSH>for %f in
(%ProgramData%\ssh\ssh_host_*_key) do
@%WINDIR%\System32\OpenSSH\ssh-keygen.exe -l -f "%f"
1024 SHA256:K1kYcE7GHAqHLNPBaGVLOYBQif04VLOQN9kDbiLW/eE
martin@example (DSA)
256 SHA256:7pFXY/Ad3itb6+fLlNwU3zc6X6o/ZmV3/mfyRnE46xg
martin@example (ECDSA)
256 SHA256:KFi18tCRGsQmxMPioKvg0flaFI9aI/ebXfIDIOgIVGU martin@example
(ED25519)
2048 SHA256:z6YYzqGiAb1FN55jOf/f4fqR1IJvpXlKxaZXRtP2mX8 martin@example
(RSA)

Start WinSCP. Login dialog will appear. On the dialog:

Make sure New site node is selected.


On New site node, make sure the SFTP protocol is selected.
Enter your machine/server IP address (or a hostname) into the Host name box.
Enter your Windows account name to the User name box. It might have to be
entered in the format user@domain if running on a domain.
For a public key authentication:
Press the Advanced button to open Advanced site settings dialog and go to
SSH > Authentication page.
In Private key file box select your private key file.
Submit Advanced site settings dialog with the OK button.

For a password authentication:


Enter your Windows account password to the Password box.
If your Windows account does not have a password, you cannot
authenticate with the password authentication (i.e. with an empty
password), you need to use the public key authentication.

Save your site settings using the Save button.


Login using Login button.
Verify the host key by comparing fingerprints with those collected before (see
above).

If you cannot authenticate to the server and use Windows 10 Developer mode, make
sure that your OpenSSH server does not conflict with an internal SSH server used by
the Developer mode. You may need to turn off the SSH Server Broker and SSH
Server Proxy Windows services. Or run your OpenSSH server on a different port
than 22.

Guide to Installing Secure FTP Server on Windows using IIS;


Guide to uploading files to SFTP server;
Guide to automating operations (including upload).
Control Panel > Windows Defender Firewall (or Windows Firewall) on older
versions of Windows.Back
Windows File Explorer does not allow you to create a folder starting with a dot
directly. As a workaround, use .ssh., the trailing dot will allow you to bypass
the restriction, but will not be included in the name.Back

Viewed using Just Read

You might also like